Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: homepage hijacked by: http://awesomehomepage.com/newsletter.php?list=positivethoughts

  1. #11
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    I have not deleted any files except the ones you instructed me to. I tried to access internet explorer without addons but no success.

  2. #12
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Well, actually you did delete some entries I didn't ask to delete though...

    From your first HijackThislog:

    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchToolBHO - {A23BF7EF-4A12-4799-B9CD-72C36EE21983} - C:\Program Files\SearchTool\SearchTool.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    Your second HijackThislog:

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    You have been fixing entries in HijackThis that were legitimate.

    So, open your HijackThis, select the option backups there and select to restore next entries:

    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    then reboot your computer.

  3. #13
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Also restore these please:

    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    Because you have been fixing them as well.

    After some research, the error you are getting is related with the MSN Toolbar Suite - and you have been fixing these entries in HijackThis.
    Same problem here: http://forums.spybot.info/showthread.php?t=8034

  4. #14
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    the only item i found in the backup list was dsweballow. all the others you mentioned are not in the list. i will have a look at the wepage in the forum that you suggested

  5. #15
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Anyway, what I also suggest is, from the computer you're on now - where you can get on the Internet with Internet Explorer, download Firefox: http://www.mozilla-europe.org/nl/products/firefox/
    Then put the Firefox installer on USB stick or CD and transfer it to the other computer.
    Install Firefox there. That's another browser - so with that one you should be able to surf.

    then also post the logs I asked (Combofix log and a new HijackThislog), so I can see what else is now missing from your HijackThislog.

  6. #16
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    i have installed firefox and am now communicating with you from the pc that has problems.

    this is the combofix logfile you had asked for:

    ComboFix 07-08-30.3 - "lina" 2007-09-04 15:56:47.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.89 [GMT 2:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\SearchTool
    C:\Program Files\SearchTool\SearchTool.dll
    C:\Program Files\WinUpdater
    C:\Program Files\WinUpdater\Temp\license.txt
    C:\Program Files\WinUpdater\update.exe


    ((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


    2007-09-04 01:02 <DIR> d-------- C:\Program Files\ACW
    2007-09-03 22:23 <DIR> d-------- C:\WINDOWS\system32\backuped
    2007-09-03 22:23 <DIR> d-------- C:\Program Files\True Sword 4
    2007-09-03 22:23 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\True Sword
    2007-09-02 23:30 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-09-02 22:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-09-02 09:58 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\Uniblue
    2007-08-30 17:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-08-30 17:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-08-30 14:27 <DIR> d-------- C:\Program Files\Safer Networking
    2007-08-30 11:25 3,188 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-30 03:57 <DIR> d-------- C:\Program Files\Trend Micro
    2007-08-30 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-30 00:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-08-29 12:48 <DIR> d-------- C:\Program Files\HUMAX ZORRO TOOLBOX V2
    2007-08-21 20:43 <DIR> d-------- C:\Program Files\Web Page Maker V2
    2007-08-21 20:43 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\Web Page Maker V2
    2007-08-18 14:07 <DIR> d-------- C:\Program Files\Humax Digital
    2007-08-18 13:56 <DIR> d-------- C:\Program Files\Change to 5400z_plus
    2007-08-18 13:56 43,520 --a------ C:\WINDOWS\system32\HBuilder.exe
    2007-08-18 13:56 2,764 --a------ C:\WINDOWS\system32\PQB.bat
    2007-08-18 13:56 191 --a------ C:\WINDOWS\system32\pls.reg
    2007-08-15 10:14 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-08-15 09:26 <DIR> d-------- C:\Program Files\Florikey V4.0 Beta


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-03 21:45 --------- d-------- C:\Program Files\Windows Desktop Search
    2007-09-01 16:28 --------- d-------- C:\Program Files\The Cleaner
    2007-09-01 01:33 --------- d-------- C:\Program Files\Windows Live Toolbar
    2007-08-30 04:20 --------- d-------- C:\Program Files\XoftSpySE
    2007-08-18 13:57 --------- d-------- C:\Program Files\Florikey
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-09 19:19 --------- d-------- C:\Program Files\Easy Outlook Express Backup
    2007-07-05 14:32 --------- d-------- C:\Program Files\Pat Sajak's Lucky Letters
    2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-24 11:46 737280 --a--c--- C:\WINDOWS\iun6002.exe
    2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2001-11-23 12:08 712704 --a--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL


    ((((((((((((((((((((((((((((( snapshot_2007-09-02_233553.96 )))))))))))))))))))))))))))))))))))))))))

    ----a-w 81,920 2003-06-06 09:21:56 C:\WINDOWS\eSellerateControl350.dll
    ----a-w 356,352 2005-10-11 12:40:52 C:\WINDOWS\eSellerateEngine.dll
    -c--a-w 17,408 2003-03-31 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\PSAPIOLD.DLL
    -c--a-w 23,040 2004-08-03 22:56:46 C:\WINDOWS\ServicePackFiles\i386\PSAPIOLD.DLL
    ----a-w 227,639 2007-09-04 13:59:24 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    ----atw 16,384 2007-09-04 14:00:49 C:\WINDOWS\Temp\Perflib_Perfdata_188.dat
    ----atw 16,384 2007-09-04 07:26:09 C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
    ----atw 16,384 2007-09-02 23:06:53 C:\WINDOWS\Temp\Perflib_Perfdata_884.dat

    ----a-w 227,626 2007-09-02 21:17:02 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    -c--atw 16,384 2006-06-22 10:04:28 C:\WINDOWS\Temp\Perflib_Perfdata_188.dat
    -c--atw 16,384 2006-05-18 14:35:39 C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
    ----atw 16,384 2007-07-04 10:32:14 C:\WINDOWS\Temp\Perflib_Perfdata_884.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "eTrust PestPatrol Active Protection"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2004-09-27 07:09]
    "DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 17:52]
    "Cmaudio"="cmicnfg.cpl" []
    "BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-23 11:13]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-15 08:58]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 14:17]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 02:18 49152]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
    R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys
    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys
    R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys
    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys
    S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
    RApcss RpcSs


    Contents of the 'Scheduled Tasks' folder
    2007-09-04 13:38:00 C:\WINDOWS\Tasks\TC_update.job - C:\Program Files\The Cleaner\cleaner.exe
    2007-05-08 21:10:13 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
    2007-09-04 07:26:33 C:\WINDOWS\Tasks\XoftSpySE 2.job
    2007-09-01 08:46:45 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-04 16:01:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-04 16:03:45 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-04 16:03
    C:\ComboFix2.txt ... 2007-09-04 15:32
    C:\ComboFix3.txt ... 2007-09-04 15:08

    --- E O F ---

    This is the HJT file :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:12:19, on 04/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.elvira.int.tc
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-73586283-746137067-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-73586283-746137067-682003330-1003 Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe (User '?')
    O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1147730576500
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147730668375
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    --
    End of file - 7724 bytes

  7. #17
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    Well, the malware is gone here now.
    Now it's a matter of restoring getting rid of that error in Internet Explorer after you have been fixing these legitimate entries.

    What I suggest is, Uninstall Windows Desktop search. Read the instructions here how to do this: (Under the part Uninstalling Windows Desktop search)
    http://www.microsoft.com/technet/pro...dtstshoot.mspx

    In case you're having problems with uninstalling it, first try to reinstall it again on top of the corrupted one.
    If that fails as well read this:
    http://forums.microsoft.com/MSDN/Sho...60925&SiteID=1

    But once again, and as I already asked you previously, please disable Teatimer, because it may interfere with deletions, uninstalls etc...
    Last edited by miekiemoes; 2007-09-04 at 20:37.

  8. #18
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    First I uninstalled spybot until i fix this prob. then i managed to uninstall windows desktop search from control panel - add/remove programs.

    the problem of homepage hijacked is solved, but i still have the other problems, except that the window about windows desktop search tray admin is gone.

    what advice do you give me next, please?

  9. #19
    Visiting Fellow miekiemoes's Avatar
    Join Date
    Oct 2005
    Location
    belgium
    Posts
    252

    Default

    but i still have the other problems
    What other problems do you mean here?

  10. #20
    Junior Member
    Join Date
    Aug 2007
    Posts
    23

    Default

    when i start up the computer the tray at the bottom of the monitor does not work as it used to, example: web windows disappear when i minimize,etc, system restore does not function. if i try to use it, a window comes up saying that system restore is not able to protect my computer. Also when i open a folder i cannot move files from it. there are many other problems.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •