Search similar:
|
|
uniqs 897 |
|
|
|
dafficus join:2004-06-02 Overland Park, KS |
Sexdial has infected my computer I recently was infected by some spyware that I will call "SEXDIAL" because it deposited an Icon on my desktop of the same name. I tried to delete it but it keeps returning. I am a regular user of Ad-Aware 6.0 which did NOT detect nor repair this spyware. I also own Spy Sweeper by Webroot and it is also ineffective.
1) The Spyware has rendered my Internet Explorer 6.0 useless. Most of my links on my IE 6 browser toolbar no longer work. The first page may work but on the subsequent pages I get a "This page can not be displayed".
2) In addition I get a Icon called Sexdial on my desktop. When I click properties, then Target, I get: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" »www.casinopalazzo.com/index.php?source.. .
3) About every 5 minutes Internet Explorer will open a new web page (regardless of whether the browser is already open or not) and take me to a web page www.casinopalazzo.com, a web page that offers internet gambling by a company in the Antilles.
4) My browser home page is highjacked and redirected to some page I have never heard of.
5) Currently I can use my other browser "Mozilla Firefox" without incident. I have no idea what other problems will develop on my computer. I recently ran Ad-aware and have posted the Show log below.
Per the request of Calamity Jane I have also included my hijack this results.
Please help me!
Thanks very much! dafficus
My ad-aware 6.181 Show log is as follows:
Lavasoft Ad-aware Personal Build 6.181 Logfile created on :Wednesday, June 02, 2004 10:38:44 PM Created with Ad-aware Personal, free for private use. Using reference-file :01R314 02.06.2004 ______________________________________________________
Reffile status: ========================= Reference file loaded: Reference Number : 01R314 02.06.2004 Internal build : 246 File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref Total size : 1201492 Bytes Signature data size : 1181377 Bytes Reference data size : 20051 Bytes Signatures total : 26331 Target categories : 10 Target families : 491
Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:46 % Total physical memory:523264 kb Available physical memory:239580 kb Total page file size:1280120 kb Available on page file:1065772 kb Total virtual memory:2097024 kb Available virtual memory:2057412 kb OS:
Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file
Extended Ad-aware Settings ========================= Set : Unload recognized processes during scanning Set : Include basic Ad-aware settings in logfile Set : Include additional Ad-aware settings in logfile Set : Let windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Always back up reference file, before updating Set : Play sound if scan produced a result
6-2-2004 10:38:44 PM - Scan started. (Custom mode)
Listing running processes ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 6-3-2004 2:20:51 AM BasePriority : Normal
#:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:20:53 AM BasePriority : High
#:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:20:53 AM BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 9/3/2002 4:59:11 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 4:59:11 PM
#:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:20:53 AM BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 9/3/2002 4:39:51 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 4:39:51 PM
#:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:20:54 AM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 9/3/2002 5:05:32 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 5:05:32 PM
#:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:20:54 AM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 9/3/2002 5:05:32 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 5:05:32 PM
#:7 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 6-3-2004 2:20:56 AM BasePriority : Normal FileSize : 973 KB FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 5/12/2003 3:12:10 AM Last accessed : 6/3/2004 3:23:31 AM Last modified : 5/12/2003 3:12:10 AM
#:8 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:20:56 AM BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 9/3/2002 5:04:18 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 5:04:18 PM
#:9 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 6-3-2004 2:20:56 AM BasePriority : Normal FileSize : 309 KB FileVersion : 1.03.4 ProductVersion : 1.03.4 Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Event Manager Service InternalName : ccEvtMgr OriginalFilename : ccEvtMgr.exe ProductName : Event Manager Created on : 5/21/2003 3:33:18 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 11/13/2002 9:44:02 PM
#:10 [support.exe] FilePath : C:\Program Files\Common Files\Dell\EUSW\ ThreadCreationTime : 6-3-2004 2:20:58 AM BasePriority : Normal FileSize : 240 KB FileVersion : 2, 0, 0, 33 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Dell FileDescription : Support InternalName : Support OriginalFilename : Support.exe ProductName : Dell Support Created on : 12/13/2002 9:05:08 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 5/15/2003 8:22:36 PM
