Ad_Aware_Log_.txt 24.99K
314 downloads
Home page keeps getting changed
Started by
stfkly
, Aug 11 2006 07:07 PM
5 replies to this topic
#1
stfkly
-
- Members
-
- 4 posts
Newbie
Posted 11 August 2006 - 07:07 PM
My home page keeps being changed to www.searchingall.com The pages that I go to are being saved as Favorites automatically and then saved as Icons on my desktop. I have tried Ad Aware, Norton AntiVirus, Trend Micro, SpyBot S&D, deleting temp files, deleting cookies. Just when I think I have it all cleaned up I Restart the computer and go to a website like Yahoo and it starts all over again! Attached: Ad Aware Log. Please let me know what else you might need. I run Windows XP.
Ad_Aware_Log_.txt 24.99K
314 downloads
Ad_Aware_Log_.txt 24.99K
314 downloads
#2
spike-nz
-
- Volunteer Security Advisor
-
- 3092 posts
Advanced Member
Posted 12 August 2006 - 04:38 AM
stfkly,
Please edit your post to include the Ad-Aware scan log in full, rather than as an attachment (that format makes the log very hard to read
). Would suggest a new scan, then at the end, delete all mru's, tracking cookies, and anything else that is flagged. Then cut and paste the final log-file here, by clicking on the "Show Logfile" button. (Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
Also, it would be of help to the log-reading experts, if you were to post a diagnostic log from this free tool called HijackThis.
Instructions on creating a HijackThis Log
http://www.lavasofts...p?showtopic=216
There have been a large number of requests for help from the HJT log experts, so please be patient - they will get to you as soon as they can
Regards, Spike
Please edit your post to include the Ad-Aware scan log in full, rather than as an attachment (that format makes the log very hard to read
). Would suggest a new scan, then at the end, delete all mru's, tracking cookies, and anything else that is flagged. Then cut and paste the final log-file here, by clicking on the "Show Logfile" button. (Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all) Also, it would be of help to the log-reading experts, if you were to post a diagnostic log from this free tool called HijackThis.
Instructions on creating a HijackThis Log
http://www.lavasofts...p?showtopic=216
There have been a large number of requests for help from the HJT log experts, so please be patient - they will get to you as soon as they can
Regards, Spike
#3
stfkly
-
- Members
-
- 4 posts
Newbie
Posted 15 August 2006 - 02:14 PM
stfkly,
Please edit your post to include the Ad-Aware scan log in full, rather than as an attachment (that format makes the log very hard to read
Also, it would be of help to the log-reading experts, if you were to post a diagnostic log from this free tool called HijackThis.
Instructions on creating a HijackThis Log
http://www.lavasofts...p?showtopic=216
There have been a large number of requests for help from the HJT log experts, so please be patient - they will get to you as soon as they can
Regards, Spike
#4
stfkly
-
- Members
-
- 4 posts
Newbie
Posted 15 August 2006 - 02:42 PM
Thanks for the help...The following files in the srchasst file of the WINDOWS file keep reappearing after deleted:
msgr3en.dll
nls302en (dictionary file)
srchctis.dll
srchui.dll
I found these because my IE started crashing and the srchui.dll was listed as the problem. Below are the AA log and hijack this will come in a second posting.
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, August 15, 2006 8:51:48 AM
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop(TAC index:3):18 total references
MRU List(TAC index:0):12 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
8-15-2006 8:51:48 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Stephanie\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Stephanie\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 384
ThreadCreationTime : 8-15-2006 12:46:56 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 8-15-2006 12:46:58 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 8-15-2006 12:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1040
ThreadCreationTime : 8-15-2006 12:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 8-15-2006 12:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1312
ThreadCreationTime : 8-15-2006 12:47:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1788
ThreadCreationTime : 8-15-2006 12:47:02 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1812
ThreadCreationTime : 8-15-2006 12:47:03 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1948
ThreadCreationTime : 8-15-2006 12:47:03 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 176
ThreadCreationTime : 8-15-2006 12:47:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 488
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:16 [ntmulti.exe]
FilePath : c:\notes\
ProcessID : 544
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 6.0.40.4008
ProductVersion : 6.0.40.4008
ProductName : IBM Lotus Notes/Domino
CompanyName : IBM Corp
FileDescription : IBM Lotus Notes/Domino
InternalName : L-GHUS-5HVN64, L-GHUS-5HVN64, L-GHUS-5HVN64, L-GHUS-5HVNZ6
LegalCopyright : © copyright IBM Corp. 1987, 2004 All Rights Reserved.
LegalTrademarks : Licensed Materials - Property of IBM US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule contract with IBM Corp.
#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 560
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 6.14.10.5316
ProductVersion : 6.14.10.5316
ProductName : NVIDIA Driver Helper Service, Version 53.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 53.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1092
ThreadCreationTime : 8-15-2006 12:47:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:20 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1848
ThreadCreationTime : 8-15-2006 12:47:15 PM
BasePriority : Normal
FileVersion : 9.4.2.1
ProductVersion : 9.4
ProductName : AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright © 2005 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1888
ThreadCreationTime : 8-15-2006 12:47:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 312
ThreadCreationTime : 8-15-2006 12:47:21 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:23 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 720
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:24 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 840
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:25 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 1692
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe
#:26 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 1748
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
#:27 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1916
ThreadCreationTime : 8-15-2006 12:47:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2692
ThreadCreationTime : 8-15-2006 12:47:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:29 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1384
ThreadCreationTime : 8-15-2006 12:47:58 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:30 [isuspm.exe]
FilePath : c:\program files\common files\installshield\updateservice\
ProcessID : 2388
ThreadCreationTime : 8-15-2006 12:48:22 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Update Manager
InternalName : ProgramManager
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : ISUSPM.exe
#:31 [agent.exe]
FilePath : C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\
ProcessID : 2488
ThreadCreationTime : 8-15-2006 12:48:35 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Agent
InternalName : Agent
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : agent.exe
#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 3160
ThreadCreationTime : 8-15-2006 12:51:31 PM
BasePriority : Normal
FileVersion : 6.2.0.207
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3184
ThreadCreationTime : 8-15-2006 12:51:34 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 19
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchingall.com"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchingall.com"
Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\MainStart Pagesearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchingall.com"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://searchingall.com"
Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\MainSearch Barsearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchingall.com"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchingall.com"
Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\SearchURLsearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searching...earch.php?q=%s"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "http://www.searching...earch.php?q=%s"
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2.1
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2.1
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Value : .Owner
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Value : {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Adware.Pop Object Recognized!
Type : File
Data : /windows/downloaded program files/popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Object : c:\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL
Adware.Pop Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 32
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stephanie@perf.overture[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:stephanie@perf.overture.com/
Expires : 8-10-2010 4:41:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 33
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop Object Recognized!
Type : File
Data : popcaploader_v6[1].cab
Category : Possible Browser Hijack attempt
Comment :
Object : C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\MJ8DMLUT\
Adware.Pop Object Recognized!
Type : File
Data : popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
105 entries scanned.
New critical objects:0
Objects found so far: 35
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35
8:57:36 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:48.110
Objects scanned:113143
Objects identified:23
Objects ignored:0
New critical objects:23
Logfile of HijackThis v1.99.1
Scan saved at 9:09:20 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\notes\ntmulti.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: rAYOYtNkNfObj Class - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: http://w3.gliconline.com
O16 - DPF: WebConnect DUBuild - http://63.66.47.100/...DUBuild4412.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://w3.gliconline...cab/awswaxm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid....criptx/smsx.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline...ianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline...monControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline...ppLauncher2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://sbshelpme.us.../weblaunch2.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline...L_VbRuntime.CAB
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {A8FEC515-2BF2-11D4-B4AF-00C04F584B78} (CDDActiveX.CDDActiveXDownLoad) - http://w3.gliconline...veXDownload.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://170.180.8.163...tivexviewer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emoneyadviso...ing/ieatgpc.cab
O16 - DPF: {E7DE712F-FC5D-11D4-B58B-00C04F584B78} (Pal2AXControl.Pal2DeleteExpiredFiles) - http://w3.gliconline...l2AXControl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconlin...ipts/PTHtab.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
msgr3en.dll
nls302en (dictionary file)
srchctis.dll
srchui.dll
I found these because my IE started crashing and the srchui.dll was listed as the problem. Below are the AA log and hijack this will come in a second posting.
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, August 15, 2006 8:51:48 AM
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop(TAC index:3):18 total references
MRU List(TAC index:0):12 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
8-15-2006 8:51:48 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Stephanie\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Stephanie\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-1547161642-839522115-1004\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 384
ThreadCreationTime : 8-15-2006 12:46:56 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 8-15-2006 12:46:58 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 8-15-2006 12:46:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 8-15-2006 12:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1040
ThreadCreationTime : 8-15-2006 12:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 8-15-2006 12:47:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1312
ThreadCreationTime : 8-15-2006 12:47:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1788
ThreadCreationTime : 8-15-2006 12:47:02 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1812
ThreadCreationTime : 8-15-2006 12:47:03 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1948
ThreadCreationTime : 8-15-2006 12:47:03 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 176
ThreadCreationTime : 8-15-2006 12:47:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 488
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:16 [ntmulti.exe]
FilePath : c:\notes\
ProcessID : 544
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 6.0.40.4008
ProductVersion : 6.0.40.4008
ProductName : IBM Lotus Notes/Domino
CompanyName : IBM Corp
FileDescription : IBM Lotus Notes/Domino
InternalName : L-GHUS-5HVN64, L-GHUS-5HVN64, L-GHUS-5HVN64, L-GHUS-5HVNZ6
LegalCopyright : © copyright IBM Corp. 1987, 2004 All Rights Reserved.
LegalTrademarks : Licensed Materials - Property of IBM US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule contract with IBM Corp.
#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 560
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 8-15-2006 12:47:09 PM
BasePriority : Normal
FileVersion : 6.14.10.5316
ProductVersion : 6.14.10.5316
ProductName : NVIDIA Driver Helper Service, Version 53.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 53.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1092
ThreadCreationTime : 8-15-2006 12:47:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:20 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1848
ThreadCreationTime : 8-15-2006 12:47:15 PM
BasePriority : Normal
FileVersion : 9.4.2.1
ProductVersion : 9.4
ProductName : AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright © 2005 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1888
ThreadCreationTime : 8-15-2006 12:47:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 312
ThreadCreationTime : 8-15-2006 12:47:21 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:23 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 720
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:24 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 840
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:25 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 1692
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe
#:26 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 1748
ThreadCreationTime : 8-15-2006 12:47:22 PM
BasePriority : Normal
#:27 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1916
ThreadCreationTime : 8-15-2006 12:47:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2692
ThreadCreationTime : 8-15-2006 12:47:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:29 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1384
ThreadCreationTime : 8-15-2006 12:47:58 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:30 [isuspm.exe]
FilePath : c:\program files\common files\installshield\updateservice\
ProcessID : 2388
ThreadCreationTime : 8-15-2006 12:48:22 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Update Manager
InternalName : ProgramManager
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : ISUSPM.exe
#:31 [agent.exe]
FilePath : C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\
ProcessID : 2488
ThreadCreationTime : 8-15-2006 12:48:35 PM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Agent
InternalName : Agent
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : agent.exe
#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 3160
ThreadCreationTime : 8-15-2006 12:51:31 PM
BasePriority : Normal
FileVersion : 6.2.0.207
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3184
ThreadCreationTime : 8-15-2006 12:51:34 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 19
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchingall.com"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchingall.com"
Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\MainStart Pagesearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchingall.com"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://searchingall.com"
Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\MainSearch Barsearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchingall.com"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchingall.com"
Possible Browser Hijack attempt : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\SearchURLsearchingall.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searching...earch.php?q=%s"
Category : Possible Browser Hijack attempt
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-1547161642-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "http://www.searching...earch.php?q=%s"
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2.1
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2.1
Value :
Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Value : .Owner
Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Value : {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Adware.Pop Object Recognized!
Type : File
Data : /windows/downloaded program files/popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Object : c:\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL
Adware.Pop Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 32
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stephanie@perf.overture[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:stephanie@perf.overture.com/
Expires : 8-10-2010 4:41:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 33
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop Object Recognized!
Type : File
Data : popcaploader_v6[1].cab
Category : Possible Browser Hijack attempt
Comment :
Object : C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\MJ8DMLUT\
Adware.Pop Object Recognized!
Type : File
Data : popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
105 entries scanned.
New critical objects:0
Objects found so far: 35
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35
8:57:36 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:48.110
Objects scanned:113143
Objects identified:23
Objects ignored:0
New critical objects:23
Logfile of HijackThis v1.99.1
Scan saved at 9:09:20 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\notes\ntmulti.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: rAYOYtNkNfObj Class - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: http://w3.gliconline.com
O16 - DPF: WebConnect DUBuild - http://63.66.47.100/...DUBuild4412.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://w3.gliconline...cab/awswaxm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid....criptx/smsx.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline...ianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline...monControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline...ppLauncher2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://sbshelpme.us.../weblaunch2.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline...L_VbRuntime.CAB
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {A8FEC515-2BF2-11D4-B4AF-00C04F584B78} (CDDActiveX.CDDActiveXDownLoad) - http://w3.gliconline...veXDownload.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://170.180.8.163...tivexviewer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emoneyadviso...ing/ieatgpc.cab
O16 - DPF: {E7DE712F-FC5D-11D4-B58B-00C04F584B78} (Pal2AXControl.Pal2DeleteExpiredFiles) - http://w3.gliconline...l2AXControl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconlin...ipts/PTHtab.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
#5
stfkly
-
- Members
-
- 4 posts
Newbie
Posted 15 August 2006 - 04:33 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:09:20 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\notes\ntmulti.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: rAYOYtNkNfObj Class - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: http://w3.gliconline.com
O16 - DPF: WebConnect DUBuild - http://63.66.47.100/...DUBuild4412.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://w3.gliconline...cab/awswaxm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid....criptx/smsx.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline...ianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline...monControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline...ppLauncher2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://sbshelpme.us.../weblaunch2.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline...L_VbRuntime.CAB
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {A8FEC515-2BF2-11D4-B4AF-00C04F584B78} (CDDActiveX.CDDActiveXDownLoad) - http://w3.gliconline...veXDownload.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://170.180.8.163...tivexviewer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emoneyadviso...ing/ieatgpc.cab
O16 - DPF: {E7DE712F-FC5D-11D4-B58B-00C04F584B78} (Pal2AXControl.Pal2DeleteExpiredFiles) - http://w3.gliconline...l2AXControl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconlin...ipts/PTHtab.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Scan saved at 9:09:20 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\notes\ntmulti.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: rAYOYtNkNfObj Class - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: http://w3.gliconline.com
O16 - DPF: WebConnect DUBuild - http://63.66.47.100/...DUBuild4412.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://w3.gliconline...cab/awswaxm.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid....criptx/smsx.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline...ianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline...monControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline...ppLauncher2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://sbshelpme.us.../weblaunch2.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline...L_VbRuntime.CAB
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {A8FEC515-2BF2-11D4-B4AF-00C04F584B78} (CDDActiveX.CDDActiveXDownLoad) - http://w3.gliconline...veXDownload.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://170.180.8.163...tivexviewer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emoneyadviso...ing/ieatgpc.cab
O16 - DPF: {E7DE712F-FC5D-11D4-B58B-00C04F584B78} (Pal2AXControl.Pal2DeleteExpiredFiles) - http://w3.gliconline...l2AXControl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconlin...ipts/PTHtab.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
#6
LS CalamityJane
-
- Members
-
- 8814 posts
Former Lavasoft Staff
Posted 18 August 2006 - 09:50 PM
Could you please go here:
http://www.lavasoftr....com/submit.php
Please fill out a short message (about being hijacked to searchingall.com0
AND include the URL to this topic: http://www.lavasofts...?showtopic=2685
in your message
Browse to and submit this file:
C:\WINDOWS\system32\drivers\dbnetlib.dll
Then press the button: Submit new or updated target button
Then come back here and follow the next steps for removal
Thanks, that will help everyone to get detection on that hijacker!
...........................
After you have submitted the file, please open Hijackthis and do a *system scan only*
When it finishes place a checkmark next to this entry:
O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
Make sure that IE is closed! Then press the *fix checked* button.
Reboot your computer.
Scan again with HijackThis and post a fresh log please?
Also let us know if that resolves the problem?
http://www.lavasoftr....com/submit.php
Please fill out a short message (about being hijacked to searchingall.com0
AND include the URL to this topic: http://www.lavasofts...?showtopic=2685
in your message
Browse to and submit this file:
C:\WINDOWS\system32\drivers\dbnetlib.dll
Then press the button: Submit new or updated target button
Then come back here and follow the next steps for removal
Thanks, that will help everyone to get detection on that hijacker!
...........................
After you have submitted the file, please open Hijackthis and do a *system scan only*
When it finishes place a checkmark next to this entry:
O2 - BHO: rAYOYtNkNf - {E106E263-E1ED-4ecb-9599-1C6D5FADC07D} - C:\WINDOWS\system32\drivers\dbnetlib.dll
Make sure that IE is closed! Then press the *fix checked* button.
Reboot your computer.
Scan again with HijackThis and post a fresh log please?
Also let us know if that resolves the problem?
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.
Look for the *New Topic* Button near the top right when viewing the forums.
Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center
Microsoft MVP/Windows - Security 2003-2009
Look for the *New Topic* Button near the top right when viewing the forums.
Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center
Microsoft MVP/Windows - Security 2003-2009
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
