teelions920
asked on
My browser is hajacked after a google search
My browser is hajacked after a google search - I click the google link and am taking to another site.
hijackthis.log
hijackthis.log
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
OR, you can look for any of these FAKE files(Search engine hijackers) and delete them if present.(delete only files located in the system32 folder)
C:\Windows\system32\wdmaud
C:\Windows\system32\sysaud
c:\windows\system32\ntnet.
If the above files are not found in the system, also check the registry key below and check the values of "aux, aux1, aux2, aux3, aux4" to make sure there are no values pointing to random filenames(similar to the ones below)
Start > Run > type in
regedit
Enter and navigate to this subkey:below (look for the aux values and let us know if it's similar to the ones below)
[HKEY_LOCAL_MACHINE\SOFTWA
"aux"="C:\\WINDOWS\\system
"aux"="C:\WINDOWS\system32
"aux2"= "C:\WINDOWS\system32\..\kv
"aux4"="c:\docume~1\%usern
ASKER
hotelgroup.com is my company. either the VPN or the online CMS. Don't know which that refers to.
Don't have any of these:
C:\Windows\system32\wdmaud .sys
C:\Windows\system32\sysaud io.sys
c:\windows\system32\ntnet. drv
or these:
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows NT\CurrentVersion\Drivers3 2]
"aux"="C:\\WINDOWS\\system 32\\..\\jj mviih.nkt"
"aux"="C:\WINDOWS\system32 \..\sjkemx .iqd"
"aux2"= "C:\WINDOWS\system32\..\kv lhurx.niq"
"aux4"="c:\docume~1\%usern ame%\LOCAL S~1\Temp\. .\herlppj. sna"
The Combo + Malwarebytes may have done it. Would love to blow up that Ruski Starbucks.
hijackthis.log
Combo-log.txt
mbam-log-2009-03-16--09-28-25-.txt
Don't have any of these:
C:\Windows\system32\wdmaud
C:\Windows\system32\sysaud
c:\windows\system32\ntnet.
or these:
[HKEY_LOCAL_MACHINE\SOFTWA
"aux"="C:\\WINDOWS\\system
"aux"="C:\WINDOWS\system32
"aux2"= "C:\WINDOWS\system32\..\kv
"aux4"="c:\docume~1\%usern
The Combo + Malwarebytes may have done it. Would love to blow up that Ruski Starbucks.
hijackthis.log
Combo-log.txt
mbam-log-2009-03-16--09-28-25-.txt
All this looks to me like the work is done.
Just one side note: although I don't really expect it to find anything else, you seem to have run only a Quick Scan with MBAM. Whenever you have the time, please update it, boot into Safe Mode, and run a complete scan - be it just for the good feeling ;)
Just one side note: although I don't really expect it to find anything else, you seem to have run only a Quick Scan with MBAM. Whenever you have the time, please update it, boot into Safe Mode, and run a complete scan - be it just for the good feeling ;)
O4 - HKCU\..\Run: [RegCom32] C:\DOCUME~1\ADMINI~1\LOCAL
O4 - HKUS\S-1-5-21-602162358-11
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CCS\Services\T
After that run MalwareBytes and or Combofix as already suggested and show us the log.