|
| ||
| Search Engines (i.e., Google/Yahoo) Hijacked Thanks in advance for any assistance you can provide me! When I perform a search in Google or Yahoo (i.e. using IE or Firefox) and click on the results, I get redirected to other websites that have nothing to do with the original search. Most of the pages I have been redirected to have been random security web pages or the yellow-pages. So far, everything I have tried has failed to clear my system of the problem; e.g., antivirus (Norton & AVG), Combofix, Stopzilla, etc. Any ideas or instructions would be very much appreciated. Thank you! Please see below for all of the logs that were requested in the "Read Me Before Posting A Request For Assistance" thread: MalwareBytes' Anti-Malware Log Malwarebytes' Anti-Malware 1.34 Database version: 1766 Windows 5.1.2600 Service Pack 3 2/16/2009 2:43:43 PM mbam-log-2009-02-16 (14-43-43).txt Scan type: Full Scan (C:\|D:\|G:\|) Objects scanned: 155110 Time elapsed: 46 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 34 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\DRIVERS\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaasjcakqf.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaayqfqpoa.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekacsssucth.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekactyoauxc.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekacymhpaqv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaeltenlkx.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekafcimmqoi.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekafhrmkvac.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaftayhlcg.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaftrvwhwh.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekagdjnsgif.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekahqlwjjiu.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekajjnpymgv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekajkegyyqr.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekakqftllii.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekakstlyfai.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekakyrjgvhp.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekamhgadgth.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekamoeiacvr.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekamsiyebfm.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekapmsjdmvq.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaqfmbndim.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekaqhubknwg.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekarcohyuri.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekardvdgtts.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekarkgsyvjg.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekatodslamf.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekavnagrtkq.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekawevemkky.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekawgvhgiga.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\senekayvcoggxe.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\senekaefefeauf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\senekanuhyiodl.dat (Trojan.Agent) -> Quarantined and deleted successfully. ESET Online Scanner Log # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3857 (20090216) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=52d3b314eae05c47877b0eeb0344196b # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2009-02-16 10:07:06 # local_time=2009-02-16 04:07:06 (-0600, Central Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=296788 # found=1 # scan_time=3899 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopAtHome.zip Win32/Bagle.gen.zip worm 8B54094B793080A012B6832902B3589B Uninstall List ABBYY FineReader 5.0 Sprint Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0.8 Adobe Shockwave Player Apple Mobile Device Support Apple Software Update AsfTools 3.1 (remove only) AusLogics Disk Defrag Automate Your Business Plan AVG Free 8.0 BCM V.92 56K Modem BitTornado 0.3.7 Bonjour CIA Test Prep Classic PhoneTools DC++ (remove only) DD Tournament Poker 1.1 DecodePro v1.1 Dell | Support Dell Modem-On-Hold Dell Picture Studio - Dell Image Expert Dell Solution Center Digital Line Detect DivX Codec DivX Converter DivX Player DivX Web Player Easy CD & DVD Creator 6 EO Video 1.36 ESET Online Scanner ExamMatrix Classroom For One - CISA ExtractNow Gleim's CIA Test Prep 11th Edition Half-Life: Counter-Strike HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) HP Imaging Device Functions 9.0 HP Photosmart Cameras 9.0 HP Photosmart Essential 3.5 HP Product Assistant HP Solution Center 9.0 HP Update InterActual Player iTunes Java 2 Runtime Environment Standard Edition v1.3.1_04 Java(TM) 6 Update 11 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Lexmark X74-X75 LiveReg (Symantec Corporation) LiveUpdate 2.0 (Symantec Corporation) Logitech Desktop Messenger Logitech MouseWare 9.42 .1 Logitech Resource Center Logitech User's Guide Lyra Personal Audio Player (RD1021/1071/1075) Malwarebytes' Anti-Malware MaxBlast 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft ActiveSync 4.0 Microsoft Data Access Components KB870669 Microsoft Interactive Training Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Office XP Professional Microsoft Publisher 2002 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable mIRC MobileMe Control Panel Modem Helper Mozilla Firefox (3.0.6) Mpeg Layer3 Codec FHG-Radium v1.263 MSN Messenger 7.0 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML4 Parser MUSICMATCH® Jukebox Nav Subscription year 2002 - 2003 for Win95 to XP NETGEAR WG311v3 PCI Adapter Nic's XviD Decoder Nikon Message Center NVIDIA Windows 2000/XP Display Drivers Opera 9.63 OTOY Paint Shop Pro 7 PictureProject PictureProject In Touch Downloader 1.0 PowerDVD PRO200WL QuickTime Radio@Netscape Plus RealPlayer Return to Castle Wolfenstein Safari Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB960715) Shockwave Sound Blaster Live! Value Steam STOPzilla TBS WMP Plug-in Ulead Straight-to-Disc SDK Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) VC 9.0 Runtime Viewpoint Manager (Remove Only) Virtools 3D Life Player WinAce Archiver Windows Media Format Runtime Windows XP Service Pack 3 WinFast TV USB II(Driver) WinPcap 3.1 beta3 WinZip WM Recorder 9.0 Xvid 1.1.3 final uninstall ZoneAlarm HighJackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:14:04 PM, on 2/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.imageservr.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.storageguardsoft.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1486c2c47e1ab33...p/RdxIE601.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 12217 bytes |
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked Have a look at this link for a possible solution: http://en.allexperts.com/q/Computer-...ESSAGE-HJT.htm I haven't the time to fully analyse your HJT log but these come to mind as malicious: O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll |
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked Thanks for the reply. I deleted the O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file), but it did not correct the issue. I ran the LSPfix and tried to delete the is3lsp.dll file as directed from the link you provided, but it will not let me delete the file. States that access is denied because it is being used by another program. |
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked You have a very infected computer. You also have STOPzilla installed which, frankly ranks as just a "so-so" program. Those O10's are likely from that program, cannot be certain but found several references to it. Frankly, I would UNINSTALL it anyway, obviously did you no good whatsoever. Every site listed on your log as a Trusted Site is a nasty one. I would recommend that you do the following, after getting rid of that STOPzilla program. Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. Once the download is complete you will see the Combofix on the desktop. * Close all open Windows including this one. * Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Doubleclick the combofix icon on the desktop to run the program. Windows will issue a prompt asking whether you wish to run the program, click Run You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer. Now just sit back and allow the program to run Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When ComboFix has finished running, you will see a screen stating that it is preparing the log report. This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. When all is complete then please post back here with that log. |
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked Thanks for the reply. I uninstalled Stopzilla as requested. I had purchased it hoping it would get rid of the problem, but it did not and it was a major resource hog on startup. After running the combofix, I also ran HJT again and "fixed" the Trusted Zones that were listed above. I believe HJT removed them. It seems that Explorer has corrected, but Firefox still redirects. I will post the combofix log and the latest HJT log. Thanks so much for the assistance! Combo Log: ComboFix 09-02-17.02 - Anonymous 2009-02-18 17:07:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.614 [GMT -6:00] Running from: c:\documents and settings\Anonymous\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: ZoneAlarm Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\dialers c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\tmp.reg c:\windows\system32\uninstall.exe c:\windows\system32\uniq.tll c:\windows\system32\wanpacket.dll c:\windows\system32\winlogon2.exe c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 ))))))))))))))))))))))))))))))) . 2009-02-17 19:30 . 2009-02-17 19:30 664 --a------ c:\windows\SYSTEM32\d3d9caps.dat 2009-02-17 18:05 . 2009-02-17 18:20 <DIR> d-------- c:\program files\Unlocker 2009-02-16 15:00 . 2009-02-16 16:07 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-02-16 13:34 . 2009-02-16 13:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-16 13:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-02-16 13:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-02-15 08:59 . 2009-02-15 08:59 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-15 02:58 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll 2009-02-15 02:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\SYSTEM32\muweb.dll 2009-02-15 02:58 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui 2009-02-14 12:02 . 2009-02-14 12:02 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-02-13 16:17 . 2009-02-13 16:17 <DIR> d-------- c:\program files\ABBYY FineReader 5.0 Sprint 2009-02-13 16:13 . 2009-02-13 16:27 <DIR> d-------- c:\program files\Lexmark X74-X75 2009-02-12 20:44 . 2009-02-12 20:44 <DIR> d-------- c:\program files\Opera 2009-02-10 16:19 . 2009-02-10 16:19 <DIR> d-------- c:\program files\Trend Micro 2009-02-10 16:14 . 2009-02-17 06:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard 2009-02-10 16:09 . 2009-02-10 16:09 <DIR> d-------- c:\program files\Common Files\iS3 2009-02-10 16:09 . 2009-02-18 12:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-02-09 16:29 . 2009-02-09 16:30 <DIR> d-------- c:\windows\ERUNT 2009-02-09 16:15 . 2009-02-10 17:48 <DIR> d-------- C:\SDFix 2009-02-07 09:34 . 2009-02-18 08:02 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg 2009-02-07 09:34 . 2009-02-07 09:34 325,128 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys 2009-02-07 09:34 . 2009-02-07 09:34 107,272 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys 2009-02-07 09:34 . 2009-02-07 09:34 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll 2009-02-07 09:20 . 2009-02-08 09:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-06 21:35 . 2009-02-06 21:35 <DIR> d-------- c:\program files\Alwil Software 2009-02-06 20:23 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\SYSTEM32\zpeng25.dll 2009-02-06 15:22 . 2009-02-18 03:40 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-02-06 14:38 . 2009-02-06 14:38 <DIR> d-------- c:\program files\AVG 2009-02-06 14:38 . 2009-02-07 09:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-02-06 13:39 . 2009-02-06 13:40 4,108 --a------ c:\windows\wininit.ini 2009-02-06 12:56 . 2009-02-08 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-05 18:20 . 2009-02-05 18:20 <DIR> d-------- c:\program files\Auslogics 2009-02-05 18:20 . 2009-02-05 18:20 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\Auslogics 2009-02-05 16:10 . 2009-02-05 16:10 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\Malwarebytes 2009-02-05 16:10 . 2009-02-05 16:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-05 15:36 . 2009-02-10 18:07 1,104 --a------ c:\windows\dlblkbtv . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-16 16:56 --------- d-----w c:\documents and settings\Anonymous\Application Data\COWON 2009-02-16 16:55 --------- d-----w c:\program files\HiDownload 2009-02-16 16:55 --------- d-----w c:\program files\CoCSoft Stream Down 2009-02-13 22:30 --------- d-----w c:\program files\Google 2009-02-11 00:23 --------- d-----w c:\program files\Viewpoint 2009-02-11 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-02-07 04:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-07 03:33 --------- d-----w c:\program files\Norton AntiVirus 2009-02-07 03:32 --------- d-----w c:\program files\Symantec 2009-02-06 00:19 --------- d-----w c:\program files\Lavasoft 2009-02-06 00:19 --------- d-----w c:\documents and settings\Anonymous\Application Data\Lavasoft 2009-01-28 00:37 --------- d-----w c:\program files\WinAce 2009-01-01 16:22 --------- d-----w c:\program files\Bonjour 2008-12-23 00:16 --------- d-----w c:\documents and settings\Anonymous\Application Data\DivX 2008-12-23 00:14 --------- d-----w c:\program files\DivX 2008-09-05 16:52 64,712 ----a-w c:\documents and settings\Anonymous\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 22:09 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112] "AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400] "MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 35328] "Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 53248] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe] "nwiz"="nwiz.exe" [2002-09-26 c:\windows\SYSTEM32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-09-20 45056] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Logitech Desktop Messenger.lnk - c:\program files\Desktop Messenger\8876480\Program\LDMConf.exe [2002-09-26 156160] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] NETGEAR WG311v3 Smart Wizard.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-08-14 1078] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-05-30 118784] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-07 09:34 10520 c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "msacm.ctmp3"= c:\windows\System32\ctmp3.acm "aux1"= ctwdm32.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2009-02-07 09:34 1601304 c:\progra~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] --a------ 2003-05-13 15:07 319488 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] --a------ 2003-05-21 23:20 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] --a------ 2003-05-01 17:44 65536 c:\program files\Common Files\Roxio Shared\System\EngUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8wd"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-02-07 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-02-07 107272] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652] S3 PacketNTx;Packet helper driver;c:\windows\SYSTEM32\DRIVERS\PacketNTx.sys [2003-10-12 24544] S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-07 298264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-18 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-01-02 14:20] . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) HKCU-Run-Steam - (no file) HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: antimalwareguard.com Trusted Zone: gomyhit.com Trusted Zone: imageservr.com Trusted Zone: imagesrvr.com Trusted Zone: storageguardsoft.com Trusted Zone: antimalwareguard.com Trusted Zone: gomyhit.com Trusted Zone: imageservr.com Trusted Zone: imagesrvr.com Trusted Zone: storageguardsoft.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Anonymous\Application Data\Mozilla\Firefox\Profiles\3vvwm0mb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** disk not found C:\ please note that you need administrator rights to perform deep scan scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???????????x:??(???x???@???X???????????@???P????(?w'(?w????????????(???y??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e????? scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1333191943-2008529862-3894602836-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000007 [HKEY_USERS\S-1-5-21-1333191943-2008529862-3894602836-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000003 "State"=dword:00000003 [HKEY_USERS\S-1-5-21-1333191943-2008529862-3894602836-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000002 "State"=dword:00000003 [HKEY_USERS\S-1-5-21-1333191943-2008529862-3894602836-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:00000003 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(628) c:\windows\system32\MrvGINA.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\SYSTEM32\nvsvc32.exe c:\windows\SYSTEM32\wdfmgr.exe c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe c:\windows\SYSTEM32\devldr32.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\program files\Lexmark X74-X75\lxbbbmon.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\NETGEAR\WG311v3\wlancfg5.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SYSTEM32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-18 17:15:00 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-18 23:14:57 Pre-Run: 43,007,516,672 bytes free Post-Run: 42,895,081,472 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 283 --- E O F --- 2009-02-15 15:03:58 Latest HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:07:06 PM, on 2/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Opera\opera.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 11202 bytes |
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked Try this; Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2
|
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked Thanks for all the help everyone! It appears to be corrected. Once I got IE working properly and rid of all the infections it was strange that Firefox was continuing to redirect. I opened it in safe mode and it worked just fine. I then did some troubleshooting through safe mode (i.e., turned off all add-ons) and it now works correctly. I am still not having any problems with IE, so fingers crossed, all the infections appear to be removed. Thanks again, I really appreciate it! GooredFix was my next step, but it seems to be corrected so I will hold off unless it starts up again. |
| ||
| Re: Search Engines (i.e., Google/Yahoo) Hijacked O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll All the above entries are legitimate. They are STOPzilla related. 010 entries should NEVER be fixed by Hijackthis. Loss of Internet connection may result. |
| All times are GMT -4. The time now is 1:13 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC