Jump to content


Photo

Websearch Hijacking


  • Please log in to reply
1 reply to this topic

#1 joebetoblame

joebetoblame

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 July 2004 - 11:33 PM

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINDOWS\System32\CTSvcCDA.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\WinTools\WToolsS.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINDOWS\System32\CTHELPER.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
D:\WINDOWS\System32\taskswitch.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Common Files\WinTools\WToolsA.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
D:\WINDOWS\System32\RunDLL32.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Program Files\Common Files\WinTools\WSup.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
D:\WINDOWS\System32\taskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\Perl.exe
D:\Documents and Settings\joeurena\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50138
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50138
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SpyCop ScanCheck] D:\Program Files\Common Files\Microsoft Shared\Perl.exe /LASTSCAN
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50138
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

#2 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 20 July 2004 - 09:36 PM

Hello joebetoblame,

Please post your complete log (include the header).

Run Hijackthis, and press Scan. You will notice the Scan button will turn into a "Save Log" button.
Notepad will open. Save the log form notepad, and Post that log onto this topic.
Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button