browser hijak many spyware like,about blank,quick web search ,http://c.azjmp.com,64.1

**dushyant** · 17-11-2005

[COLOR=Navy][COLOR=Blue][SIZE=2][FONT=Arial Black]

my browser hijak many spyware like,
about blank,quick web search and then lot more

others,
http://www.super-coupon.com/normal/yyy102.html
thus WITH DOMAIN NAME ( .....-..... ) APPEAR ALWAYS
EXAMPLE : www.super-coupon.com
www.ez-cheap.com
super-stock.com
http://c.azjmp.com
64.190.130. 141
paypop.com , etc
how to avoid all above site hijaking problem

some of my log of mine system is as below

1........ Started Scanning
Internet Cookies
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Avenue Media'
Found '' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found '' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper'
Found '403' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found '404' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found '410' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found '500' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'CLS' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'ID' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'InstallT' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'RID' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'ServerVisited' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'TAC' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'TargetDir' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'UpdateInterval' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'Version' in 'SOFTWARE\Avenue Media\Internet Optimizer'
Found 'ModuleFileName' in 'SOFTWARE\Avenue
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found 'DisplayName' Found '' in 'SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareStormer.exe'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\Spyware Stormer'
Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found 'SearchAssistant' in 'Software\Microsoft\Internet Explorer\Search'
Internet URL Shortcuts
Found 'Ab scissor.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Broadband comparison.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Credit counseling.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Credit report.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Crm software.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Debt credit card.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Escorts.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Fha.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Health insurance.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Help desk software.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Insurance home.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Loan for debt consolidation.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Loan for people with bad credit.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Marketing email.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Mortgage insurance.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Nevada corporations.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Online Betting Site.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Online gambling casino.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Online instant loan.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Order phentermine.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Payroll advance.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Personal loans online.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Personal loans with bad credit.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Prescription Drugs Rx Online.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Refinancing my mortgage.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Tahoe vacation rental.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Unsecured bad credit loans.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Videos.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'What is hydrocodone.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Only sex website.url' in 'C:\Documents and Settings\dushyant\Favorites\'
Files and Directories
Found '' in 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer'
Found '' in 'C:\Program Files\Spyware Stormer'
Found 'SpywareStormer.exe' in 'C:\Program Files\Spyware Stormer'
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer' in shortcut areas.
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer' in startup areas.
Cleaning 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer'
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk'
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Website.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Website.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Website.lnk'
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Uninstall.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Uninstall.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Uninstall.lnk'
Checking for 'C:\Program Files\Spyware Stormer' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer'
Checking for 'C:\Program Files\Spyware Stormer\DataBase.ref' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\DataBase.ref' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\DataBase.ref'
Checking for 'C:\Program Files\Spyware Stormer\SpywareStormer.exe' in shortcut areas.
Found 'Spyware Stormer.lnk' in 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\'
Found 'Spyware Stormer.lnk' in 'C:\Documents and Settings\dushyant\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Spyware Stormer\SpywareStormer.exe' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\SpywareStormer.exe'
Checking for 'C:\Program Files\Spyware Stormer\Spyware Stormer.url' in shortcut areas.
Found 'Website.lnk' in 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\'
[SCANMODS] The file 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Website.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Spyware Stormer\Spyware Stormer.url' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Spyware Stormer.url'
Checking for 'C:\Program Files\Spyware Stormer\uninst.exe' in shortcut areas.
Found 'Uninstall.lnk' in 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\'
[SCANMODS] The file 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Uninstall.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Spyware Stormer\uninst.exe' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\uninst.exe'
Checking for 'C:\Program Files\Spyware Stormer\Settings\ListItems.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\ListItems.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\ListItems.stg'
Checking for 'C:\Program Files\Spyware Stormer\Settings\RegInfo.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\RegInfo.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\RegInfo.stg'
Checking for 'C:\Program Files\Spyware Stormer\Settings\Settings.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\Settings.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\Settings.stg'
Checking for 'C:\Program Files\Spyware Stormer\Settings\ScanInfo.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\ScanInfo.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\ScanInfo.stg'
Checking for 'C:\Program Files\Spyware Stormer\Settings\IgnoreList.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\IgnoreList.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\IgnoreList.stg'
Checking for 'C:\Program Files\Spyware Stormer\Settings\SelectedFolders.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\SelectedFolders.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\SelectedFolders.stg'
Checking for 'C:\Program Files\Spyware Stormer\Settings\CustomScan.stg' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\Settings\CustomScan.stg' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\Settings\CustomScan.stg'
Checking for 'C:\Program Files\Spyware Stormer\SpyLog.txt' in shortcut areas.
Checking for 'C:\Program Files\Spyware Stormer\SpyLog.txt' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\SpyLog.txt'
Checking for 'C:\Program Files\Spyware Stormer\SpywareStormer.exe' in shortcut areas.
Found 'Spyware Stormer.lnk' in 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\'
Found 'Spyware Stormer.lnk' in 'C:\Documents and Settings\dushyant\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\dushyant\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\dushyant\Desktop\Spyware Stormer.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Spyware Stormer\SpywareStormer.exe' in startup areas.
Cleaning 'C:\Program Files\Spyware Stormer\SpywareStormer.exe'
[SCANMODS] The file 'C:\Program Files\Spyware Stormer\SpywareStormer.exe' was not found. Most likely already cleaned by another scanner module.
Finished Cleaning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found 'DisplayName' Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found 'SearchAssistant' in 'Software\Microsoft\Internet Explorer\Search'
Found '' in 'CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Found '' in 'SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Internet URL Shortcuts
Found 'Ab scissor.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Broadband comparison.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Credit counseling.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Credit report.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Crm software.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Debt credit card.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Escorts.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Fha.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Health insurance.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Help desk software.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Insurance home.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Loan for debt consolidation.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Loan for people with bad credit.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Marketing email.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Mortgage insurance.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Nevada corporations.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Online Betting Site.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Online gambling casino.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Online instant loan.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Order phentermine.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Payroll advance.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Personal loans online.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Personal loans with bad credit.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Prescription Drugs Rx Online.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Refinancing my mortgage.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Tahoe vacation rental.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Unsecured bad credit loans.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Videos.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'What is hydrocodone.url' in 'C:\Documents and Settings\dushyant\Favorites\Sites about\'
Found 'Only sex website.url' in 'C:\Documents and Settings\dushyant\Favorites\'
Files and Directories
Started Backup
Finished Backup
Started Cleaning
Unable to delete registry value 'Software\Microsoft\Internet Explorer\Search\SearchAssistant'. Error=2.
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\HSA'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SE'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SE'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SW'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\SW'
Found '' in 'CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Found '' in 'SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Internet URL Shortcuts
Files and Directories
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

2.....................
Logfile of HijackThis v1.99.1
Scan saved at 10:24:59 AM, on 11/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\g0040adqed0e0.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet COLOR]

**Neal** · 17-11-2005

Welcome to DAL,

Rescan with HJT and see if you can get the full log posted here please, looks like some is missing.

browser hijak many spyware like,about blank,quick web search ,http://c.azjmp.com,64.1

browser hijak many spyware like,about blank,quick web search ,http://c.azjmp.com,64.1

Similar Threads

Web Browser Search Engine Redirect

Search browser searches redirected

Twikibar search page has taken over my web browser

Frustrating http:// problem. Possible browser hijack? Please help!

Search Assistant & Browser hijack