#:11 [ybrwicon.exe] FilePath : C:\Program Files\Yahoo!\browser\ ThreadCreationTime : 6-3-2004 2:20:58 AM BasePriority : Normal FileSize : 56 KB FileVersion : 2003, 7, 11, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Yahoo!, Inc. FileDescription : YBrwIcon InternalName : YBrwIcon OriginalFilename : YBrwIcon.exe ProductName : Yahoo!, Inc. YBrwIcon Created on : 9/17/2003 11:41:58 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 7/11/2003 7:51:16 PM
#:12 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ThreadCreationTime : 6-3-2004 2:20:58 AM BasePriority : Normal FileSize : 148 KB FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp OriginalFilename : realsched.exe ProductName : RealOne Player (32-bit) Created on : 12/23/2003 3:30:13 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 12/23/2003 3:30:13 AM
#:13 [hpgs2wnd.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\ ThreadCreationTime : 6-3-2004 2:20:58 AM BasePriority : Normal FileSize : 68 KB FileVersion : 2,3,0,0\ ProductVersion : 2,3,0,0\ Copyright : Copyright CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd OriginalFilename : hpgs2wnd.exe ProductName : Hewlett-Packard hpgs2wnd Created on : 4/17/2002 4:42:56 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 4/17/2002 4:42:56 PM
#:14 [point32.exe] FilePath : C:\Program Files\Microsoft Hardware\Mouse\ ThreadCreationTime : 6-3-2004 2:20:58 AM BasePriority : Normal FileSize : 172 KB FileVersion : 4.10.0851.0 ProductVersion : 4.1 Copyright : Copyright (C) Microsoft Corp. 1983-2002 CompanyName : Microsoft Corporation FileDescription : Microsoft IntelliPoint InternalName : POINT32 OriginalFilename : POINT32.EXE ProductName : Microsoft IntelliPoint Created on : 4/11/2002 3:47:52 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 4/11/2002 3:47:52 PM
#:15 [hpztsb06.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 184 KB FileVersion : 2,133,0,0 ProductVersion : 2,133,0,0 Copyright : Copyright (c) Hewlett-Packard Company 1999-2002 CompanyName : HP ProductName : HP DeskJet Created on : 5/21/2003 12:48:35 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 7/11/2002 12:06:23 PM
#:16 [dsentry.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 28 KB FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 Copyright : Copyright CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry OriginalFilename : DSentry.exe ProductName : Dell - DVDSentry Created on : 8/14/2002 11:22:52 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 8/14/2002 11:22:52 PM
#:17 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 53 KB FileVersion : 1.0.10.006 ProductVersion : 1.0.10.006 Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client CC App InternalName : ccApp OriginalFilename : ccApp.exe ProductName : Common Client Created on : 4/30/2004 1:04:12 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 12/2/2003 9:11:04 PM
#:18 [directcd.exe] FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 668 KB FileVersion : 5.3.5.10 ProductVersion : 5.3.5.10 Copyright : Copyright (c) 2001-2003, Roxio, Inc. CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD OriginalFilename : Directcd.exe ProductName : DirectCD Created on : 12/17/2002 5:28:00 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/29/2003 2:22:04 AM
#:19 [devdetect.exe] FilePath : C:\Program Files\Common Files\ACD Systems\EN\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 212 KB FileVersion : 2, 0, 1, 6 ProductVersion : 2, 0, 1, 6 Copyright : Copyright CompanyName : ACD Systems, Ltd. FileDescription : Device Detector InternalName : DevDetect OriginalFilename : DevDetect.exe ProductName : Device Detector Created on : 11/26/2003 11:54:56 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 11/26/2003 11:54:56 PM
#:20 [ycommon.exe] FilePath : C:\PROGRA~1\Yahoo!\browser\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 208 KB FileVersion : 2003, 7, 14, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright 2003 Yahoo! Inc. CompanyName : Yahoo!, Inc. FileDescription : YCommon Exe Module InternalName : YCommonExe OriginalFilename : YCommon.EXE ProductName : YCommon Exe Module Created on : 9/17/2003 11:41:18 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 7/14/2003 2:55:44 PM
#:21 [bcmsmmsg.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 120 KB FileVersion : 3.5.25 08/27/2003 20:04:35 ProductVersion : 3.5.25 08/27/2003 20:04:35 Copyright : Copyright CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe OriginalFilename : smdmstat.exe ProductName : BCM Modem Messaging Applet Created on : 8/29/2003 9:59:24 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 8/29/2003 9:59:24 AM
#:22 [weather.exe] FilePath : C:\PROGRA~1\AWS\WEATHE~1\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 760 KB FileVersion : 3, 0, 0, 18 ProductVersion : 3, 0, 0, 18 Copyright : Copyright CompanyName : AWS Convergence Technologies, Inc. FileDescription : WeatherBug InternalName : Desktop Weather OriginalFilename : WeatherBug.exe ProductName : AWS, Inc.WeatherBug Created on : 3/26/2004 3:55:30 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 12/19/2001 10:23:10 PM
#:23 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 31 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll OriginalFilename : RUNDLL.EXE ProductName : Microsoft Created on : 9/3/2002 4:56:58 PM Last accessed : 6/3/2004 3:21:28 AM Last modified : 9/3/2002 4:56:58 PM
#:24 [runwin32.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 11 KB Created on : 5/31/2004 3:57:13 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 5/31/2004 3:57:13 AM
#:25 [wininet32.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 12 KB Created on : 5/31/2004 3:57:14 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 5/31/2004 3:57:14 AM
#:26 [hpgs2wnf.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\ ThreadCreationTime : 6-3-2004 2:20:59 AM BasePriority : Normal FileSize : 76 KB FileVersion : 2, 6, 0, ProductVersion : 2, 6, 0, Copyright : Copyright 2001 FileDescription : hpgs2wnf Module InternalName : hpgs2wnf OriginalFilename : hpgs2wnf.EXE ProductName : hpgs2wnf Module Created on : 4/17/2002 4:49:16 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 4/17/2002 4:49:16 PM
#:27 [spysweeper.exe] FilePath : C:\Program Files\Webroot\Spy Sweeper\ ThreadCreationTime : 6-3-2004 2:21:00 AM BasePriority : Normal FileSize : 649 KB FileVersion : 2.6.1.45 ProductVersion : 1.0.0.0 Copyright : Copyright (c) 2001-2003 Webroot Software, Inc. CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper ProductName : Spy Sweeper Created on : 5/31/2004 7:53:22 PM Last accessed : 6/3/2004 3:21:28 AM Last modified : 2/25/2004 4:48:26 PM
#:28 [sysdoc32.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\ ThreadCreationTime : 6-3-2004 2:21:00 AM BasePriority : Idle FileSize : 24 KB FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 Copyright : Copyright (C) 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Norton System Doctor InternalName : SYSDOC32 OriginalFilename : SYSDOC32.EXE ProductName : Norton Utilities Created on : 5/21/2003 3:25:12 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 8/14/2002 11:03:00 AM
#:29 [webshotstray.exe] FilePath : C:\Program Files\Webshots\ ThreadCreationTime : 6-3-2004 2:21:01 AM BasePriority : Normal FileSize : 204 KB FileVersion : 1.3.0.3826 ProductVersion : 1.3.0.3826 Copyright : Copyright (C) 1998 CompanyName : The Webshots Corporation FileDescription : Webshots Desktop Tray Application InternalName : WEBSHOTSTRAY OriginalFilename : WEBSHOTSTRAY.EXE ProductName : Webshots Tray Application Created on : 5/20/2003 3:08:14 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 6/21/2002 8:55:56 PM
#:30 [diagent.exe] FilePath : C:\Program Files\Creative\SBLive\Diagnostics\ ThreadCreationTime : 6-3-2004 2:21:02 AM BasePriority : Normal FileSize : 132 KB FileVersion : 1, 1, 4, 0 ProductVersion : 1.01.04 Copyright : Copyright (C) 2002 Creative Technology Ltd CompanyName : Creative Technology Ltd FileDescription : Creative Diagnostics Agent InternalName : Creative Diagnostics Agent OriginalFilename : diagent.exe ProductName : Creative Diagnostics Agent Created on : 5/8/2003 7:25:26 AM Last accessed : 6/3/2004 3:21:28 AM Last modified : 4/3/2002 6:01:00 AM
#:31 [cisvc.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:21:13 AM BasePriority : Normal FileSize : 5 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe OriginalFilename : cisvc.exe ProductName : Microsoft Created on : 9/3/2002 4:28:50 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 4:28:50 PM
#:32 [ctsvccda.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:21:13 AM BasePriority : Normal FileSize : 43 KB FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 Copyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved. CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE OriginalFilename : CTsvcCDA.EXE ProductName : Creative Service for CDROM Access Created on : 5/8/2003 7:25:29 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 12/13/1999 6:01:00 AM
#:33 [gearsec.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:21:13 AM BasePriority : Normal FileSize : 60 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : GEAR Software FileDescription : gearsec InternalName : gearsec OriginalFilename : gearsec.exe ProductName : gearsec Created on : 12/1/2003 12:19:04 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 6/28/2002 1:09:52 PM
#:34 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\ ThreadCreationTime : 6-3-2004 2:21:13 AM BasePriority : Normal FileSize : 264 KB FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 Copyright : Copyright (C) Microsoft Corp. 1997-2000 CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe OriginalFilename : mdm.exe ProductName : Microsoft Development Environment Created on : 2/23/2001 3:07:30 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 2/23/2001 3:07:30 PM
#:35 [navapsvc.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\ ThreadCreationTime : 6-3-2004 2:21:13 AM BasePriority : Normal FileSize : 113 KB FileVersion : 9.05.1015 ProductVersion : 9.05.1015 Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC OriginalFilename : NAVAPSVC.EXE ProductName : Norton AntiVirus Created on : 5/21/2003 3:33:09 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 11/15/2002 12:41:26 AM
#:36 [nprotect.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\ ThreadCreationTime : 6-3-2004 2:21:20 AM BasePriority : Normal FileSize : 132 KB FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 Copyright : Copyright (C) 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT OriginalFilename : NPROTECT.EXE ProductName : Norton Utilities Created on : 5/21/2003 3:25:30 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 8/14/2002 11:03:00 AM
#:37 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:21:21 AM BasePriority : Normal FileSize : 80 KB FileVersion : 6.14.10.5216 ProductVersion : 6.14.10.5216 Copyright : (C) NVIDIA Corporation. All rights reserved. CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 52.16 InternalName : NVSVC OriginalFilename : nvsvc32.exe ProductName : NVIDIA Driver Helper Service, Version 52.16 Created on : 10/6/2003 7:16:00 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 10/6/2003 7:16:00 PM
#:38 [nopdb.exe] FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\ ThreadCreationTime : 6-3-2004 2:21:21 AM BasePriority : Normal FileSize : 168 KB FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 Copyright : Copyright (C) 2002 CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB OriginalFilename : NOPDB.dll ProductName : Norton Speed Disk Created on : 5/21/2003 3:26:33 AM Last accessed : 6/3/2004 3:20:57 AM Last modified : 8/14/2002 11:00:00 AM
#:39 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 6-3-2004 2:21:21 AM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 9/3/2002 5:05:32 PM Last accessed : 6/3/2004 3:20:57 AM Last modified : 9/3/2002 5:05:32 PM
#:40 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 2:28:32 AM BasePriority : Idle FileSize : 8 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe OriginalFilename : cidaemon.exe ProductName : Microsoft Created on : 9/3/2002 4:28:48 PM Last accessed : 6/3/2004 3:28:36 AM Last modified : 9/3/2002 4:28:48 PM
#:41 [systray.exe] FilePath : c:\syz_dat\ ThreadCreationTime : 6-3-2004 3:08:21 AM BasePriority : Normal
FileVersion : 1.00 ProductVersion : 1.00 CompanyName : PC-Magic Software InternalName : systray OriginalFilename : systray.exe ProductName : systray
#:42 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 6-3-2004 3:36:55 AM BasePriority : Idle FileSize : 8 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe OriginalFilename : cidaemon.exe ProductName : Microsoft Created on : 9/3/2002 4:28:48 PM Last accessed : 6/3/2004 3:28:36 AM Last modified : 9/3/2002 4:28:48 PM
#:43 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 6-3-2004 3:37:42 AM BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 2/25/2004 2:42:56 AM Last accessed : 6/3/2004 3:36:58 AM Last modified : 7/13/2003 4:00:20 AM
#:44 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ThreadCreationTime : 6-3-2004 3:37:58 AM BasePriority : Normal FileSize : 1462 KB FileVersion : 4.7.2009 ProductVersion : Version 4.7 Copyright : Copyright (c) Microsoft Corporation 1997-2003 CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs OriginalFilename : msmsgs.exe ProductName : Messenger Created on : 4/15/2003 2:05:20 AM Last accessed : 6/3/2004 2:52:51 AM Last modified : 4/15/2003 2:05:20 AM
Memory scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0
Started registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0
Started deep registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pageeasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://easy-search.biz"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bareasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://easy-search.biz"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchURLeasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\SearchURL Value : Data : "http://easy-search.biz"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pageeasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://easy-search.biz"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bareasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://easy-search.biz"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanteasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://easy-search.biz"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearcheasy-search.biz
Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://easy-search.biz" Category : Data Miner Comment : Possible browser hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : CustomizeSearch Data : "http://easy-search.biz"
Deep registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 7 Objects found so far: 7
Deep scanning and examining files (C:) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
I-LookUp Object recognized! Type : File Data : install.cab Category : Malware Comment : Object : C:\ FileSize : 70 KB Created on : 5/17/2004 11:47:27 PM Last accessed : 6/3/2004 3:04:01 AM Last modified : 5/20/2004 1:12:50 AM
Visicom Media Object recognized! Type : File Data : gsim.dll Category : Malware Comment : Object : C:\Documents and Settings\Johnny B\Local Settings\Temp\THI1FC0.tmp\ FileSize : 598 KB FileVersion : 2.0.0.0 ProductVersion : 2.0 CompanyName : Visicom Media FileDescription : Browser Helper Created on : 2/23/2004 1:32:44 AM Last accessed : 6/3/2004 4:30:50 AM Last modified : 10/8/2003 6:14:42 PM
ClearSearch Object recognized! Type : File Data : clrschuninstall_78_86.exe Category : Data Miner Comment : Object : C:\Documents and Settings\Johnny B\Local Settings\Temp\ FileSize : 28 KB FileVersion : 2, 0, 0, 0 ProductVersion : 2, 0, 0, 0 Copyright : Copyright (C) 2003 FileDescription : Clear Search Uninstaller InternalName : Clear Search Uninstaller OriginalFilename : ClrSchUninstall.EXE ProductName : Clear Search Uninstaller Created on : 5/18/2004 3:11:48 AM Last accessed : 6/3/2004 4:30:52 AM Last modified : 4/22/2004 4:22:44 PM
DyFuCA Object recognized! Type : File Data : optimize.exe Category : Malware Comment : Object : C:\Documents and Settings\Johnny B\Local Settings\Temp\ FileSize : 37 KB Created on : 5/17/2004 11:48:01 PM Last accessed : 6/3/2004 4:30:53 AM Last modified : 5/17/2004 11:48:01 PM
BargainBuddy Object recognized! Type : File Data : shortcuts.txt Category : Data Miner Comment : Object : C:\Documents and Settings\Johnny B\Local Settings\Temp\ FileSize : 6 KB Created on : 5/17/2004 11:50:11 PM Last accessed : 6/3/2004 4:30:53 AM Last modified : 5/17/2004 11:50:11 PM
ClearSearch Object recognized! Type : File Data : a0014547.dll Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ FileSize : 171 KB FileVersion : 1, 53, 0, 4 ProductVersion : 1, 53, 0, 4 Copyright : Copyright CompanyName : Clear Search FileDescription : CSie InternalName : CSie OriginalFilename : CSie.dll ProductName : CSie Created on : 5/17/2004 11:48:12 PM Last accessed : 6/3/2004 4:38:04 AM Last modified : 5/17/2004 11:48:12 PM
ClearSearch Object recognized! Type : File Data : a0014548.dll Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ FileSize : 52 KB FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 4 Copyright : Copyright CompanyName : Clear Search FileDescription : CSss InternalName : CSss OriginalFilename : CSss.dll ProductName : CSss Created on : 5/17/2004 11:48:19 PM Last accessed : 6/3/2004 4:38:04 AM Last modified : 5/17/2004 11:48:19 PM
Lycos Sidesearch Object recognized! Type : File Data : a0014551.dll Category : Misc Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ FileSize : 188 KB FileVersion : 1.4.0.0 ProductVersion : 1.4.0.0 Copyright : Copyright CompanyName : Lycos, Inc. FileDescription : Lycos Sidesearch Client InternalName : Lycos Sidesearch Client OriginalFilename : sidesearch.dll ProductName : Lycos Sidesearch Client Created on : 4/23/2004 2:10:34 PM Last accessed : 6/3/2004 4:38:05 AM Last modified : 4/23/2004 2:10:34 PM
ClearSearch Object recognized! Type : File Data : a0014553.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ FileSize : 28 KB FileVersion : 2, 0, 0, 0 ProductVersion : 2, 0, 0, 0 Copyright : Copyright (C) 2003 FileDescription : Clear Search Uninstaller InternalName : Clear Search Uninstaller OriginalFilename : ClrSchUninstall.EXE ProductName : Clear Search Uninstaller Created on : 4/22/2004 4:22:44 PM Last accessed : 6/3/2004 4:38:05 AM Last modified : 4/22/2004 4:22:44 PM
istbar Object recognized! Type : File Data : a0014753.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 9 KB FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 Copyright : Copyright FileDescription : istsvc InternalName : istsvc OriginalFilename : istsvc.exe ProductName : istsvc Created on : 5/17/2004 11:47:58 PM Last accessed : 6/3/2004 4:38:09 AM Last modified : 5/17/2004 11:47:58 PM
DyFuCA Object recognized! Type : File Data : a0014754.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 37 KB Created on : 5/17/2004 11:48:02 PM Last accessed : 6/3/2004 4:38:09 AM Last modified : 5/17/2004 11:48:01 PM
WhenU Object recognized! Type : File Data : a0014755.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 67 KB FileVersion : 0, 1, 5, 1 ProductVersion : 0, 1, 5, 1 Copyright : Copyright 2003 CompanyName : WhenU.com FileDescription : DnldStub InternalName : DnldStub OriginalFilename : dnldstub.exe ProductName : DnldStub Module Created on : 5/17/2004 11:48:16 PM Last accessed : 6/3/2004 4:38:09 AM Last modified : 12/16/2003 12:22:36 AM
istbar Object recognized! Type : File Data : a0014756.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 67 KB FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 Copyright : Copyright 2004 FileDescription : IST T00lbar InternalName : IST T00lbar OriginalFilename : 1stbar.dll ProductName : 1ST Toolbar Created on : 5/17/2004 11:48:05 PM Last accessed : 6/3/2004 4:38:09 AM Last modified : 5/17/2004 11:48:05 PM
Powerscan Object recognized! Type : File Data : a0014761.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 67 KB FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 Copyright : Copyright (C) 2004 FileDescription : PowerScan v1.1 InternalName : PowerScan v1.1 OriginalFilename : Power-Scan.exe ProductName : PowerScan v1.1 Created on : 5/17/2004 11:48:10 PM Last accessed : 6/3/2004 4:38:09 AM Last modified : 5/17/2004 11:48:09 PM
DyFuCA Object recognized! Type : File Data : a0014762.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 32 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright 2002 FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH OriginalFilename : DyFuCA_BH.DLL ProductName : DyFuCA_BH Module Created on : 5/17/2004 11:50:19 PM Last accessed : 6/3/2004 4:38:09 AM Last modified : 5/17/2004 11:50:19 PM
I-LookUp Object recognized! Type : File Data : a0014860.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\ FileSize : 148 KB FileVersion : 2, 0, 0, 0 ProductVersion : 2, 0, 0, 0 Copyright : Copyright 2002 FileDescription : WinDec32 Module InternalName : WinDec32 OriginalFilename : WinDec32.DLL ProductName : WinDec32 Module Created on : 5/13/2004 5:30:36 PM Last accessed : 6/3/2004 4:38:10 AM Last modified : 5/13/2004 5:30:36 PM
Disk scan result for C:\ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 23
Deep scanning and examining files (F:) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for F:\ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 23
Possible Browser Hijack attempt Object recognized! Type : File Data : adware, spyware, popups - they invade your privacy and harm your pc. protect yourself!.url Category : Misc Comment : Item referrs to blacklisted Site: http://www.noadware.net/?hop=bonobo Object : C:\Documents and Settings\Johnny B\Favorites\
Created on : 5/18/2004 3:19:49 AM Last accessed : 6/3/2004 4:49:28 AM Last modified : 5/18/2004 3:19:49 AM
Possible Browser Hijack attempt Object recognized! Type : File Data : bonzi voice email.url Category : Misc Comment : Item referrs to blacklisted Site: http://www.bonzi.com/ Object : C:\Documents and Settings\Johnny B\Favorites\Downloads Computer Parts, Updates Computer Software\
Created on : 5/18/2003 3:25:42 AM Last accessed : 6/3/2004 4:49:30 AM Last modified : 10/17/2003 1:11:49 AM
Possible Browser Hijack attempt Object recognized! Type : File Data : cdnow.url Category : Misc Comment : Item referrs to blacklisted Site: http://www.cdnow.com Object : C:\Documents and Settings\Johnny B\Favorites\Internet Shopping Cars CDs Wine etc\
Created on : 5/18/2003 3:25:42 AM Last accessed : 6/3/2004 4:49:31 AM Last modified : 4/25/1998 7:50:10 AM
Possible Browser Hijack attempt Object recognized! Type : File Data : looksmart.url Category : Misc Comment : Item referrs to blacklisted Site: http://www.looksmart.com/ Object : C:\Documents and Settings\Johnny B\Favorites\Search Tools\
Created on : 5/18/2003 3:25:43 AM Last accessed : 6/3/2004 4:49:34 AM Last modified : 4/25/1998 7:50:10 AM
Possible Browser Hijack attempt Object recognized! Type : File Data : readers digest internet directory.url Category : Misc Comment : Item referrs to blacklisted Site: http://wangara.looksmart.com:8080/r?l3,f&pin=22de813317b509b1eb7&show=framesmall Object : C:\Documents and Settings\Johnny B\Favorites\Search Tools\
Created on : 5/18/2003 3:25:43 AM Last accessed : 6/3/2004 4:49:34 AM Last modified : 4/13/1997 7:30:24 PM
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ 1 entries scanned. New objects :0 Objects found so far: 28
Performing conditional scans.. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Visicom Media Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : Software\Dynamic Toolbar
Visicom Media Object recognized! Type : Folder Category : Malware Comment : Object : c:\program files\Dynamic Toolbar
Visicom Media Object recognized! Type : File Data : gsim Category : Malware Comment : Object : c:\program files\dynamic toolbar\
Created on : 2/23/2004 1:33:03 AM Last accessed : 6/3/2004 4:34:38 AM Last modified : 2/23/2004 1:33:03 AM
Conditional scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 3 Objects found so far: 31
11:52:38 PM Scan complete
Summary of this scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Total scanning time :01:13:54:578 Objects scanned :1048325 Objects identified :31 Objects ignored :0 New objects :31
Logfile of HijackThis v1.97.7 Scan saved at 11:12:35 PM, on 6/2/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\runwin32.exe C:\WINDOWS\wininet32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\GEARSEC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe c:\syz_dat\systray.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Johnny B\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.isearch.com/index.php?ref=none R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Yahoo! Login (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaGB89.exe O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CF1A5BDE-732F-49B7-AD1F-51010E37F9EB} (MSN Money Portfolio Manager) - http://fdl.msn.com/public/investor/v12/invinstl.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab | | |
Duke396
Anon
2004-Jun-3 1:20 am
i don't know how to interpret the hackthis stuff exactly, but one thing you may want to do is find a friend who has IE6 and get them to send you their IEXPLORE.EXE file and replace yours with it. this may or may not help; the file might replace itself and you'll be in the same situation as before, or it might not be that file's problem afterall. I really don't know anything about this particular problem, but you should check out these links, maybe they will provide more help » cant get rid of CWS.Searchx» [Help] Search portal spyware got me now. | |
