• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
gerard99

My Browser has been hijacked

1 post in this topic

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:09:24 AM, on 01/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe

C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\program files\marimba\tuner\Tuner.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliADSIComm.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\AT&T Global Network Client\NetClient.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE

C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\PROGRA~1\MICROS~2\LIVEME~1\Addins\LMCAPI.exe

C:\program files\marimba\tuner\lib\jre\bin\java.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {C6874B6F-021B-4A7F-A2E3-EC02760A6E2A} - C:\WINDOWS\system32\advpacku.dll

O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe /p

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sametime Connect] "C:\Program Files\Lotus\Sametime Client\connect.exe"

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

O8 - Extra context menu item: &Search - ?p=ZK

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.akamai.net

O15 - Trusted Zone: http://www.bravenet.com

O15 - Trusted Zone: *.yimg.com

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quickplace/qp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {36C0B01C-8031-11D4-A527-00C04F794627} (Merant Dimensions Native Code Client for MSIE) - http://dimensions:8080/dim_applet/dmjweb90ie_jni.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130349044874

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137792270215

O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - http://sametime/sametime/javaconnect/InstallSTConnAgent.cab

O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://sametime/sametime/stmeetingroomclient/STJNILoader.cab

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cab

O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://ilbbtdp00/qcbin/Spider90.ocx

O16 - DPF: {B6C27623-E9EB-4CE7-BDB8-AFDF0D069244} (OrgPublisher Remote Admin Control) - http://www.aquire.com/codebase71/OrgPlan.cab

O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase71/OrgPubX.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = caremarkrx.net

O17 - HKLM\Software\..\Telephony: DomainName = caremarkrx.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{2A23A2E1-FEFF-4852-9D41-EB1F4C365CA2}: NameServer = 10.24.1.201,204.99.62.71

O17 - HKLM\System\CCS\Services\Tcpip\..\{849A670E-5B4B-456A-94A4-C3D43955B0F5}: NameServer = 69.78.96.14 66.174.92.14

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = caremarkrx.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = internal.pcshs.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{2A23A2E1-FEFF-4852-9D41-EB1F4C365CA2}: NameServer = 10.24.1.201,204.99.62.71

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = caremarkrx.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = caremarkrx.net,internal.pcshs.com,psd.caremark.int,cts.caremark.int,caremark.int,caremark.com,rx-r-us.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = internal.pcshs.com

O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - (no file)

O18 - Protocol: vfsp - (no CLSID) - (no file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AppnNode - IBM Corporation - C:\WINNT\System32\Drivers\appnnode.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe

O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe

O23 - Service: MarimbaEndPoint - Marimba, Inc. - C:\program files\marimba\tuner\Tuner.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

 

--

End of file - 16370 bytes

Ad_Aware_20080125_14_50_42.log

Edited by gerard99

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0