• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
stfkly

Home page keeps getting changed

6 posts in this topic

My home page keeps being changed to www.searchingall.com The pages that I go to are being saved as Favorites automatically and then saved as Icons on my desktop. I have tried Ad Aware, Norton AntiVirus, Trend Micro, SpyBot S&D, deleting temp files, deleting cookies. Just when I think I have it all cleaned up I Restart the computer and go to a website like Yahoo and it starts all over again! Attached: Ad Aware Log. Please let me know what else you might need. I run Windows XP.

 

 

Ad_Aware_Log_.txt

Share this post


Link to post
Share on other sites

stfkly,

 

Please edit your post to include the Ad-Aware scan log in full, rather than as an attachment (that format makes the log very hard to read :) ). Would suggest a new scan, then at the end, delete all mru's, tracking cookies, and anything else that is flagged. Then cut and paste the final log-file here, by clicking on the "Show Logfile" button. (Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

 

Also, it would be of help to the log-reading experts, if you were to post a diagnostic log from this free tool called HijackThis.

 

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

 

There have been a large number of requests for help from the HJT log experts, so please be patient - they will get to you as soon as they can :)

 

Regards, Spike

Share this post


Link to post
Share on other sites
stfkly,

 

Please edit your post to include the Ad-Aware scan log in full, rather than as an attachment (that format makes the log very hard to read :) ). Would suggest a new scan, then at the end, delete all mru's, tracking cookies, and anything else that is flagged. Then cut and paste the final log-file here, by clicking on the "Show Logfile" button. (Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

 

Also, it would be of help to the log-reading experts, if you were to post a diagnostic log from this free tool called HijackThis.

 

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

 

There have been a large number of requests for help from the HJT log experts, so please be patient - they will get to you as soon as they can :)

 

Regards, Spike

Share this post


Link to post
Share on other sites

Thanks for the help...The following files in the srchasst file of the WINDOWS file keep reappearing after deleted:

msgr3en.dll

nls302en (dictionary file)

srchctis.dll

srchui.dll

I found these because my IE started crashing and the srchui.dll was listed as the problem. Below are the AA log and hijack this will come in a second posting.

 

Ad-Aware SE Build 1.05

Logfile Created on:Tuesday, August 15, 2006 8:51:48 AM

Using definitions file:SE1R118 07.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Pop(TAC index:3):18 total references

MRU List(TAC index:0):12 total references

Possible Browser Hijack attempt(TAC index:3):4 total references

Tracking Cookie(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

8-15-2006 8:51:48 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Stephanie\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Stephanie\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\nvidia corporation\global\nview\windowmanagement

Description : nvidia nview cached application window positions

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 384

ThreadCreationTime : 8-15-2006 12:46:56 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 636

ThreadCreationTime : 8-15-2006 12:46:58 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 660

ThreadCreationTime : 8-15-2006 12:46:59 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 704

ThreadCreationTime : 8-15-2006 12:46:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 716

ThreadCreationTime : 8-15-2006 12:46:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 868

ThreadCreationTime : 8-15-2006 12:46:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 944

ThreadCreationTime : 8-15-2006 12:47:00 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1040

ThreadCreationTime : 8-15-2006 12:47:00 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1104

ThreadCreationTime : 8-15-2006 12:47:00 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1312

ThreadCreationTime : 8-15-2006 12:47:01 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1788

ThreadCreationTime : 8-15-2006 12:47:02 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:12 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 1812

ThreadCreationTime : 8-15-2006 12:47:03 PM

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:13 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1948

ThreadCreationTime : 8-15-2006 12:47:03 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:14 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 176

ThreadCreationTime : 8-15-2006 12:47:03 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 488

ThreadCreationTime : 8-15-2006 12:47:09 PM

BasePriority : Normal

FileVersion : 3.0.0.166

ProductVersion : 3.0.0.166

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:16 [ntmulti.exe]

FilePath : c:\notes\

ProcessID : 544

ThreadCreationTime : 8-15-2006 12:47:09 PM

BasePriority : Normal

FileVersion : 6.0.40.4008

ProductVersion : 6.0.40.4008

ProductName : IBM Lotus Notes/Domino

CompanyName : IBM Corp

FileDescription : IBM Lotus Notes/Domino

InternalName : L-GHUS-5HVN64, L-GHUS-5HVN64, L-GHUS-5HVN64, L-GHUS-5HVNZ6

LegalCopyright : © copyright IBM Corp. 1987, 2004 All Rights Reserved.

LegalTrademarks : Licensed Materials - Property of IBM US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule contract with IBM Corp.

