Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad-aware report and HijackThis log


  • Please log in to reply
1 reply to this topic

#1 starsdong

starsdong

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 28 June 2004 - 06:44 PM

Hi,
Ad-aware detected spywares after each reboot. The repot files are as the followings:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :2004?6?28? 7:24:59 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R325 27.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


6-28-2004 7:24:59 PM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-28-2004 11:18:42 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:18:46 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:18:48 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:18:48 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:18:50 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:18:50 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 8/29/2002 11:00:00 AM

#:7 [s24evmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:18:51 PM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
OriginalFilename : S24EvMon.exe
ProductName : Mobile Unit Support Service
Created on : 6/20/2003 12:55:22 PM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 6/20/2003 12:55:22 PM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:18:54 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 8/29/2002 11:00:00 AM

#:9 [zcfgsvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:18:59 PM
BasePriority : Normal
FileSize : 348 KB
FileVersion : 4, 1, 0, 53
ProductVersion : 4, 1, 0, 0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
OriginalFilename : ZeroCfgSvc.EXE
ProductName : ZeroCfgSvc Application
Created on : 6/20/2003 1:01:12 PM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 6/20/2003 1:01:12 PM

#:10 [1xconfig.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:00 PM
BasePriority : Normal
FileSize : 180 KB
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
Copyright : Copyright 2003
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
OriginalFilename : 1XConfig.EXE
ProductName : 8021XConfig Module
Created on : 6/20/2003 12:56:06 PM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 6/20/2003 12:56:06 PM

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-28-2004 11:19:01 PM
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 5/12/2003 2:12:10 AM
Last accessed : 6/28/2004 11:19:59 PM
Last modified : 5/12/2003 2:12:10 AM

#:12 [basfipm.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:03 PM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.0.3
ProductVersion : 6.0.3
Copyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
OriginalFilename : BAsfIpM.EXE
ProductName : Broadcom ASF IP monitoring service
Created on : 4/17/2003 6:00:12 PM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 4/17/2003 6:00:12 PM

#:13 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ThreadCreationTime : 6-28-2004 11:19:03 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
Copyright : Copyright
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
OriginalFilename : DefWatch.exe
ProductName : Norton AntiVirus
Created on : 7/30/2002 7:36:00 PM
Last accessed : 6/28/2004 10:54:35 PM
Last modified : 7/30/2002 7:36:00 PM

#:14 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 6-28-2004 11:19:04 PM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright © Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 2/23/2001 6:07:30 PM
Last accessed : 6/28/2004 10:53:30 PM
Last modified : 2/23/2001 6:07:30 PM

#:15 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ThreadCreationTime : 6-28-2004 11:19:04 PM
BasePriority : Normal
FileSize : 560 KB
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
Copyright : Copyright © Symantec Corporation 1991-2002
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
ProductName : Symantec AntiVirus
Created on : 7/30/2002 7:40:44 PM
Last accessed : 6/28/2004 10:54:36 PM
Last modified : 7/30/2002 7:40:44 PM

#:16 [regsrvc.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:06 PM
BasePriority : Normal
FileSize : 120 KB
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
OriginalFilename : RegSrvc.EXE
ProductName : RegSrvc Module
Created on : 6/20/2003 12:54:18 PM
Last accessed : 6/28/2004 10:50:15 PM
Last modified : 6/20/2003 12:54:18 PM

#:17 [javaby.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:19:07 PM
BasePriority : Normal
FileSize : 9 KB
Created on : 5/31/2004 4:33:46 AM
Last accessed : 6/28/2004 11:13:04 PM
Last modified : 5/31/2004 4:33:46 AM
Warning! CoolWebSearch object found in memory(C:\WINDOWS\system32\javaby.exe)

CoolWebSearch Object recognized!
Type : Process
Data : javaby.exe
Object : C:\WINDOWS\system32\
FileSize : 9 KB
Created on : 5/31/2004 4:33:46 AM
Last accessed : 6/28/2004 11:13:04 PM
Last modified : 5/31/2004 4:33:46 AM


Warning! "javaby.exe"Process could not be terminated!

#:18 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:23 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 3.0.0.2311
ProductVersion : 7.0.0.2311
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 1/1/1980 6:00:00 AM
Last accessed : 6/28/2004 11:06:39 PM
Last modified : 10/28/2003 12:56:38 AM

#:19 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ThreadCreationTime : 6-28-2004 11:19:24 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 5.4.101.118
ProductVersion : 5.4.101.118
Copyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
OriginalFilename : Apoint.exe
ProductName : Alps Pointing-device Driver
Created on : 1/1/1980 6:00:00 AM
Last accessed : 6/28/2004 11:06:11 PM
Last modified : 8/21/2003 2:24:04 AM

#:20 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:25 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 7/17/2002 4:18:06 PM
Last accessed : 6/28/2004 11:06:36 PM
Last modified : 7/17/2002 4:18:06 PM

#:21 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 6-28-2004 11:19:28 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
Copyright : Copyright © 2001,2002, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 12/17/2002 6:28:00 PM
Last accessed : 6/28/2004 11:06:11 PM
Last modified : 12/17/2002 6:28:00 PM

#:22 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ThreadCreationTime : 6-28-2004 11:19:29 PM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
Copyright : Copyright © Symantec Corporation 1991-2002
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
ProductName : Symantec AntiVirus
Created on : 7/30/2002 7:35:04 PM
Last accessed : 6/28/2004 11:06:11 PM
Last modified : 7/30/2002 7:35:04 PM

#:23 [five dead each.exe]
FilePath : C:\PROGRA~1\PLANHI~1\
ThreadCreationTime : 6-28-2004 11:19:31 PM
BasePriority : Normal
FileSize : 189 KB
Created on : 4/1/2004 1:32:19 AM
Last accessed : 6/28/2004 11:06:12 PM
Last modified : 6/16/2004 3:34:35 AM

#:24 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 3\
ThreadCreationTime : 6-28-2004 11:19:31 PM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright © 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 6/16/2004 3:34:23 AM
Last accessed : 6/28/2004 11:19:31 PM
Last modified : 6/16/2004 3:34:22 AM

#:25 [apiot32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-28-2004 11:19:32 PM
BasePriority : Normal
FileSize : 26 KB
Created on : 6/16/2004 9:47:05 PM
Last accessed : 6/28/2004 11:13:04 PM
Last modified : 6/16/2004 9:47:05 PM

#:26 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ThreadCreationTime : 6-28-2004 11:19:41 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
Copyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
OriginalFilename : ApntEx.exe
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
Created on : 1/1/1980 6:00:00 AM
Last accessed : 6/28/2004 11:19:41 PM
Last modified : 2/26/2003 5:08:42 PM

#:27 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 6-28-2004 11:19:45 PM
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright © Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 5/28/2004 7:22:04 PM
Last accessed : 6/28/2004 10:50:16 PM
Last modified : 5/28/2004 7:22:04 PM

#:28 [olu513r.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:53 PM
BasePriority : Normal
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM
Warning! Rads01.Quadrogram object found in memory(C:\WINDOWS\System32\Olu513R.exe)

Rads01.Quadrogram Object recognized!
Type : Process
Data : olu513r.exe
Object : C:\WINDOWS\System32\
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM


"olu513r.exe"Process terminated successfully.

#:29 [wryu.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-28-2004 11:19:54 PM
BasePriority : Normal
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM
Warning! Rads01.Quadrogram object found in memory(C:\WINDOWS\System32\Wryu.exe)

Rads01.Quadrogram Object recognized!
Type : Process
Data : wryu.exe
Object : C:\WINDOWS\System32\
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM


"wryu.exe"Process terminated successfully.

#:30 [mozilla.exe]
FilePath : C:\Program Files\Mozilla\
ThreadCreationTime : 6-28-2004 11:20:53 PM
BasePriority : Normal
FileSize : 139 KB
FileVersion : 1.4: 2003062408
ProductVersion : 1.4: 2003062408
Copyright : License: MPL 1.1/GPL 2.0/LGPL 2.1
CompanyName : Mozilla, Netscape
FileDescription : Mozilla
InternalName : apprunner
OriginalFilename : mozilla.exe
ProductName : Mozilla
Created on : 3/1/2004 10:59:18 PM
Last accessed : 6/28/2004 11:20:53 PM
Last modified : 6/24/2003 7:49:00 PM

#:31 [hijackthis.exe]
FilePath : C:\tmp\HiJackThis\
ThreadCreationTime : 6-28-2004 11:21:12 PM
BasePriority : Normal
FileSize : 157 KB
FileVersion : 1.97.0007
ProductVersion : 1.97.0007
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
OriginalFilename : HijackThis.exe
ProductName : HijackThis
Created on : 11/18/2003 8:00:50 PM
Last accessed : 6/28/2004 11:21:12 PM
Last modified : 11/18/2003 8:00:50 PM

#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 6-28-2004 11:24:54 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 3/30/2004 7:43:24 PM
Last accessed : 6/28/2004 11:05:11 PM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 3
Objects found so far: 3


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 3


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://mysearchnow.com/passthrough/index.html?http://res://lxhee.dll/index.html#37049"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://mysearchnow.com/passthrough/index.html?http://res://lxhee.dll/index.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://lxhee.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://lxhee.dll/index.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://lxhee.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://lxhee.dll/index.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagemysearchnow.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://mysearchnow.com/passthrough/index.html?http://res://lxhee.dll/index.html#37049"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://mysearchnow.com/passthrough/index.html?http://res://lxhee.dll/index.html#37049"


CoolWebSearch Object recognized!
Type : RegValue
Data : c:\windows\system32\javaby.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : javaby.exe


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 5
Objects found so far: 8


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for C:\Adobe Illustrator Installer\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 8

Disk scan result for C:\DELL\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 8

Tracking Cookie Object recognized!
Type : File
Data : xin@ayb.lop[1].txt
Object : C:\Documents and Settings\xin\Cookies\

Created on : 6/28/2004 11:20:20 PM
Last accessed : 6/28/2004 11:20:20 PM
Last modified : 6/28/2004 11:20:20 PM



Disk scan result for C:\Documents and Settings\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Application Data\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Cookies\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Desktop\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\doc\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\dvipdfm\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\dvips\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Favorites\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\ghostscript\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Local Settings\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\miktex\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\My Documents\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\NetHood\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\pdftex\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\PrintHood\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\psutils\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Recent\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\SendTo\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Start Menu\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\Templates\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\tpm\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\UserData\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\WINDOWS\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Documents and Settings\xin\WLANProfiles\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\DRIVERS\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\games\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\gs\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\I386\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\IME\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\lj4300pcl6win2kxp\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\movie\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\My Downloads\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\My Music\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\pqmagic\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\Program Files\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

Disk scan result for C:\RECYCLER\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9

CoolWebSearch Object recognized!
Type : File
Data : a0033766.exe
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP135\
FileSize : 9 KB
Created on : 6/11/2004 10:51:35 PM
Last accessed : 6/28/2004 11:01:09 PM
Last modified : 6/11/2004 10:51:35 PM



Disk scan result for C:\System Volume Information\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 10

Disk scan result for C:\test\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 10

Disk scan result for C:\tmp\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 10

Disk scan result for C:\user\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 10

CoolWebSearch Object recognized!
Type : File
Data : pyzrm.dat
Object : C:\WINDOWS\
FileSize : 11 KB
Created on : 6/28/2004 2:16:11 PM
Last accessed : 6/28/2004 11:13:03 PM
Last modified : 6/28/2004 2:16:11 PM



Rads01.Quadrogram Object recognized!
Type : File
Data : fkke1.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM



Rads01.Quadrogram Object recognized!
Type : File
Data : ghldu5f.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM



CoolWebSearch Object recognized!
Type : File
Data : lxhee.dll
Object : C:\WINDOWS\SYSTEM32\
FileSize : 69 KB
Created on : 6/8/2004 11:05:09 AM
Last accessed : 6/28/2004 11:39:45 PM
Last modified : 6/8/2004 11:05:09 AM



Rads01.Quadrogram Object recognized!
Type : File
Data : ouu2.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM



Rads01.Quadrogram Object recognized!
Type : File
Data : yrfddyf.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 228 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : Kern32
OriginalFilename : Kern32.exe
ProductName : Kern32
Created on : 6/28/2004 11:07:58 PM
Last accessed : 6/28/2004 11:07:58 PM
Last modified : 6/28/2004 11:07:58 PM



Disk scan result for C:\WINDOWS\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 16

Disk scan result for C:\WUTemp\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 16


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SYSTEM\CurrentControlSet\Services\__NS_Service_3


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 4
Objects found so far: 20


7:40:10 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:15:10:649
Objects scanned :199286
Objects identified :20
Objects ignored :0
New objects :20

=========================
and the HijackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 7:12:29 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PLANHI~1\Five dead each.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla\mozilla.exe
C:\WINDOWS\System32\YrfddyF.exe
C:\WINDOWS\System32\FkkE1.exe
C:\tmp\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lxhee.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.h...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lxhee.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lxhee.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ??
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {03A2D7B5-7F29-C057-69BA-28A6D6BFD1C8} - C:\WINDOWS\system32\syscy32.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\VmuCvb.exe
O4 - HKLM\..\Run: [dart pile] C:\PROGRA~1\PLANHI~1\Five dead each.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...38047.664525463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vs...03C00/setup.exe
O16 - DPF: {E3489C0D-D07D-4281-A4A7-ADA8E9A0893F} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

The IE homepage keeps changing.
Can anyone help me?

Thanks

BC AdBot (Login to Remove)

 


#2 Lobos

Lobos

  • Members
  • 317 posts
  • OFFLINE
  •  
  • Location:California USA
  • Local time:02:31 PM

Posted 28 June 2004 - 06:51 PM

please donot double post refer back to your original post

http://www.bleepingcomputer.com/forums/ind...p?showtopic=886

Thank you

Lobos
<span style='color:blue'>Ad-Aware SE</span> | Spybot S&D 1.4

For extra protection try spyware blaster

<span style='color:blue'>If you use IE I suggest using these two programs</span> MVPHosts & IE-SPYAD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users