Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

mysterious browser hijacker

Reply

Join Date: Sep 2007
Posts: 3
Reputation: Rob0 is an unknown quantity at this point 
Solved Threads: 0
Rob0 Rob0 is offline Offline
Newbie Poster

mysterious browser hijacker

 
0
  #1
Sep 2nd, 2007
Hello, I've picked up a browser hijacker that effects only explorer. when I go to a search engine and do a few searches and go to a website, every now and then, my browser goes to some random link. (something like gogle--2, and a Drive cleaner ad are typical). I bought spyware doctor which removed several infections but the problem does not go away.

I found this forum and ran the "Hijackthis" program. I'm tempted to start deleating a few of these myself and I will probably deleat the "unknown files" but I'm not an expert.

Any suggestions?



1 0.0% O10 inetcntrl0002.dll
2 2.5% O16 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
3 1.2% O16 {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
4 0.3% O16 {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
5 0.1% O16 {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
6 0.0% O16 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
7 0.0% O16 {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
8 0.0% O16 {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
9 0.0% O16 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
10 0.0% O16 {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153936615948
11 0.0% O16 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154290655234
12 6.4% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
13 1.4% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
14 0.8% O2 DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
15 0.2% O2 Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
16 0.2% O2 SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
17 0.1% O2 Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
18 0.0% O2 Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
19 0.0% O2 Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
20 0.0% O2 (no name) - {FDED1C12-AD76-613C-344C-A3BD5C6415B2} - C:\PROGRA~1\COMMON~1\System\w_3789.dll
21 0.3% O20 !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
22 5.8% O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
23 5.7% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
24 4.1% O23 Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
25 0.6% O23 Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
26 0.4% O23 DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
27 0.2% O23 YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
28 0.1% O23 VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
29 0.1% O23 CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
30 0.0% O23 LogMeIn - Unknown owner - C:\Program Files\LogMeIn\LogMeIn.exe (file missing)
31 0.0% O23 PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
32 0.0% O23 PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
33 1.5% O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
34 0.3% O3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
35 0.0% O3 Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
36 19.7% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
37 8.8% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
38 5.1% O4 [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
39 4.7% O4 Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
40 3.1% O4 [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
41 2.7% O4 [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
42 1.8% O4 [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
43 1.7% O4 HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
44 1.6% O4 [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
45 1.4% O4 [ehTray] C:\WINDOWS\ehome\ehtray.exe
46 0.8% O4 Digital Line Detect.lnk = ?
47 0.8% O4 [SigmatelSysTrayApp] stsystra.exe
48 0.8% O4 [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
49 0.7% O4 [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
50 0.7% O4 [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
51 0.6% O4 [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
52 0.5% O4 [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
53 0.4% O4 HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
54 0.3% O4 [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
55 0.3% O4 [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
56 0.2% O4 [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
57 0.2% O4 [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
58 0.2% O4 [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
59 0.2% O4 [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
60 0.1% O4 [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
61 0.1% O4 [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
62 0.1% O4 [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
63 0.1% O4 [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
64 0.1% O4 HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
65 0.1% O4 svchost.exe
66 0.0% O4 AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
67 0.0% O4 Palm Registration.lnk = C:\Program Files\Palm\register.exe
68 0.0% O4 [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
69 0.0% O4 wincheck.exe
70 0.0% O4 w_3789.dll
71 0.0% O4 googletools.exe
72 4.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
73 15.8% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
74 15.6% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
75 4.4% O9 Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
76 2.4% O9 Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
77 0.2% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
78 0.1% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
79 0.1% O9 AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
80 0.0% O9 (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
81 0.0% O9 @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
82 30.7% P01 C:\WINDOWS\Explorer.EXE
83 30.0% P01 C:\WINDOWS\system32\svchost.exe
84 30.0% P01 C:\WINDOWS\system32\lsass.exe
85 30.0% P01 C:\WINDOWS\system32\winlogon.exe
86 29.9% P01 C:\WINDOWS\system32\services.exe
87 29.9% P01 C:\WINDOWS\System32\smss.exe
88 28.8% P01 C:\WINDOWS\system32\spoolsv.exe
89 20.9% P01 C:\WINDOWS\system32\ctfmon.exe
90 11.9% P01 C:\Program Files\Internet Explorer\iexplore.exe
91 7.3% P01 C:\WINDOWS\system32\Ati2evxx.exe
92 6.4% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
93 3.5% P01 C:\WINDOWS\system32\csrss.exe
94 3.0% P01 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
95 2.9% P01 C:\WINDOWS\System32\alg.exe
96 2.6% P01 C:\WINDOWS\System32\dllhost.exe
97 2.5% P01 C:\WINDOWS\system32\wbem\wmiprvse.exe
98 2.1% P01 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
99 2.0% P01 C:\WINDOWS\eHome\ehSched.exe
100 1.9% P01 C:\WINDOWS\eHome\ehRecvr.exe
101 1.8% P01 C:\Windows\ehome\ehtray.exe
102 1.8% P01 C:\Windows\ehome\ehmsas.exe
103 1.6% P01 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
104 1.4% P01 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
105 0.9% P01 C:\Program Files\Digital Line Detect\DLG.exe
106 0.8% P01 C:\WINDOWS\stsystra.exe
107 0.7% P01 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
108 0.5% P01 C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
109 0.4% P01 C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
110 0.4% P01 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
111 0.3% P01 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
112 0.3% P01 C:\PROGRA~1\Yahoo!\browser\ycommon.exe
113 0.3% P01 C:\Program Files\DellSupport\DSAgnt.exe
114 0.2% P01 C:\Program Files\BroadJump\Client Foundation\CFD.exe
115 0.2% P01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
116 0.2% P01 C:\WINDOWS\ehome\mcrdsvc.exe
117 0.2% P01 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
118 0.1% P01 C:\PROGRA~1\Yahoo!\YOP\yop.exe
119 0.1% P01 C:\Program Files\Palm\Hotsync.exe
120 0.1% P01 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
121 0.1% P01 C:\Program Files\Yahoo!\Antivirus\ISafe.exe
122 0.1% P01 C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
123 0.1% P01 C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
124 0.1% P01 C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
125 0.1% P01 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
126 0.0% P01 C:\Program Files\Yahoo!\browser\ybrowser.exe
127 0.0% P01 C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
128 0.0% P01 C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ML2DXHHU\HiJackThis[1].exe
129 0.3% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
130 10.7% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
131 0.2% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
132 0.1% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
133 0.1% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
134 0.1% R1 HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
135 0.1% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
136 0.2% R3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
Last edited by blud; Sep 19th, 2007 at 11:17 am. Reason: Removing Name
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 3
Reputation: Rob0 is an unknown quantity at this point 
Solved Threads: 0
Rob0 Rob0 is offline Offline
Newbie Poster

Re: mysterious browser hijacker

 
0
  #2
Sep 2nd, 2007
well, I tried to fix/remove the files that hijackthis reported as "unidentified". A window popped up explaining that I needed an lsp fixer. I got the fixer and it didn't identify the problem. as far as I could tell (which admittedly is not far). It did remove one item but I don't know that that was what hijackthis identified.

I just realized that the above list from the "analyze this" site is not the same as the hijackthis log. here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:31 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ML2DXHHU\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDED1C12-AD76-613C-344C-A3BD5C6415B2} - C:\PROGRA~1\COMMON~1\System\w_3789.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: wincheck.exe
O4 - Startup: w_3789.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: googletools.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: w_3789.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153936615948
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154290655234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\LogMeIn.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12444 bytes
Last edited by blud; Sep 19th, 2007 at 11:17 am.
Reply With Quote Quick reply to this message  
Join Date: Oct 2006
Posts: 730
Reputation: hbk619 is an unknown quantity at this point 
Solved Threads: 7
hbk619's Avatar
hbk619 hbk619 is offline Offline
Master Poster

Re: mysterious browser hijacker

 
0
  #3
Sep 2nd, 2007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
Fix that entry above.

O2 - BHO: (no name) - {FDED1C12-AD76-613C-344C-A3BD5C6415B2} - C:\PROGRA~1\COMMON~1\System\w_3789.dll

^ can probably go.
O4 - Startup: wincheck.exe
O4 - Startup: w_3789.dll
O4 - Global Startup: w_3789.dll
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab

Do you recognise these ones? If not, fix them.

Also try downloading spybot serach and destroy http://www.download.com/3000-8022_4-10401314.html and running that. This should help with the unknown files (which you were right, should go)
I am female. I like wrestling. I am not gay. BITE ME.
I also gaurentee nothing, including spellings and advice :P
Check my profile for large version of avatar. It's worth it ;)
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 3
Reputation: Rob0 is an unknown quantity at this point 
Solved Threads: 0
Rob0 Rob0 is offline Offline
Newbie Poster

Re: mysterious browser hijacker

 
0
  #4
Sep 5th, 2007
Hello, thanks for the suggestions. Unfortunately, the problem is still here. I deleted the items in question and used spybot.

I did not manage to get rid of the unidentified files. I still haven't figured out the slp fix item.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC