Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dragonet29

Dragonet29

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 28 January 2013 - 04:42 PM

Hello,
Perhaps someone can give me a hand on this. I consider myself an intermediate computer user with a far amount of knowledge but this problem has eluded me. I'm running WindowsXP SP3 with ie8. Normally I have Yahoo as my home page but recently this has been"hijacked" to Msn. When it happened I tried to change it back using Internet options however the change doesn't stick. When I close out and reboot and go on the internet the Msn page loads again instead of Yahoo. Checking Internet options shows that Msn is once again my home page.I ran virus checks with the following:
AVG
Malwarebytes Antimaware
SuperAntispyware
Spybot
and then Avast! in normal and safe mode to no avail. They show no infection. I ran Emisoft HiJack This and found nothing unusual. I than ran a log from Win patrol and found this:

Log created by WinPatrol [FREE Edition] version 26.1.2013.0:26.1.2013.0
Scan saved at 11:02:45 AM, on 1/27/2013
Platform: Windows XP SP3 Home Edition Service Pack 3 (Build 2600)
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\sched.exe
C:\PROGRAM FILES\SUPERANTISPYWARE\SASCore.exe
C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\avguard.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
C:\PROGRAM FILES\NetVeda\Safety.Net\ipcsvc.exe
C:\PROGRAM FILES\COMMON FILES\INTERVIDEO\RegMgr\IVIREGMGR.EXE
C:\PROGRAM FILES\REALNETWORKS\REALDOWNLOADER\RNDLRESOLVERSVC.EXE
C:\PROGRAM FILES\Yahoo!\SOFTWAREUPDATE\YAHOOAUSERVICE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPEnh.exe
C:\Acer\EMPOWERING TECHNOLOGY\ERECOVERY\eRAgent.exe
C:\PROGRAM FILES\NetVeda\Safety.Net\ipcTray.exe
C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\avgnt.exe
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\MZ ULTIMATE TOOLS\MZ CPU ACCELERATOR\MZCPUACCELERATOR.EXE
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\avshadow.exe
C:\Documents and Settings\Jonette Rosamund\Local Settings\Temp\RtkBtMnt.exe
C:\PROGRAM FILES\CCleaner\CCleaner.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll
O4 - HKLM\..\Run: [LaunchApp]Alaunch
O4 - HKLM\..\Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr]ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel]C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager]C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService]C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SafetyNet]C:\Program Files\NetVeda\Safety.Net\ipcTray.exe
O4 - HKLM\..\Run: [SafetyNet_Notifier]C:\Program Files\NetVeda\Safety.Net\ipcLn.exe
O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt]C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\Run: [TelevisionFanatic Browser Plugin Loader]C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
O4 - HKLM\..\Run: [TelevisionFanatic Search Scope Monitor]C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe /m=2 /w /h
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MzCPUAccelerator]C:\Program Files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe
O4 - HKCU\..\Run: [FreeRAM XP]C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe -win
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk=C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p2=^XP^xdm259^S04245^us&si=8125&a=F608C822-C8D1-4169-97AE-EFDEEE6D13E4&n=2013012021&cv=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353793993796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358469048140
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} (Microsoft Download Manager ActiveX control) - http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\PROGRAM FILES\SUPERANTISPYWARE\SASCore.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\PROGRAM FILES\COMMON FILES\ADOBE SYSTEMS SHARED\Service\ADOBELMSVC.EXE
O23 - Service: Adobe Flash Player Update Service - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FLASHPLAYERUPDATESERVICE.EXE
O23 - Service: Avira Scheduler - Avira Operations GmbH & Co. KG - C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\sched.exe
O23 - Service: Avira Real-Time Protection - Avira Operations GmbH & Co. KG - C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\APPLEMOBILEDEVICESERVICE.EXE
O23 - Service: Application Management - - C:\WINDOWS\SYSTEM32\APPMGMTS.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
O23 - Service: Human Interface Device Access - - C:\WINDOWS\SYSTEM32\HIDSERV.DLL
O23 - Service: NetVeda Safety.Net - NetVeda LLC - C:\PROGRAM FILES\NetVeda\Safety.Net\ipcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
O23 - Service: IviRegMgr - InterVideo - C:\PROGRAM FILES\COMMON FILES\INTERVIDEO\RegMgr\IVIREGMGR.EXE
O23 - Service: RealNetworks Downloader Resolver Service - - C:\PROGRAM FILES\REALNETWORKS\REALDOWNLOADER\RNDLRESOLVERSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - CACE Technologies, Inc. - C:\PROGRAM FILES\WinPcap\rpcapd.exe
O23 - Service: TelevisionFanaticService - COMPANYVERS_NAME - C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe
O23 - Service: Yahoo! Updater - Yahoo! Inc. - C:\PROGRAM FILES\Yahoo!\SOFTWAREUPDATE\YAHOOAUSERVICE.EXE

