Hijacked browser

Umm first off im new to this forum
then i explain my problem right?
well im sry if im not doin this correctly but
heres da problem:
a week or 2 ago i think
my browser got hijacked
i couldnt access my internet options through internet browser like how i normally do
then i cant change my homepage by the internet option menu through rightclick icon on destop
so i searched online and found this site and it told me to go run regedit
then find all this stuff and change the homepage
i was glad it worked
till i reboot and the problem started again
but this time instead of goin to searchexe.com or allaboutsearching.com
it linked to google but it went through one of their links 1st
so i went to help on their websites
and i dl the program to remove the toolbar i got from this popup
but the tool bar is still there
and wen i click view in my browser and toolbars the toolbar name is boltlitehole

i have no clue or any idea on how to fix this nor do i have money to spend on spyware removers and i ran ad-aware and spybot search and destroy too

so please help me
i would greatly appreciate it
thnks for taking your time to read this and thankyou more if you have a way to solve this problem

 

Hi rebirth

Welcome to Wilders.

Please follow the instructions at this link,

https://www.wilderssecurity.com/showthread.php?t=15913

then post yout HijackThis log in this thread and one of the experts will give u recommendations on any Malware found.

EDIT- since u already ran Ad-aware and Spybot just follow step#2.

snowbound

 

thnks snowball for telling me how to post a log and how to ask for help

Logfile of HijackThis v1.97.7
Scan saved at 6:07:35 PM, on 5/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\IDOLOW~1\Sect roam.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Edmond\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchexe.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://allaboutsearching.com/passthrough/index.html?http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: boltlitehole - {DEA0183B-4117-562F-7FDD-235B05C15479} - C:\PROGRA~1\STOREG~1\free memo.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Each Wave] C:\PROGRA~1\IDOLOW~1\Sect roam.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/238a67476e8635a36c02/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


i hope sum1 can help me THANK YOU

 

Good job rebirth

Just be patient as most of the HijackThis experts live in different timezones so u may want to check back periodically for new posts and recommendations.


snowbound

 

thnks foh da tip
i can feel it that sum1 is about to help me

 

Hi rebirth,

Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
These easily get lost in a Temp folder.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchexe.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://allaboutsearching.com/passthrough/index.html?http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: boltlitehole - {DEA0183B-4117-562F-7FDD-235B05C15479} - C:\PROGRA~1\STOREG~1\free memo.dll

O4 - HKLM\..\Run: [Each Wave] C:\PROGRA~1\IDOLOW~1\Sect roam.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/238a67476e8635a36c02/netzip/RdxIE601.cab

Then reboot into safe mode and delete:
C:\PROGRA~1\STOREG~1 <= entire folder that holds free memo.dll
C:\PROGRA~1\IDOLOW~1 <= entire folder that holds Sect roam.exe

Download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of inetadpt.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Regards,

Pieter

 

THANK YOU thnk foh helping me i gonna try it right after school cuz im in school right now thnks man

 

My pleasure. Keep us posted.

Regards,

Pieter

 

well to start things off on keeping you guys posted
i have encounter another problem

this time i have no idea what it is but i cant use anythin that connects to the internet in order to fully use the program. also im connection through lan
the cables are secured and not loose also i plugged them in correctly.
Also i fohgot to say im the host for lan and my sister is the branch im typing this on my sister computer. the internet works for my sister but not foh me.
wen i view in network connections its fine it is regular and it says connected but wen i clicked repair it say something about my ip i cant recall because me and sister have rooms in the other ends of the house. so this is the situtation do you guys think there is a way to solve this problem or do u need more info to help me? ty to all hoo read this and im not sure if i should make a new topic concerning this.

 

Hi rebirth,

Download, unzip and run: http://members.shaw.ca/techcd/WinsockXPFix.exe

You may have to reinstall the program you use to share the internet after using it.

Regards,

Pieter

 

thnks man im gonna try right now after i save to floppy

thnks it worked im not sure if i can double post or not so i edit this message

 

Hey that's great.

Please read https://www.wilderssecurity.com/showthread.php?t=27971
for some tips on protection.

Regards,

Pieter