Re: Cannot open search page
From: H Leboeuf (NoAddress_at_generation.invalid)
Date: 02/05/04
- Next message: H Leboeuf: "Re: Can't open multiple IE Windows"
- Previous message: BS: ""Pin to Start Menu""
- In reply to: Melissa: "Re: Cannot open search page"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 5 Feb 2004 09:47:03 -0500
Winlogon = trojan.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hazzer.html
Smss = trojan
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.f.html
-- There may be others, so update your Virus definition table and clean your computer. Henri Leboeuf Web page: http://www.generation.net/~hleboeuf/index.htm "Melissa" <anonymous@discussions.microsoft.com> wrote in message news:8ADD45F3-2E24-4D4C-B6CF-81EACF2EF89A@microsoft.com... > Same problem....any help would be greatly appreciated! > > Logfile of HijackThis v1.97.7 > Scan saved at 9:31:14 PM, on 2/2/2004 > Platform: Windows XP SP1 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) > > Running processes: > C:\WINNT\System32\smss.exe > C:\WINNT\system32\winlogon.exe > C:\WINNT\system32\services.exe > C:\WINNT\system32\lsass.exe > C:\WINNT\system32\svchost.exe > C:\WINNT\System32\svchost.exe > C:\WINNT\system32\spoolsv.exe > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe > C:\WINNT\System32\CTsvcCDA.exe > C:\Program Files\Norton AntiVirus\navapsvc.exe > C:\WINNT\System32\nvsvc32.exe > C:\WINNT\System32\svchost.exe > C:\WINNT\wanmpsvc.exe > C:\WINNT\Explorer.EXE > C:\Program Files\Common Files\Symantec Shared\ccApp.exe > C:\WINNT\System32\SK9910DM.EXE > C:\WINNT\System32\RUNDLL32.EXE > C:\WINNT\System32\devldr32.exe > C:\Program Files\America Online 9.0\aoltray.exe > C:\Program Files\AOL Companion\companion.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\America Online 9.0\waol.exe > C:\Program Files\America Online 9.0\shellmon.exe > C:\Program Files\Internet Explorer\iexplore.exe > C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe > C:\Program Files\Microsoft Money\System\urlmap.exe > C:\Documents and Settings\Thomas Smith\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.illiniboard.com/ > R3 - Default URLSearchHook is missing > O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx > O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" > O4 - HKLM\..\Run: [USRpdA] C:\WINNT\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" > O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE > O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit > O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe > O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe > O8 - Extra context menu item: @mediaSEARCH -> Download Files from Page - C:\Program Files\@mediaSEARCH\IEStarter.exe > O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000 > O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm > O9 - Extra button: Messenger (HKLM) > O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) > O9 - Extra button: AIM (HKLM) > O9 - Extra button: Real.com (HKLM) > O9 - Extra button: MoneySide (HKLM) > O9 - Extra button: Messenger (HKLM) > O9 - Extra 'Tools' menuitem: Messenger (HKLM) > O9 - Extra button: Point Alert (HKCU) > O9 - Extra button: mediaSEARCH (HKCU) > O9 - Extra 'Tools' menuitem: mediaSEARCH - Movie&Image Search/Download Software (HKCU) > O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll > O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/DigiClasses/SignedClient.cab > O16 - DPF: Sametime Meeting Toolkit ST25 - https://gateway.cf1live.com/eSupport/static/bin/st/STMeeting25.cab > O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB > O16 - DPF: Talk City EZTalk 3.0 - http://chat.talkcity.com/java/ezmed/ezmed.cab > O16 - DPF: Yahoo! NBA StatTracker - http://aud5.sports.yahoo.com/java/y/nbast8264_x.cab > O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab > O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab > O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB > O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab > O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab > O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe > O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab > O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab > O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB > O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://ziniobeta.earthc.net/images.zinio.com/reader/isetup.cab > O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:\Program Files\Gateway\HelpSpot\StartFirstControl.CAB > O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.gateway.com/support/contact/serial/gwCID.CAB > O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37938.8031481481 > O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.9.0.1.2.cab > O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab > O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/www.contentwatch.com/audit/includes/ContentAuditControl.cab > O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:\Program Files\Gateway\HelpSpot\XPLControl.CAB > O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab > O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab > O17 - HKLM\System\CCS\Services\Tcpip\..\{5A2E03EE-8336-4F64-B1E2-E97B64FDD8D4}: NameServer = 152.163.246.134 > > > > ----- war17 wrote: ----- > > Some search engine may have hijacked your Search. > > 2. Use the following scanners to find and remove the website. > > SpyBot S&D searches your harddisk for so-called spy- or adbots; > http://security.kolla.de/ > or > Adaware > http://www.lavasoftusa.com/software/adaware/ > or > CWShredder > http://www.spychecker.com/program/cwshredder.html > > 3. Some porn websites redirects links to their websites using your HOSTS > file. Do a search for the HOSTS (without extension) file and remove the > entry. > > 4. If still no joy, download HijackThis from Spywareinfo download page > > http://www.spywareinfo.com/downloads.php > > Run the program and you will find many entries. Most are OK. Post the log. I > will find the problem for you. > > 5. For future preventive maintenance, make sure programs cannot just > download on your computer without your permission. From the Internet > Toolbar, go to Tools > Internet Options > Advanced. Make sure "Enable > Install On Demand (Internet Explorer)" and "Enable Install On Demand > (Other)" are unchecked. > > -- > Warren > For additional help, post in > http://groups.msn.com/HelpforInternetExplorerorWindowsME/homepage > > "Chris" <anonymous@discussions.microsoft.com> wrote in message > news:765401c3e847$3b801e40$a101280a@phx.gbl... > > Evry time i try to go to a web page such as www.google.com > > i get an error message saying "Could not open search > > page". and before i see it cycle through lots of domains > > such as .net, .org, .de, .com etc. MSN messanger and > > eveything else work just not IE.6. > > If you know what the problem is please reply. > > THanks > > >
- Next message: H Leboeuf: "Re: Can't open multiple IE Windows"
- Previous message: BS: ""Pin to Start Menu""
- In reply to: Melissa: "Re: Cannot open search page"
- Messages sorted by: [ date ] [ thread ]