 

#:17 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 560

ThreadCreationTime : 8-15-2006 12:47:09 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:18 [nvsvc32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 580

ThreadCreationTime : 8-15-2006 12:47:09 PM

BasePriority : Normal

FileVersion : 6.14.10.5316

ProductVersion : 6.14.10.5316

ProductName : NVIDIA Driver Helper Service, Version 53.16

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 53.16

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

 

#:19 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1092

ThreadCreationTime : 8-15-2006 12:47:11 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:20 [savscan.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 1848

ThreadCreationTime : 8-15-2006 12:47:15 PM

BasePriority : Normal

FileVersion : 9.4.2.1

ProductVersion : 9.4

ProductName : AutoProtect

CompanyName : Symantec Corporation

FileDescription : AutoProtect

InternalName : SAVSCAN

LegalCopyright : Copyright © 2005 Symantec Corporation

OriginalFilename : SAVSCAN.EXE

 

#:21 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1888

ThreadCreationTime : 8-15-2006 12:47:20 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:22 [alcxmntr.exe]

FilePath : C:\WINDOWS\

ProcessID : 312

ThreadCreationTime : 8-15-2006 12:47:21 PM

BasePriority : Normal

FileVersion : 1.5

ProductVersion : 1.5

ProductName : Realtek Audio - Event Monitor

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek Audio - Event Monitor

InternalName : Alcxmntr

LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.

OriginalFilename : Alcxmntr.exe

 

#:23 [agrsmmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 720

ThreadCreationTime : 8-15-2006 12:47:22 PM

BasePriority : Normal

FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35

ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35

ProductName : Agere SoftModem Messaging Applet

CompanyName : Agere Systems

FileDescription : SoftModem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Agere Systems 1998-2000

OriginalFilename : smdmstat.exe

 

#:24 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 840

ThreadCreationTime : 8-15-2006 12:47:22 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:25 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 1692

ThreadCreationTime : 8-15-2006 12:47:22 PM

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:26 [skype.exe]

FilePath : C:\Program Files\Skype\Phone\

ProcessID : 1748

ThreadCreationTime : 8-15-2006 12:47:22 PM

BasePriority : Normal

 

 

#:27 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1916

ThreadCreationTime : 8-15-2006 12:47:23 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:28 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2692

ThreadCreationTime : 8-15-2006 12:47:27 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:29 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1384

ThreadCreationTime : 8-15-2006 12:47:58 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:30 [isuspm.exe]

FilePath : c:\program files\common files\installshield\updateservice\

ProcessID : 2388

ThreadCreationTime : 8-15-2006 12:48:22 PM

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Update Manager

InternalName : ProgramManager

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : ISUSPM.exe

 

#:31 [agent.exe]

FilePath : C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\

ProcessID : 2488

ThreadCreationTime : 8-15-2006 12:48:35 PM

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Agent

InternalName : Agent

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : agent.exe

 

#:32 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\

ProcessID : 3160

ThreadCreationTime : 8-15-2006 12:51:31 PM

BasePriority : Normal

FileVersion : 6.2.0.207

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:33 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 3184

ThreadCreationTime : 8-15-2006 12:51:34 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 12

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 7

Objects found so far: 19

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchingall.com

 

Possible Browser Hijack attempt Object Recognized!

Type : RegData

Data : "http://searchingall.com"

Category : Possible Browser Hijack attempt

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "http://searchingall.com"

Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\MainStart Pagesearchingall.com

 

Possible Browser Hijack attempt Object Recognized!

Type : RegData

Data : "http://searchingall.com"

Category : Possible Browser Hijack attempt

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "http://searchingall.com"

Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\MainSearch Barsearchingall.com

 

Possible Browser Hijack attempt Object Recognized!

Type : RegData

Data : "http://searchingall.com"

Category : Possible Browser Hijack attempt

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "http://searchingall.com"

Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\SearchURLsearchingall.com

 

Possible Browser Hijack attempt Object Recognized!

Type : RegData

Data : "http://www.searchingall.com/search/ssearch.php?q=%s"

Category : Possible Browser Hijack attempt

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL

Value :

Data : "http://www.searchingall.com/search/ssearch.php?q=%s"

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2.1

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2.1

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

Value : .Owner

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

Value : {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

 

Adware.Pop Object Recognized!

Type : File

Data : /windows/downloaded program files/popcaploader.dll

Category : Possible Browser Hijack attempt

Comment :

Object : c:\

FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

ProductName : PopCapLoader Module

CompanyName : PopCap Games

FileDescription : PopCapLoader Module

InternalName : PopCapLoader

LegalCopyright : Copyright 2003

OriginalFilename : PopCapLoader.DLL

 

 

Adware.Pop Object Recognized!

Type : RegValue

Data : C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs

Value : C:\WINDOWS\Downloaded Program Files\popcaploader.dll

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 12

Objects found so far: 32

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 8-10-2010 4:41:16 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 33

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Adware.Pop Object Recognized!

Type : File

Data : popcaploader_v6[1].cab

Category : Possible Browser Hijack attempt

Comment :

Object : C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\MJ8DMLUT\

 

 

 

Adware.Pop Object Recognized!

Type : File

Data : popcaploader.dll

Category : Possible Browser Hijack attempt

Comment :

Object : C:\WINDOWS\Downloaded Program Files\

FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

ProductName : PopCapLoader Module

CompanyName : PopCap Games

FileDescription : PopCapLoader Module

InternalName : PopCapLoader

LegalCopyright : Copyright 2003

OriginalFilename : PopCapLoader.DLL

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

105 entries scanned.

New critical objects:0

Objects found so far: 35

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

 

8:57:36 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:48.110

Objects scanned:113143

Objects identified:23

Objects ignored:0

New critical objects:23

 

 

Logfile of HijackThis v1.99.1

Scan saved at 9:09:20 AM, on 8/15/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\notes\ntmulti.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R3 - URLSearchHook: rAYOYtNkNfObj Class - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.glic.com

O15 - Trusted Zone: http://w3.gliconline.com

O16 - DPF: WebConnect DUBuild - http://63.66.47.100/WebConnectDUBuild4412.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://w3.gliconline.com/VU/cab/awswaxm.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid.com/scriptx/smsx.cab

O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline.com/Common/Scripts/GuardianDownload.CAB

O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline.com/GuardianHelp/Scri...nloadHelp_2.CAB

O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline.com/GuardianHelp/scri...lshowHelp_3.CAB

O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline.com/Common/Cabs/ctlCommonControls.CAB

O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline.com/scripts/AppLauncher2.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab

O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://sbshelpme.usa.siemens.com/supportbr.../weblaunch2.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline.com/Common/Cabs/GDL_VbRuntime.CAB

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab

O16 - DPF: {A8FEC515-2BF2-11D4-B4AF-00C04F584B78} (CDDActiveX.CDDActiveXDownLoad) - http://w3.gliconline.com/ClientDataDownloa...veXDownload.CAB

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://170.180.8.163/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emoneyadvisor.webex.com/client/v_my...ing/ieatgpc.cab

O16 - DPF: {E7DE712F-FC5D-11D4-B58B-00C04F584B78} (Pal2AXControl.Pal2DeleteExpiredFiles) - http://w3.gliconline.com/PALInforceDownloa...l2AXControl.CAB

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconline.com/policytransaction...ipts/PTHtab.CAB

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 9:09:20 AM, on 8/15/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\notes\ntmulti.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R3 - URLSearchHook: rAYOYtNkNfObj Class - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.glic.com

O15 - Trusted Zone: http://w3.gliconline.com

O16 - DPF: WebConnect DUBuild - http://63.66.47.100/WebConnectDUBuild4412.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://w3.gliconline.com/VU/cab/awswaxm.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid.com/scriptx/smsx.cab

O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline.com/Common/Scripts/GuardianDownload.CAB

O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline.com/GuardianHelp/Scri...nloadHelp_2.CAB

O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline.com/GuardianHelp/scri...lshowHelp_3.CAB

O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline.com/Common/Cabs/ctlCommonControls.CAB

O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline.com/scripts/AppLauncher2.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab

O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://sbshelpme.usa.siemens.com/supportbr.../weblaunch2.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline.com/Common/Cabs/GDL_VbRuntime.CAB

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab

O16 - DPF: {A8FEC515-2BF2-11D4-B4AF-00C04F584B78} (CDDActiveX.CDDActiveXDownLoad) - http://w3.gliconline.com/ClientDataDownloa...veXDownload.CAB

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://170.180.8.163/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emoneyadvisor.webex.com/client/v_my...ing/ieatgpc.cab

O16 - DPF: {E7DE712F-FC5D-11D4-B58B-00C04F584B78} (Pal2AXControl.Pal2DeleteExpiredFiles) - http://w3.gliconline.com/PALInforceDownloa...l2AXControl.CAB

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconline.com/policytransaction...ipts/PTHtab.CAB

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Share this post


Link to post
Share on other sites

Could you please go here:

http://www.lavasoftresearch.com/submit.php

 

Please fill out a short message (about being hijacked to searchingall.com0

AND include the URL to this topic: http://www.lavasoftsupport.com/index.php?showtopic=2685

in your message

 

Browse to and submit this file:

C:\WINDOWS\system32\drivers\dbnetlib.dll

 

Then press the button: Submit new or updated target button

 

Then come back here and follow the next steps for removal :D

Thanks, that will help everyone to get detection on that hijacker!

...........................

After you have submitted the file, please open Hijackthis and do a *system scan only*

When it finishes place a checkmark next to this entry:

 

O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll

 

Make sure that IE is closed! Then press the *fix checked* button.

 

Reboot your computer.

 

Scan again with HijackThis and post a fresh log please?

 

Also let us know if that resolves the problem?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0