Firefox hijack?

The only way we will really be able to help you is if you complete ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support and attach all of the logs for us to look at. This is nothing in your first message that is really going to help us. akamai is used by many ISPs and atdmt is normally just a cookie. Neither of these would block you from getting to your Favorites. In fact, that does not even sound like a malware problem. You may want to first just try uninstalling FireFox, rebooting, and then reinstall and make sure you have the current version Mozilla FireFox

 

You need to install and rename HijackThis as requested and attach a new log.

Also you need to attach the other three requested logs:

• CounterSpy
• BitDefender
• PandaActiveScan

 

Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
  [*]It will create a folder named HostsXpert in whatever folder you extract it to.
  [*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
  [*]Click the X to exit the program

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_10
Java(TM) SE Runtime Environment 6 Update 1

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.2.cab

After clicking Fix, exit HJT.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!
Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Nothing we did has anything to do with CounterSpy.

I assume this means you are using a paid version of CounterSpy?

You logs are clean. Are you still having problems?

 

You're welcome. I would suggest you keep a backup of your hosts file in another folder (do not keep it where the real hosts file is). Many times when PCs are being cleaned of malware the hosts file is going to be reset to default since it is a very common place for malware to insert itself. Large hosts files make it easy for malware to hide and it is rarely necessary to put anything in a hosts file.


If you are not having any other malware problems, it is time to do our final steps:

1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
2. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

In my previous fix I had you remove the below line related to akamai:

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab

Did it come back? Are you using somekind of download manager?

 

That URL appears to be used inorder to get access to dogpile. I just loaded up dogpile and observed it in the status bar too. Thus it is related to whatever you are doing at dogpile.

 

Yes but that is not due to malware. It is part of something going on when you access dogpile. For some reason it is not completing. Does it happen if you use IE to access the site?

 

I doubt it has anything to do with malware. It could be related to something you have configured in FireFox. Perhaps a plugin of some type or possibly you have configured something else on your system that is blocking cookies....etc on FireFox.

READ ALL OF THE BELOW BEFORE DOING ANYTHING:

Try uninstalling FireFox and rebooting. Then delete all the associated folders for FireFox. Like C:\Program Files\Mozilla Firefox and C:\Documents and Settings\zak\Application Data\Mozilla

Then reinstall FireFox and keep it barebones to start and see how it works. You may wish to make a backup of the above folders first to avoid loosing any plugins and settings, favorites..etc. Just in case this does not help you can just copy everything back from these backups. Also make sure you are using the new version of FireFox that just came out: Mozilla Firefox