your moderator at work
hidden :
| |
Jasonx345
Anon
2004-Jun-3 1:35 am
Re: Sexdial has infected my computerWow, ok. Willboe, I see these that are wrong. wininet32.exe » fr.trendmicro-europe.com ··· &VSect=Trunwin32.exe » securityresponse.symante ··· ght.htmlPlease follow their steps & post a new HJT log. | | MapleLeaf Premium Member join:2001-09-04 Burnaby, BC 1 edit
1 recommendation |
to dafficus
The most unpleasant thing is PWSteal.AlLightCheck Symantec recommendations on trojan removal, as for the log entries, this lines have to go: C:\WINDOWS\runwin32.exe C:\WINDOWS\wininet32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »easy-search.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »easy-search.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »easy-search.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = »easy-search.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »www.isearch.com/index.php?ref=none R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe O16 - DPF: {11111111-1111-1111-1111-111111111237} - »63.219.178.91/1/deaGB89.exe | |
your moderator at work
hidden : hidden : hidden :
| SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand 4 edits
1 recommendation |
to Anon
Re: Sexdial has infected my computerTHIS POST IS FOR dafficus This is why you are unable to delete/remove the files: From your Deep registry scan result: Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP55\ etc..., etc..., etc... You need to turn off System Restore before you run Ad-aware again. What is happening is the malware is caught up in System Restore and is not being removed from your registry. To turn off System Restore:Right Click on the My Computer icon > Open the System Restore tab > Turn off System Restore. You will get a pop-up warning that you will not be able to track or undo changes to your computer. It will ask, "Do you want to turn off System Restore?" Click Yes. If you have not yet done so, please read through, and follow the directions given in order in the FAQ, »Security »I think my computer is infected or hijacked. What should I do? . After you follow those steps, run the logs again and post back. EDIT: dafficus , please follow CalamityJane 's instructions below. Good luck! | | |
your moderator at work
hidden :
| 1 edit
1 recommendation |
to dafficus
Re: Sexdial has infected my computerHi dafficus, First - please do NOT do any fixes suggested yet with HijackThis until we get your program into a proper folder so it can make proper backups. Right now it's not, and I'll post instructions for that in just a few minutes. The problem is not the files in systems restore. You have most likely a coolwebsearch infection that is especially difficult to find the hidden files reinfecting you but with some patience we should be able to get to them. I would not advise resetting your restore point just yet. Removing the spyware and hijackers you have on your PC *might* create some problems and we really need to have a functioning restore point to go back to in case something does cause a problem. It is best to get rid of the backups in System Restore after we get the PC clean and can make sure everything is working properly. Those files aren't the ones reinfecting you at the moment. I see that you have the updated Adaware and it has taken care of a multitude of problems, but the main infection possibly affecting you is a difficult one to remove. None of the commercial products are able to do a good job of this (yet). Don't do anything yet, please. Let me write up some instrucitons before you fix anything Edit to fix typos | | CalamityJane
1 recommendation |
1. Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder and don't run it straight out of the zip file. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. 2. Next, Unzip HijackThis again and extract & save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed. 3. Make a copy of these instructions and print them out to have on hand as this will all need to be done in safe mode where you cannot go online. 4. Next, please reboot your PC into SAFE MODE, making sure that only HijackThis is open. How to start the computer in Safe mode http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam quote: Windows XP To use the System Configuration Utility method
1. Close all open programs. 2. Click Start, and then click Run. The Run dialog box appears. 3. As shown in this illustration, type msconfig and then click OK. 4. The System Configuration Utility appears, go to the tab at the top named Boot.ini. Check the "/SAFEBOOT" option, and then click OK. 5. You then see the prompt to restart the computer. Click Restart. 6. The computer restarts in Safe mode. (This can take several minutes.) 7. Perform the troubleshooting steps for which you are using Safe Mode. 8. When you are finished with troubleshooting in Safe mode repeat steps 1-5, but in step 4, uncheck "/SAFEBOOT" 9. Close all programs and restart the computer as you normally would.
5. In SAFE MODE, scan with HijackThis running it from the special folder you made for it and when it finishes, put an x in the boxes next to these items, then press *fix checked* R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »easy-search.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »easy-search.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »easy-search.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = »easy-search.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »easy-search.biz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »www.isearch.com/index.php?ref=none R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) .................... Fix these two Proxy settings IF you are not using a proxy and did NOT set them yourself. If you did set them and are using a proxy then leave them alone. It is quite possible the trojan running on your system set theseR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local ............................ O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe O16 - DPF: {11111111-1111-1111-1111-111111111237} - »63.219.178.91/1/deaGB89.exe O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - »download.weatherbug.com/minibug/trickl.. ..................... 6. Stay in SAFE MODE and delete these files named in bold: C:\WINDOWS\ runwin32.exeC:\WINDOWS\ wininet32.exe7. Stay in SAFE MODE and do a full custom deep scan with Adaware - let it remove any bad items found. ............................. 8. Reboot your PC into normal mode. Follow these instructions to check your Hosts file (one of the hijackers you had is known to tamper with it and this may be what is blocking certain webpages for you to display) http://www.dslreports.com/faq/10131 9. Get the latest updates for your AV program and do a system scan (preferably in safe mode as you did above) and let it fix or delete anything it finds. 10. Check your system for entries left by the two trojans that some folks listed above. They were the two files running that you were hopefully able to delete in the steps above and they may have left behind some entries in your registry that need checking. Refer to the manual instructions here to make sure you got everything. C:\WINDOWS\runwin32.exe http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.allight.html C:\WINDOWS\wininet32.exe http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59220&VName=TROJ_AGENT.AD&VSect=T .................... 11. Get an online AV scan at one (preferably two ) of the following just to make sure your AV hasn't missed something or been disabled by any malware. Panda's Active Scan http://www.pandasoftware.com/activescan/com/activescan_principal.htm Trend Micro (PC-cillin) - Free on-line Scan http://housecall.antivirus.com RAV Antivirus Online Scan http://www.ravantivirus.com/scan/ eTrust AV web scanner (Computer Associates) http://www3.ca.com/virusinfo/virusscan.aspx (If any infections are found - let them fix or delete them, and be sure to reboot your PC between cleanings) 12. Once you are sure everything has been cleaned and all is working properly, then follow Crystal Sky's directions and go ahead reset your restore point with a new one. There is probably still more to do on the hijacker problem if it is still reinfecting you (that would be the hidden dll problem and that's a different process), but at this point, please scan once more with HijackThis and post a new log for us - along with a description of any symptoms you may still be having. | | dafficus join:2004-06-02 Overland Park, KS |
Thanks to all of you so very much, especially you Calamity Jane. You all are a God Send! | | |
Hi dafficus, did the symptoms disappear and not return? Could you post a final HijackThis scan just to be sure everything looks ok at this point? Also, don't leave without taking a look towards prevention of future infections of this nature (like that annoying sexdialer) » Security » How do I prevent browser hijacks and spyware?There are recommendations in the link above to secure your PC and your IE browser plus some excellent free programs that can prevent this malware from ending up on your PC in the first place. Here is another more indepth help page for securing your PC against everything else » Security » How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:(But I would like to see a final HijackThis log, dafficus) | | dafficus join:2004-06-02 Overland Park, KS
1 recommendation |
Sorry I was so long in responding Calamity. I travel a great deal. All appears well with my computer but your review of the Hijack is greatly appreciated. Thanks again for all of your time, effort and help.
Dafficus
Here is the Hijack information dated today:
Logfile of HijackThis v1.97.7 Scan saved at 9:58:34 PM, on 6/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\GEARSEC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SpywareBlaster\spywareblaster.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Yahoo! Login (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CF1A5BDE-732F-49B7-AD1F-51010E37F9EB} (MSN Money Portfolio Manager) - http://fdl.msn.com/public/investor/v12/invinstl.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab | |
1 recommendation |
Hi dafficus, you're quite welcome. We're glad we could help You can fix the following item (it's now just an orphan item left over) R3 - Default URLSearchHook is missing Your log looks clean now. Glad to hear that resolved your problems. Looks like you got some extra protection in place too. Stay safe and happy surfing | | dafficus join:2004-06-02 Overland Park, KS |
Would that be "OK to delete" when you say fix it? Secondly per your instructions I added several protectective programs to my system and have passed the word on to several friends. Again, Many Many thanks for who you are and what you do for those of us "less talented" mortals.
Dafficus | |
1 recommendation |
Yes, you can scan with HijackThis and checkmark that item:
R3 - Default URLSearchHook is missing
Then press *fix checked*
Glad to hear all is well and that you are spreading the word to patch and protect! (You did get ALL the windows critical security updates, right?) As part of our list in hijack/spyware/malware prevention FAQ, #1 is patching your Windows Operating System and IE. (#2 is securing your IE browser - also covered in there). Why? Because much of this malware is taking advantage of unpatched exploits to stealth install on you. You can have all the protection tools and they can still get in if you have holes in your OS and in your IE. [/EndOfLecture]:D | |
|