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
2 IE Cookies in Folder: C:\Documents and Settings\Jonette Rosamund\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [RealDownloaderDownloaderScheduledTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe 01/17/2013 3:37 AM
WP31 - Scheduled Tasks: [Go for FilesUpdate.job]C:\Program Files\GoforFiles\GFFUpdater.exe 12/28/2012 12:56 AM
WP31 - Scheduled Tasks: [GlaryInitialize.job]C:\Program Files\Glary Utilities\initialize.exe 01/27/2013 10:49 AM
WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe 01/21/2013 1:00 PM
WP31 - Scheduled Tasks: [Adobe Flash Player Updater.job]C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 01/26/2013 8:31 PM
WP31 - Scheduled Tasks: [RealUpgradeLogonTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\Real\RealUpgrade\realupgrade.exe 01/27/2013 10:49 AM
WP31 - Scheduled Tasks: [RealPlayerRealUpgradeScheduledTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\Real\RealUpgrade\realupgrade.exe Never
WP31 - Scheduled Tasks: [RealPlayerRealUpgradeLogonTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\Real\RealUpgrade\realupgrade.exe 01/27/2013 10:49 AM
WP31 - Scheduled Tasks: [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Never
WP31 - Scheduled Tasks: [RealDownloaderRealUpgradeLogonTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe 01/27/2013 10:49 AM
WP31 - Scheduled Tasks: [RealUpgradeScheduledTaskS-1-5-21-142347077-3383857689-3368584957-1006.job]C:\Program Files\Real\RealUpgrade\realupgrade.exe 01/21/2013 1:46 AM

WP16 - ActiveX: {02478D38-C3F9-4EFB-9B51-7695ECA05670} [&Yahoo! Toolbar Helper] C:\PROGRAM FILES\Yahoo!\COMPANION\Installs\cpn1\yt.dll 8, 4, 4, 65
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.7.0069.2
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 8.00.6001.19394
WP16 - ActiveX: {25336921-03F9-11CF-8FD0-00AA00686F13} [Microsoft HTML Document 6.0] C:\WINDOWS\system32\mshtml.dll 8.00.6001.19394
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9247
WP16 - ActiveX: {38481807-CA0E-42D2-BF39-B33AF135CC4D} [IETag Factory] C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL 12.0.6606.1000
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.6.7600.257
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 9.00.00.4510
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.6.7600.257
WP16 - ActiveX: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} [YTNavAssistPlugin Class] C:\PROGRAM FILES\Yahoo!\COMPANION\Installs\cpn1\yt.dll 8, 4, 4, 65
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.19389
WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.2502.0
WP16 - ActiveX: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} [Microsoft Download Manager ActiveX control] C:\WINDOWS\npMSDM.dll 1,2,1,2044
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] C:\WINDOWS\system32\wmp.dll 9.00.00.4510
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\WINDOWS\system32\ieframe.dll 8.00.6001.19389
WP16 - ActiveX: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\WINDOWS\system32\rmoc3260.dll 16.0.0.282
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_11_5_502_146.OCX 11,5,502,146
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} [Yahoo! Toolbar] C:\PROGRAM FILES\Yahoo!\COMPANION\Installs\cpn1\yt.dll 8, 4, 4, 65
WP16 - ActiveX: {F5078F35-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.100.1053.0
WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] C:\Program Files\Microsoft Office\Office12\REFEDIT.DLL 12.0.6500.5000
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.4507
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {9A948063-66C3-4F63-AB46-582EDAA35047} [Microsoft TabStrip Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.4507
WP16 - ActiveX: {9A948063-66C3-4F63-AB46-582EDAA35047} [Microsoft TabStrip Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] C:\Program Files\Microsoft Office\Office12\VVIEWER.DLL 12.0.6606.1000
WP16 - ActiveX: {556C2772-F1AD-4DE1-8456-BD6E8F66113B} [Microsoft ImageList Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {A0E7BF67-8D30-4620-8825-7111714C7CAB} [Microsoft ProgressBar Control, version 6.0] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {ECD0ECC6-DCA4-4013-A915-12355AB70999} [MSWebDVD Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18589
WP16 - ActiveX: {585AA280-ED8B-46B2-93AE-132ECFA1DAFC} [Microsoft StatusBar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE} [Microsoft Toolbar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18589
WP16 - ActiveX: {8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE} [Microsoft Toolbar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.19389
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 12.0.6604.1000
WP16 - ActiveX: {A3F2A195-0D11-463b-96BB-D2FF1B7490A1} [MSDVDAdm Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {585AA280-ED8B-46B2-93AE-132ECFA1DAFC} [Microsoft StatusBar Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18589
WP16 - ActiveX: {95F0B3BE-E8AC-4995-9DCA-419849E06410} [Microsoft TreeView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {CCDB0DF2-FD1A-4856-80BC-32929D8359B7} [Microsoft ListView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {CCDB0DF2-FD1A-4856-80BC-32929D8359B7} [Microsoft ListView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 8.00.6001.19394
WP16 - ActiveX: {CCDB0DF2-FD1A-4856-80BC-32929D8359B7} [Microsoft ListView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {95F0B3BE-E8AC-4995-9DCA-419849E06410} [Microsoft TreeView Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\WINDOWS\system32\rmoc3260.dll 16.0.0.282
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_11_5_502_146.OCX 11,5,502,146
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_11_5_502_146.OCX 11,5,502,146
WP16 - ActiveX: {87DACC48-F1C5-4AF3-84BA-A2A72C2AB959} [Microsoft ImageComboBox Control, version 6.0] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {0B314611-2C19-4AB4-8513-A6EEA569D3C4} [Microsoft Slider Control, version 6.0] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834
WP16 - ActiveX: {556C2772-F1AD-4DE1-8456-BD6E8F66113B} [Microsoft ImageList Control 6.0 (SP6)] C:\WINDOWS\system32\MSCOMCTL.OCX 6.01.9834

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Program Files\Common Files\Services\Thumbs.db

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MPEG Layer 3 Audio]C:\Program Files\iTunes\iTunes.exe /open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealPlayer Presentation]c:\program files\real\realplayer\\RealPlay.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 46%
Physical Memory Free: 550,064 KB
Paging File Free: 1,855,452 KB
Virtual Memory Free: 2,045,008 KB


--
End of file

I then ran the original HijackThis and found that the 014 items with the prefix iereset.inf was NOT listed. This looks to me like a redirector but since it doesn't show on HJT I can't do anything with it.
Any ideas out there?
Cheers!

Edited by bloopie, 29 January 2013 - 05:54 PM.
Moved to Malware Removal forum due to specialized log. ~bloopie


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:51 PM

Posted 30 January 2013 - 01:52 AM

Hi,

Your problem isn't caused by malware though. You don't have any search hijackers or whatever here. It's your teatimer (SpyBot s&d) disallowing the changes since it monitors important registry changes and makes the changes back undone.
So, I suggest you to disable Teatimer because it can interfere with the changes you'll make on your system.
When you've set your startpage properly again, you can enable teatimer again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, please read here: http://forums.spybot.info/showthread.php?t=14323 - to reset the allowed/denied changes list.
Otherwise it will keep on blocking changes as long as you don't clear out earlier decisions related wioth your startpage. So if you enable teatimer again afterwards, make sure you only have it block things that you say so (and not block everything by default), because teatimer doesn't know the difference between malicious set keys/values and legitimate ones. That's why some expertise is needed here when using teatimer. :)

Edited by miekiemoes, 30 January 2013 - 01:56 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Dragonet29

Dragonet29
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 30 January 2013 - 07:08 PM

Thanks MKD! I went into Spybot and TT and applied your knowledge and voila! Again, thanks sister!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:51 PM

Posted 31 January 2013 - 01:26 AM

Good to hear and glad I could help :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:51 PM

Posted 31 January 2013 - 12:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users