re: Browser hijack Monday, February 18, 2008 at 10:46 am Windows XP Annoyances Discussion Forum Posted by Johnb33 (1602 messages posted) You have an old version of hijackthis. go here and download the new version. http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html?tag=lst-1 Install it and do another system scan and save a logfile. On Monday, February 18, 2008 at 9:49 am, George Cowley wrote: >I ran a few more anti-spyware programs. Prevxcsifree turned up nothing bar 4 items >that it claimed were present but which could not be located where it indicated they >were (snapshot.exe and dmioo.sys). > >CWshredder found nothing. adaware found nothing. AVG found nothing. > >HijackThis found the following: >Logfile of HijackThis v1.99.1 >Scan saved at 11:12:38 AM, on 2/18/2008 >Platform: Windows XP SP2 (WinNT 5.01.2600) >MSIE: Internet Explorer v7.00 (7.00.6000.16608) > >Running processes: >C:\WINDOWS\System32\smss.exe >C:\WINDOWS\system32\winlogon.exe >C:\WINDOWS\system32\services.exe >C:\WINDOWS\system32\lsass.exe >C:\WINDOWS\system32\svchost.exe >C:\WINDOWS\System32\svchost.exe >C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe >C:\WINDOWS\system32\LEXBCES.EXE >C:\WINDOWS\system32\spoolsv.exe >C:\WINDOWS\Explorer.EXE >C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe >C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe >C:\PROGRA~1\Grisoft\AVG7\avgemc.exe >C:\WINDOWS\System32\svchost.exe >C:\PROGRA~1\Grisoft\AVG7\avgcc.exe >C:\WINDOWS\system32\ctfmon.exe >C:\Program Files\FinePixViewer\QuickDCF2.exe >C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe >C:\Program Files\Nikon\PictureProject\NkbMonitor.exe >C:\PROGRA~1\Grisoft\AVG7\avgw.exe >C:\WINDOWS\system32\wuauclt.exe >C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe >C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe >C:\Documents and Settings\Miranda\Desktop\HijackThis.exe > >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html >R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll >O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll >O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program >Files\Yahoo!\Common\yiesrvc.dll >O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll >O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP >O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe >O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet >O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe >O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital >Imaging\bin\hpqtra08.exe >O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe >O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe >O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program >Files\Java\j2re1.4.2\bin\npjpi142.dll >O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} >- C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll >O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program >Files\Yahoo!\Common\yiesrvc.dll >O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll >O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program >Files\Messenger\msmsgs.exe >O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} >- C:\Program Files\Messenger\msmsgs.exe >O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program >Files\Yahoo!\Common\Yinsthelper.dll >O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203181489526 >O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware >2007\aawservice.exe >O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe >O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe >O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe >O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe >O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE >O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program >files\mcafee.com\agent\mcdetect.exe (file missing) >O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe >(file missing) >O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe >(file missing) >O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner >- C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) >O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates >Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe >O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe > >Mcaffee is one ugly sod to remove. I wonder whether MCafee is the virus I'm looking >for. > > > > > > Written in response to: re: Browser hijack (George Cowley: Monday, February 18, 2008 at 9:49 am) There are presently no replies to this message. All messages in this thread [show all] Browser hijack (George Cowley: Sun, Feb 17, 2008, 2:51 pm) re: Browser hijack (Ricer46: Sun, Feb 17, 2008, 2:59 pm) re: Browser hijack (George Cowley: Sun, Feb 17, 2008, 3:01 pm) re: Browser hijack (Johnb33: Sun, Feb 17, 2008, 6:14 pm) re: Browser hijack (George Cowley: Mon, Feb 18, 2008, 9:49 am) re: Browser hijack (Johnb33: Mon, Feb 18, 2008, 10:46 am) re: Browser hijack (Dan Sarandrea, MCSE: Mon, Feb 18, 2008, 9:33 am) re: Browser hijack (George Cowley: Mon, Feb 18, 2008, 10:38 am) re: Browser hijack (Dan Sarandrea, MCSE: Mon, Feb 18, 2008, 2:45 pm) re: Browser hijack (George Cowley: Tue, Feb 19, 2008, 6:56 am) re: Browser hijack (Dan Sarandrea, MCSE: Tue, Feb 19, 2008, 7:29 am) re: Browser hijack (Ari: Tue, Feb 19, 2008, 9:06 am) re: Browser hijack (Dan Sarandrea, MCSE: Tue, Feb 19, 2008, 5:23 pm) re: Browser hijack (Ari: Tue, Feb 19, 2008, 6:12 pm) re: Browser hijack (George Cowley: Wed, Feb 20, 2008, 3:21 pm) re: Browser hijack (Ari: Sun, Feb 17, 2008, 6:56 pm) re: Browser hijack (Kevinh: Mon, Feb 18, 2008, 8:01 am) re: Browser hijack (George Cowley: Mon, Feb 18, 2008, 8:36 am) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum