• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jay2004

Adware, Malware hijacked browser issue

4 posts in this topic

Wednesday morning, 6/23/04, my IE browser default homepagr changed to a strange website. I have had it default to Yahoo.com for over a year. I must have visited a few websites on Wednesday or opened an email with an attachment(which my wife did on Wednesday morning, as I just found out)

I ran Norton Antivirus 2004 and Ad-Aware 6.0. Norton and Ad-aware find the files but they can’t delete them all. Norton suggests I go to each file and delete it manually. But when I go to the files--I am not able to delete these in my WINNT folder. So, I am stuck in this circle of futility. My default homepage that continually finds itself in my Homepage settings tab is: res://sltot.dll/index.html#96676

 

The Norton Antivrus results follow and Norton can’t delete these:

 

C:\_Restore\Archive\FS6.cab is a Adware threat

C:\_Restore\Temp\A0007111.CPY is a Adware threat

The compressed file iprb32.exe within c:\winnt\system32\ iprb32.exe is a Adware threat

The file c:\winnt\system32\sysgx32.exe is a Adware threat

The compressed file sysgx32.exe within c:\winnt\system32\ sysgx32.exe is a Adware threat

 

I try to delete these as Norton suggests but the computer won’t let me.

 

I run these scans on Ad-aware 6.0 and delete files but they still appear after each scan. I have the browser closed when I do the scan. This appears after the scan on Ad-aware:

Vendor: Coolweb Search

Category: Malware

Object: c:\winnt\system32\sysgx32.exe

 

I have also run theses scans in Safe Mode but alas---the same story as so many other people alongside me: the problem comes back each time!!

 

I found your forum, downloaded and ran HijackThis and my log is below. I would greatly appreciate some advice as this is Saturday and I am losing my mind over this--thanks

Jay

 

 

Logfile of HijackThis v1.97.7

Scan saved at 5:41:41 PM, on 6/25/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\system32\regsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

C:\WINNT\system32\svchost.exe

C:\WINNT\ipgv32.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\SCANJET\PrecisionScanLT\hppwrsav.exe

C:\WINNT\system32\iprb32.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ixlnx.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ixlnx.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ixlnx.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ixlnx.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ixlnx.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ixlnx.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {F449B038-0B1D-FC86-347C-1F3F00600A89} - C:\WINNT\system32\ieuf32.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe

O4 - HKLM\..\Run: [appje32.exe] C:\WINNT\system32\appje32.exe

O4 - HKLM\..\Run: [iprb32.exe] C:\WINNT\system32\iprb32.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" +c

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O15 - Trusted Zone: http://windowsupdate.microsoft.com)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0894d6727988df...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/148119a...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8025.3995138889

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ADB1CFE5-CAB7-4193-8BE4-92A8228D85CE}: NameServer = 151.203.0.84 151.203.0.85

Share this post


Link to post
Share on other sites

My Adware LogFile:

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Thursday, June 24, 2004 10:19:41 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R324 22.06.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

 

 

6-24-2004 10:19:41 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 6-24-2004 10:36:01 PM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:08 PM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:10 PM

BasePriority : Normal

FileSize : 87 KB

FileVersion : 5.00.2195.6700

ProductVersion : 5.00.2195.6700

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 12/7/1999 4:00:00 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/19/2003 6:05:04 PM

 

#:4 [lsass.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:10 PM

BasePriority : Normal

FileSize : 32 KB

FileVersion : 5.00.2195.6902

ProductVersion : 5.00.2195.6902

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : LSA Executable and Server DLL (Export Version)

InternalName : lsasrv.dll and lsass.exe

OriginalFilename : lsasrv.dll and lsass.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 12/7/1999 4:00:00 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 2/25/2004 11:59:08 PM

 

#:5 [svchost.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:19 PM

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 12/7/1999 4:00:00 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 12/7/1999 4:00:00 PM

 

#:6 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 6-24-2004 10:36:19 PM

BasePriority : Normal

FileSize : 229 KB

FileVersion : 2.1.0.610

ProductVersion : 2.1.0.610

Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

OriginalFilename : ccSetMgr.exe

ProductName : Common Client

Created on : 11/10/2003 7:30:12 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 11/10/2003 7:30:12 PM

 

#:7 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 6-24-2004 10:36:20 PM

BasePriority : Normal

FileSize : 249 KB

FileVersion : 2.1.0.610

ProductVersion : 2.1.0.610

Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Common Client

Created on : 11/10/2003 7:30:04 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 11/10/2003 7:30:04 PM

 

#:8 [spoolsv.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:22 PM

BasePriority : Normal

FileSize : 44 KB

FileVersion : 5.00.2195.6659

ProductVersion : 5.00.2195.6659

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolss.exe

OriginalFilename : spoolss.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 1/15/2004 12:34:35 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/19/2003 6:05:04 PM

 

#:9 [svchost.exe]

FilePath : C:\WINNT\System32\

ThreadCreationTime : 6-24-2004 10:36:22 PM

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 12/7/1999 4:00:00 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 12/7/1999 4:00:00 PM

 

#:10 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ThreadCreationTime : 6-24-2004 10:36:23 PM

BasePriority : Normal

FileSize : 155 KB

FileVersion : 10.00.2

ProductVersion : 10.00.2

Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 6/3/2004 11:16:34 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 4/23/2004 3:04:18 PM

 

#:11 [regsvc.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:28 PM

BasePriority : Normal

FileSize : 66 KB

FileVersion : 5.00.2195.6701

ProductVersion : 5.00.2195.6701

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Remote Registry Service

InternalName : regsvc

OriginalFilename : REGSVC.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 2/8/2004 4:58:38 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/19/2003 6:05:04 PM

 

#:12 [savscan.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ThreadCreationTime : 6-24-2004 10:36:32 PM

BasePriority : Normal

FileSize : 189 KB

FileVersion : 9.2.1.14

ProductVersion : 9.2

Copyright : Copyright © 2003 Symantec Corporation

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

OriginalFilename : SAVSCAN.EXE

ProductName : Symantec AntiVirus AutoProtect

Created on : 11/7/2003 11:46:58 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 11/7/2003 11:46:58 PM

 

#:13 [mstask.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:34 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 4.71.2195.6704

ProductVersion : 4.71.2195.6704

Copyright : Copyright © Microsoft Corp. 1997

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 2/8/2004 4:57:22 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/19/2003 6:05:04 PM

 

#:14 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ThreadCreationTime : 6-24-2004 10:36:37 PM

BasePriority : Normal

FileSize : 572 KB

FileVersion : 1, 8, 48, 79

ProductVersion : 1, 8, 48, 79

Copyright : Copyright © 2003

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

OriginalFilename : symlcsvc.exe

ProductName : Symantec Core Component

Created on : 2/5/2004 3:30:04 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 2/5/2004 3:30:04 PM

 

#:15 [winmgmt.exe]

FilePath : C:\WINNT\System32\WBEM\

ThreadCreationTime : 6-24-2004 10:36:38 PM

BasePriority : Normal

FileSize : 192 KB

FileVersion : 1.50.1085.0100

ProductVersion : 1.50.1085.0100

Copyright : Copyright © Microsoft Corp. 1995-1999

CompanyName : Microsoft Corporation

FileDescription : Windows Management Instrumentation

InternalName : WINMGMT

ProductName : Windows Management Instrumentation

Created on : 2/8/2004 5:00:09 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/19/2003 6:05:04 PM

 

#:16 [wros.exe]

FilePath : C:\Program Files\Verizon Online\WinPoET\

ThreadCreationTime : 6-24-2004 10:36:44 PM

BasePriority : Normal

FileSize : 80 KB

FileVersion : 1, 1, 2, 0

ProductVersion : 1, 1, 2, 0

Copyright : Copyright

CompanyName : iVasion, a Routerware Company

FileDescription : WrOS

InternalName : WrOS

OriginalFilename : WrOS.exe

ProductName : WinRouter Operating System

Created on : 1/15/2004 3:58:54 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 4/10/2000 2:41:48 PM

 

#:17 [svchost.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:36:45 PM

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 12/7/1999 4:00:00 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 12/7/1999 4:00:00 PM

 

#:18 [explorer.exe]

FilePath : C:\WINNT\

ThreadCreationTime : 6-24-2004 10:38:36 PM

BasePriority : Normal

FileSize : 237 KB

FileVersion : 5.00.3700.6690

ProductVersion : 5.00.3700.6690

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 2/8/2004 4:53:07 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/19/2003 6:05:04 PM

 

#:19 [sysgx32.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:38:41 PM

BasePriority : Normal

FileSize : 9 KB

Created on : 6/24/2004 4:14:42 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/24/2004 4:14:44 PM

Warning! CoolWebSearch object found in memory(C:\WINNT\system32\sysgx32.exe)

 

CoolWebSearch Object recognized!

Type : Process

Data : sysgx32.exe

Object : C:\WINNT\system32\

FileSize : 9 KB

Created on : 6/24/2004 4:14:42 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/24/2004 4:14:44 PM

 

 

Warning! "sysgx32.exe"Process could not be terminated!

 

#:20 [winpppoverethernet.exe]

FilePath : C:\Program Files\Verizon Online\WinPoET\

ThreadCreationTime : 6-24-2004 10:38:49 PM

BasePriority : Normal

FileSize : 268 KB

FileVersion : 4.0.574

ProductVersion : 4.0.574

Copyright : Copyright

CompanyName : Fine Point Technologies, Inc.

FileDescription : WinPoET System Tray Application for Windows 95/98/ME

InternalName : WinPPPoverEthernet

OriginalFilename : WinPPPoverEthernet.EXE

ProductName : WinPoET System Tray Application

Created on : 12/15/2003 8:56:49 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 9/11/2002 8:38:22 PM

 

#:21 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 6-24-2004 10:38:50 PM

BasePriority : Normal

FileSize : 69 KB

FileVersion : 2.1.0.610

ProductVersion : 2.1.0.610

Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client User Session

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 11/10/2003 7:30:02 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 11/10/2003 7:30:02 PM

 

#:22 [hppwrsav.exe]

FilePath : C:\SCANJET\PrecisionScanLT\

ThreadCreationTime : 6-24-2004 10:38:51 PM

BasePriority : Normal

FileSize : 23 KB

Created on : 6/5/2004 5:31:04 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/7/1999 4:27:10 PM

 

#:23 [iprb32.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 6-24-2004 10:38:51 PM

BasePriority : Normal

FileSize : 26 KB

Created on : 6/23/2004 3:30:24 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/23/2004 3:30:26 PM

 

#:24 [wkcalrem.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\

ThreadCreationTime : 6-24-2004 10:38:53 PM

BasePriority : Normal

FileSize : 24 KB

FileVersion : 6.00.1828.1

ProductVersion : 6.00.1828.1

Copyright : Copyright

CompanyName : Microsoft

FileDescription : Microsoft

InternalName : WkCalRem

OriginalFilename : WKCALREM.EXE

ProductName : Microsoft

Created on : 6/29/2000 10:15:10 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/29/2000 10:15:10 PM

 

#:25 [wzqkpick.exe]

FilePath : C:\Program Files\WinZip\

ThreadCreationTime : 6-24-2004 10:38:55 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 1.0 (32-bit)

ProductVersion : 9.0 (6028)

Copyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved

CompanyName : WinZip Computing, Inc.

FileDescription : WinZip Executable

InternalName : WZQKPICK.EXE

OriginalFilename : WZQKPICK.EXE

ProductName : WinZip

Created on : 6/23/2004 5:28:25 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 2/11/2004 1:00:00 PM

 

#:26 [winword.exe]

FilePath : C:\Program Files\Microsoft Office\Office10\

ThreadCreationTime : 6-24-2004 11:21:39 PM

BasePriority : Normal

FileSize : 10329 KB

FileVersion : 10.0.2627

ProductVersion : 10.0.2627

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Microsoft Word

InternalName : WinWord

OriginalFilename : WinWord.exe

ProductName : Microsoft Office XP

Created on : 3/7/2001 2:11:12 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 3/7/2001 2:11:12 PM

 

#:27 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 6-25-2004 12:20:13 AM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 8/29/2002 11:14:40 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 8/29/2002 11:14:40 AM

 

#:28 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 6-25-2004 12:47:14 AM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 8/29/2002 11:14:40 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 8/29/2002 11:14:40 AM

 

#:29 [msdtc.exe]

FilePath : C:\WINNT\System32\

ThreadCreationTime : 6-25-2004 1:33:46 AM

BasePriority : Normal

FileSize : 6 KB

FileVersion : 1999.9.3421.3

ProductVersion : 03.00.00.3421

Copyright : Copyright © Microsoft Corp. 1995-1999

CompanyName : Microsoft Corporation

FileDescription : MS DTC console program

InternalName : MSDTC.EXE

ProductName : Microsoft Distributed Transaction Coordinator

Created on : 1/15/2004 12:42:53 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 12/7/1999 4:00:00 PM

 

#:30 [ad-aware.exe]

FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\

ThreadCreationTime : 6-25-2004 2:18:26 AM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 6/23/2004 9:36:54 PM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 7/13/2003 1:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://ixlnx.dll/index.html#96676"

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "res://ixlnx.dll/index.html#96676"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://ixlnx.dll/index.html#96676"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "res://ixlnx.dll/index.html#96676"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://ixlnx.dll/index.html#96676"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Default_Page_URL

Data : "res://ixlnx.dll/index.html#96676"

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 3

Objects found so far: 4

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Tracking Cookie Object recognized!

Type : File

Data : administrator@doubleclick[1].txt

Object : C:\Documents and Settings\Administrator\Cookies\

 

Created on : 6/25/2004 2:26:22 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/25/2004 2:26:26 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : administrator@centrport[1].txt

Object : C:\Documents and Settings\Administrator\Cookies\

 

Created on : 6/25/2004 2:26:26 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/25/2004 2:26:28 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : administrator@servedby.advertising[1].txt

Object : C:\Documents and Settings\Administrator\Cookies\

 

Created on : 6/25/2004 2:26:42 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/25/2004 2:26:44 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : administrator@advertising[1].txt

Object : C:\Documents and Settings\Administrator\Cookies\

 

Created on : 6/25/2004 2:26:42 AM

Last accessed : 6/24/2004 4:00:00 AM

Last modified : 6/25/2004 2:26:44 AM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 8

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

Value : ITBarLayout

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 9

 

 

10:28:18 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:08:36:829

Objects scanned :105300

Objects identified :9

Objects ignored :0

New objects :9

Share this post


Link to post
Share on other sites

It is no use getting rid of the hijack if it is virus or trojan driven because it will

simpley be reinstalled every time you reboot. You need to get an anti-virus scanner

working correctly first. Are you logged in as an administrator? Did you install your

anti-virus software as an administrator?

Until you get rid of the viruses forget about the browser hijack. Also make sure

you have the latest anti-virus data files.

Check the attributes of the files you are trying to delete are they set to read only.

 

:techsupport:

Share this post


Link to post
Share on other sites

I have all of the latest updates on Norton Antivirus, Ad-Aware, Spy Sweeper and HijackThis. I have rebooted and ran all of the app's in safe mode then re-booted---but it comes back. I realize I am not alone but this is going on 2 weeks now! Should I reinstall IE since it appears to be vulnerable to this trojan horse or wait until one of the volunteer technicians read through my logfile and suggest steps for me?

thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0