Jump to content


Photo

Adware, Malware hijacked browser issue


  • Please log in to reply
3 replies to this topic

#1 jay2004

jay2004

    Member

  • New Member
  • Pip
  • 3 posts

Posted 26 June 2004 - 04:52 PM

Wednesday morning, 6/23/04, my IE browser default homepagr changed to a strange website. I have had it default to Yahoo.com for over a year. I must have visited a few websites on Wednesday or opened an email with an attachment(which my wife did on Wednesday morning, as I just found out)
I ran Norton Antivirus 2004 and Ad-Aware 6.0. Norton and Ad-aware find the files but they can’t delete them all. Norton suggests I go to each file and delete it manually. But when I go to the files--I am not able to delete these in my WINNT folder. So, I am stuck in this circle of futility. My default homepage that continually finds itself in my Homepage settings tab is: res://sltot.dll/index.html#96676

The Norton Antivrus results follow and Norton can’t delete these:

C:\_Restore\Archive\FS6.cab is a Adware threat
C:\_Restore\Temp\A0007111.CPY is a Adware threat
The compressed file iprb32.exe within c:\winnt\system32\ iprb32.exe is a Adware threat
The file c:\winnt\system32\sysgx32.exe is a Adware threat
The compressed file sysgx32.exe within c:\winnt\system32\ sysgx32.exe is a Adware threat

I try to delete these as Norton suggests but the computer won’t let me.

I run these scans on Ad-aware 6.0 and delete files but they still appear after each scan. I have the browser closed when I do the scan. This appears after the scan on Ad-aware:
Vendor: Coolweb Search
Category: Malware
Object: c:\winnt\system32\sysgx32.exe

I have also run theses scans in Safe Mode but alas---the same story as so many other people alongside me: the problem comes back each time!!

I found your forum, downloaded and ran HijackThis and my log is below. I would greatly appreciate some advice as this is Saturday and I am losing my mind over this--thanks
Jay


Logfile of HijackThis v1.97.7
Scan saved at 5:41:41 PM, on 6/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\ipgv32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\WINNT\system32\iprb32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ixlnx.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ixlnx.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ixlnx.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ixlnx.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ixlnx.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ixlnx.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F449B038-0B1D-FC86-347C-1F3F00600A89} - C:\WINNT\system32\ieuf32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [appje32.exe] C:\WINNT\system32\appje32.exe
O4 - HKLM\..\Run: [iprb32.exe] C:\WINNT\system32\iprb32.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" +c
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://windowsupdate.microsoft.com)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8025.3995138889
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADB1CFE5-CAB7-4193-8BE4-92A8228D85CE}: NameServer = 151.203.0.84 151.203.0.85

#2 jay2004

jay2004

    Member

  • New Member
  • Pip
  • 3 posts

Posted 26 June 2004 - 05:00 PM

My Adware LogFile:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Thursday, June 24, 2004 10:19:41 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R324 22.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


6-24-2004 10:19:41 PM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-24-2004 10:36:01 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:08 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:10 PM
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 12/7/1999 4:00:00 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/19/2003 6:05:04 PM

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:10 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 12/7/1999 4:00:00 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 2/25/2004 11:59:08 PM

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:19 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 12/7/1999 4:00:00 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 12/7/1999 4:00:00 PM

#:6 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-24-2004 10:36:19 PM
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 11/10/2003 7:30:12 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 11/10/2003 7:30:12 PM

#:7 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-24-2004 10:36:20 PM
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 11/10/2003 7:30:04 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 11/10/2003 7:30:04 PM

#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:22 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 1/15/2004 12:34:35 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/19/2003 6:05:04 PM

#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 6-24-2004 10:36:22 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 12/7/1999 4:00:00 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 12/7/1999 4:00:00 PM

#:10 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 6-24-2004 10:36:23 PM
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 6/3/2004 11:16:34 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 4/23/2004 3:04:18 PM

#:11 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:28 PM
BasePriority : Normal
FileSize : 66 KB
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 2/8/2004 4:58:38 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/19/2003 6:05:04 PM

#:12 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 6-24-2004 10:36:32 PM
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 11/7/2003 11:46:58 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 11/7/2003 11:46:58 PM

#:13 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:34 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
Copyright : Copyright © Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 2/8/2004 4:57:22 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/19/2003 6:05:04 PM

#:14 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 6-24-2004 10:36:37 PM
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
Copyright : Copyright © 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 2/5/2004 3:30:04 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 2/5/2004 3:30:04 PM

#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 6-24-2004 10:36:38 PM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright © Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 2/8/2004 5:00:09 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/19/2003 6:05:04 PM

#:16 [wros.exe]
FilePath : C:\Program Files\Verizon Online\WinPoET\
ThreadCreationTime : 6-24-2004 10:36:44 PM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 1, 1, 2, 0
ProductVersion : 1, 1, 2, 0
Copyright : Copyright
CompanyName : iVasion, a Routerware Company
FileDescription : WrOS
InternalName : WrOS
OriginalFilename : WrOS.exe
ProductName : WinRouter Operating System
Created on : 1/15/2004 3:58:54 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 4/10/2000 2:41:48 PM

#:17 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:36:45 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 12/7/1999 4:00:00 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 12/7/1999 4:00:00 PM

#:18 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 6-24-2004 10:38:36 PM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 2/8/2004 4:53:07 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/19/2003 6:05:04 PM

#:19 [sysgx32.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:38:41 PM
BasePriority : Normal
FileSize : 9 KB
Created on : 6/24/2004 4:14:42 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/24/2004 4:14:44 PM
Warning! CoolWebSearch object found in memory(C:\WINNT\system32\sysgx32.exe)

CoolWebSearch Object recognized!
Type : Process
Data : sysgx32.exe
Object : C:\WINNT\system32\
FileSize : 9 KB
Created on : 6/24/2004 4:14:42 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/24/2004 4:14:44 PM


Warning! "sysgx32.exe"Process could not be terminated!

#:20 [winpppoverethernet.exe]
FilePath : C:\Program Files\Verizon Online\WinPoET\
ThreadCreationTime : 6-24-2004 10:38:49 PM
BasePriority : Normal
FileSize : 268 KB
FileVersion : 4.0.574
ProductVersion : 4.0.574
Copyright : Copyright
CompanyName : Fine Point Technologies, Inc.
FileDescription : WinPoET System Tray Application for Windows 95/98/ME
InternalName : WinPPPoverEthernet
OriginalFilename : WinPPPoverEthernet.EXE
ProductName : WinPoET System Tray Application
Created on : 12/15/2003 8:56:49 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 9/11/2002 8:38:22 PM

#:21 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-24-2004 10:38:50 PM
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11/10/2003 7:30:02 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 11/10/2003 7:30:02 PM

#:22 [hppwrsav.exe]
FilePath : C:\SCANJET\PrecisionScanLT\
ThreadCreationTime : 6-24-2004 10:38:51 PM
BasePriority : Normal
FileSize : 23 KB
Created on : 6/5/2004 5:31:04 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/7/1999 4:27:10 PM

#:23 [iprb32.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 6-24-2004 10:38:51 PM
BasePriority : Normal
FileSize : 26 KB
Created on : 6/23/2004 3:30:24 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/23/2004 3:30:26 PM

#:24 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 6-24-2004 10:38:53 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 6/29/2000 10:15:10 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/29/2000 10:15:10 PM

#:25 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ThreadCreationTime : 6-24-2004 10:38:55 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
Copyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
OriginalFilename : WZQKPICK.EXE
ProductName : WinZip
Created on : 6/23/2004 5:28:25 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 2/11/2004 1:00:00 PM

#:26 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ThreadCreationTime : 6-24-2004 11:21:39 PM
BasePriority : Normal
FileSize : 10329 KB
FileVersion : 10.0.2627
ProductVersion : 10.0.2627
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Word
InternalName : WinWord
OriginalFilename : WinWord.exe
ProductName : Microsoft Office XP
Created on : 3/7/2001 2:11:12 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 3/7/2001 2:11:12 PM

#:27 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 6-25-2004 12:20:13 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:14:40 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 8/29/2002 11:14:40 AM

#:28 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 6-25-2004 12:47:14 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:14:40 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 8/29/2002 11:14:40 AM

#:29 [msdtc.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 6-25-2004 1:33:46 AM
BasePriority : Normal
FileSize : 6 KB
FileVersion : 1999.9.3421.3
ProductVersion : 03.00.00.3421
Copyright : Copyright © Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
ProductName : Microsoft Distributed Transaction Coordinator
Created on : 1/15/2004 12:42:53 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 12/7/1999 4:00:00 PM

#:30 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
ThreadCreationTime : 6-25-2004 2:18:26 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/23/2004 9:36:54 PM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://ixlnx.dll/index.html#96676"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://ixlnx.dll/index.html#96676"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://ixlnx.dll/index.html#96676"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://ixlnx.dll/index.html#96676"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://ixlnx.dll/index.html#96676"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://ixlnx.dll/index.html#96676"


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 3
Objects found so far: 4


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : administrator@doubleclick[1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 6/25/2004 2:26:22 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/25/2004 2:26:26 AM



Tracking Cookie Object recognized!
Type : File
Data : administrator@centrport[1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 6/25/2004 2:26:26 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/25/2004 2:26:28 AM



Tracking Cookie Object recognized!
Type : File
Data : administrator@servedby.advertising[1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 6/25/2004 2:26:42 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/25/2004 2:26:44 AM



Tracking Cookie Object recognized!
Type : File
Data : administrator@advertising[1].txt
Object : C:\Documents and Settings\Administrator\Cookies\

Created on : 6/25/2004 2:26:42 AM
Last accessed : 6/24/2004 4:00:00 AM
Last modified : 6/25/2004 2:26:44 AM



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 8


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 9


10:28:18 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:08:36:829
Objects scanned :105300
Objects identified :9
Objects ignored :0
New objects :9

#3 shaunw

shaunw

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 26 June 2004 - 05:23 PM

It is no use getting rid of the hijack if it is virus or trojan driven because it will
simpley be reinstalled every time you reboot. You need to get an anti-virus scanner
working correctly first. Are you logged in as an administrator? Did you install your
anti-virus software as an administrator?
Until you get rid of the viruses forget about the browser hijack. Also make sure
you have the latest anti-virus data files.
Check the attributes of the files you are trying to delete are they set to read only.

:techsupport:

#4 jay2004

jay2004

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 05:28 PM

I have all of the latest updates on Norton Antivirus, Ad-Aware, Spy Sweeper and HijackThis. I have rebooted and ran all of the app's in safe mode then re-booted---but it comes back. I realize I am not alone but this is going on 2 weeks now! Should I reinstall IE since it appears to be vulnerable to this trojan horse or wait until one of the volunteer technicians read through my logfile and suggest steps for me?
thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button