• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
4crest

greatsearch.biz

8 posts in this topic

Help! Help! Help! Help!!!!

My browser has been hijacked by greatsearch.biz and I haven’t been able to get rid of it. Running F-Prot Antivirus, Spybot or HijackThis doesn’t seem to do the trick and manually modifying the registry hasn’t got me much farther as the pest keeps reinstalling itself. Can anyone help me get rid of this plague? Thanks a lot.

Here’s my HijackThis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 14.30.06, on 24/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\GEARSec.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\PGPsdkServ.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

C:\Programmi\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\FSI\F-Prot\F-StopW.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\System32\khooker.exe

C:\Programmi\Iomega\AutoDisk\ADUserMon.exe

C:\Programmi\Iomega\DriveIcons\ImgIcon.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Documents and Settings\andrew\Documenti\TEMPORANEA\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da PC Magazine

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Programmi\SurfAssistant.com\saiemod.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\dllcache\tintsetp.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\dllcache\tintsetp.exe /IMEName

O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Programmi\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [services Process] C:\WINDOWS\system32\config\services.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7978.6620833333

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

No MS updates huh?

 

Download this zip.

 

http://tools.zerosrealm.com/pv.zip

Please unzip it to the desktop. It will not work if you run it from inside the zip.

 

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

 

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

 

 

Notepad will open with a log in it. Please copy and paste the log into this post.

Edited by irelynnmisses

Share this post


Link to post
Share on other sites
No MS updates huh?

 

Download this zip.

 

http://tools.zerosrealm.com/pv.zip

Please unzip it to the desktop. It will not work if you run it from inside the zip.

 

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

 

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

 

 

Notepad will open with a log in it. Please copy and paste the log into this post.

From 4crest. Many thanks, irelynnmisses. Here's the log you requested:

 

Module information for 'Explorer.EXE'

MODULE BASE SIZE PATH

Explorer.EXE 1000000 1011712 C:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Esplora risorse

ntdll.dll 77f40000 716800 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) DLL del livello NT

kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) DLL client di Windows NT BASE API

msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL

ADVAPI32.dll 77da0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) API Windows 32 Base avanzato

RPCRT4.dll 77c90000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime

GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL

USER32.dll 77d10000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL

SHLWAPI.dll 772a0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Libreria leggera di utilità per la shell

SHELL32.dll 773a0000 8368128 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) DLL comune della shell di Windows

ole32.dll 77180000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE per Windows

OLEAUT32.dll 770f0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

BROWSEUI.dll 75f30000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

SHDOCVW.dll 76980000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object e Control Library

UxTheme.dll 5b180000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Libreria UxTheme di Microsoft

IMM32.DLL 76340000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL

LPK.DLL 62e40000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack

USP10.dll 72f10000 368640 C:\WINDOWS\System32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor

comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library

comctl32.dll 77310000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library

appHelp.dll 75ef0000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library

CLBCATQ.DLL 76f90000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42

COMRes.dll 77010000 860160 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

cscui.dll 765d0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Interfaccia della cache sul lato client

CSCDLL.dll 765b0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Agente rete disconnessa

themeui.dll 5ba40000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) API di Windows Theme

Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface

MSIMG32.dll 76330000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL

USERENV.dll 75a20000 671744 C:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv

LINKINFO.dll 76940000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

ntshrui.dll 76950000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Estensioni shell per la condivisione

ATL.DLL 76ae0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)

NETAPI32.dll 71bb0000 323584 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL

MSCTF.dll 746b0000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL

msi.dll 763b0000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer

krnldbge.dll 10000000 20480 C:\WINDOWS\system32\config\krnldbge.dll

NETSHELL.dll 75ca0000 1650688 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Shell connessioni di rete

credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Interfaccia utente Gestione credenziali

WS2_32.dll 71a30000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71a20000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Helper di Windows Socket 2.0 per Windows NT

iphlpapi.dll 76d20000 86016 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) API helper IP

netman.dll 76da0000 155648 C:\WINDOWS\system32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Gestione connessioni di rete

MPRAPI.dll 76d00000 90112 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL

ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL Livello router di AD

adsldpc.dll 76dd0000 147456 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL

WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL

rtutils.dll 76e40000 53248 C:\WINDOWS\system32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

SAMLIB.dll 71b80000 69632 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL

SETUPAPI.dll 76630000 950272 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) API dell'installazione di Windows

RASAPI32.dll 76ea0000 225280 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.0 (xpclient.010817-1148) API di Accesso remoto

rasman.dll 76e50000 69632 C:\WINDOWS\system32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager

TAPI32.dll 76e70000 172032 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) DLL client dell'API di Telefonia di Microsoft® Windows

WINMM.dll 76b00000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) DLL API MCI

WZCSvc.DLL 76d60000 196608 C:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Servizio Zero Configuration reti senza fili

WMI.dll 76cf0000 16384 C:\WINDOWS\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality

DHCPCSVC.DLL 76d40000 106496 C:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) Servizio Client DHCP

DNSAPI.dll 76ee0000 151552 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL

CRYPT32.dll 76270000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32

MSASN1.dll 76250000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs

WTSAPI32.dll 76f10000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs

WINSTA.dll 76310000 61440 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library

serwvdrv.dll 5d190000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Driver Unimodem Serial Wave

umdmxfrm.dll 5b4b0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module

webcheck.dll 74ac0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Utilità di monitoraggio siti Web

stobject.dll 74a90000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Oggetto servizio shell Systray

BatMeter.dll 74a80000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL Helper misuratore alimentazione

POWRPROF.dll 74a60000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL

upnpui.dll 5b390000 241664 C:\WINDOWS\System32\upnpui.dll 5.1.2600.0 (xpclient.010817-1148) Cartella e monitor cassetto UPNP

upnp.dll 74fd0000 126976 C:\WINDOWS\System32\upnp.dll 5.1.2600.0 (xpclient.010817-1148) Universal Plug and Play API

WININET.dll 761b0000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions per Win32

SSDPAPI.dll 74e90000 40960 C:\WINDOWS\System32\SSDPAPI.dll 5.1.2600.0 (xpclient.010817-1148) SSDP Client API DLL

mswsock.dll 719d0000 245760 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Service Provider Microsoft Windows Sockets 2.0

wshtcpip.dll 71a10000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL

system32.dll 810000 32768 C:\WINDOWS\system32\system32.dll

comdlg32.dll 76360000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) DLL delle finestre di dialogo comuni

wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Filtro audio ACM Microsoft

midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) MIDI Mapper Microsoft

IMGHOOK.DLL 30000000 290816 C:\Programmi\Iomega\DriveIcons\IMGHOOK.DLL 6, 4, 0, 29 IMGHOOK

printui.dll 74b10000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) DLL dell'interfaccia utente di stampa

WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Driver dello spooler di Windows

CFGMGR32.dll 74a70000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL

MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL del router multiple provider

RASDLG.dll 754e0000 663552 C:\WINDOWS\System32\RASDLG.dll 5.1.2600.0 (xpclient.010817-1148) API finestra di dialogo comune Accesso remoto

rsaenh.dll ffd0000 139264 C:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider

drprov.dll 75f10000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider

ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Lan Manager Microsoft®

NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) Codice comune NT LM UI - Classi GUI

NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes

NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL

davclnt.dll 75f20000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) DLL di Web DAV Client

shdoclc.dll 76120000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object e Control Library

SXS.DLL 75e40000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5

browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

MFC42.DLL 73d40000 991232 C:\WINDOWS\System32\MFC42.DLL 6.00.8665.0 MFCDLL Shared Library - Retail Version

MFC42LOC.DLL 61e00000 57344 C:\WINDOWS\System32\MFC42LOC.DLL 6.00.8665.0 MFC Language Specific Resources

urlmon.dll 760a0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) Estensioni OLE32 per Win32

msadp32.acm 72c60000 24576 C:\WINDOWS\System32\msadp32.acm 5.1.2600.0 (xpclient.010817-1148) Codec Microsoft ADPCM per MSACM

EuShlExt.dll 1910000 90112 C:\Programmi\Qualcomm\Eudora\EuShlExt.dll 1, 0, 1, 1 Eudora's Shell Extension

mobsync.dll 61ae0000 217088 C:\WINDOWS\System32\mobsync.dll 5.1.2600.0 (XPClient.010817-1148) Gestione sincronizzazione Microsoft

pgpmn.dll 1ec0000 102400 C:\WINDOWS\System32\pgpmn.dll 8.0 PGP Shell Menu Extensions

MSGINA.dll 75920000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.0 (xpclient.010817-1148) DLL GINA di accesso di Windows NT

ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.7713.0 Microsoft Data Access - ODBC Driver Manager

odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - Risorse ODBC

AcroIEHelper.ocx c60000 32768 C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module

SDHelper.dll 1f40000 733184 C:\PROGRA~1\SPYBOT~1\SDHelper.dll

olepro32.dll 5f210000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL

msohev.dll 32520000 73728 C:\Programmi\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component

WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API di verifica attendibilità Microsoft

IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper

asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object

MSISIP.DLL 60a40000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider

wshext.dll 74e30000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host

wshIT.DLL 590f0000 57344 C:\WINDOWS\System32\wshIT.DLL 5.6.0.6626 Risorse internazionali di Microsoft ® Windows Script Host

MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub

MSVCP60.DLL 76030000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Programmi\SurfAssistant.com\saiemod.dll

O4 - HKLM\..\Run: [services Process] C:\WINDOWS\system32\config\services.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

 

 

These ones are optional to remove, but removal will speed up your pc and its performance. You can still access them manually by clicking on the icon. They usually arn't malware, just a resource hogs.

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

 

Reboot and then search for and delete if found, these files or folders.

 

C:\WINDOWS\system32\config\services.exe

C:\Programmi\SurfAssistant.com\saiemod.dll

 

 

Download and install Ad-aware found here: http://www.lavasoftusa.com/support/download/

After installing you need to download all updates for it. Use the Globe Icon in the program, and "Connect" to download latest Reference-file. Please update it before you scan with it then fix all it finds.

Now do the following:

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

 

Press "Scan Now"

 

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

 

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"

 

If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

 

Finally, close Ad-Aware, and reboot.

That ought to get rid of most of your spyware.

 

 

Go to START>.ALL PROGRAMS..ACCESSORIES>>SYSTEM TOOLS>> DISK CLEAN UP>> and clean everything...Especially TEMP folder.

 

Then get an online virus scan here: http://housecall.trendmicro.com/ Please select the Autoclean option when prompted.

or here: http://www.pandasoftware.com/activescan/

 

 

Also, how many Anti-Virus programs are you running? I think I see 2, can you please verify this for me :)

 

You can't possibly expect to prevent any future exploits without proper updates.

I would go to windowsupdates and install ALL critical updates. They are very important to have since they are vital to the health of your system. That will fix innumerable bugs, update a large number of important system files, and plug many security holes. It can also prevent future catastrophes! People have no idea how many predators there are out there. It's a shame really.

http://v4.windowsupdate.microsoft.com/en/default.asp

 

 

Then reboot and post one more log.. and we will finish from there.

Share this post


Link to post
Share on other sites
Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Programmi\SurfAssistant.com\saiemod.dll

O4 - HKLM\..\Run: [services Process] C:\WINDOWS\system32\config\services.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

 

 

These ones are optional to remove, but removal will speed up your pc and its performance. You can still access them manually by clicking on the icon. They usually arn't malware, just a resource hogs.

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

 

Reboot and then search for and delete if found, these files or folders.

 

C:\WINDOWS\system32\config\services.exe

C:\Programmi\SurfAssistant.com\saiemod.dll

 

 

Download and install Ad-aware found here: http://www.lavasoftusa.com/support/download/

After installing you need to download all updates for it. Use the Globe Icon in the program, and "Connect" to download latest Reference-file. Please update it before you scan with it then fix all it finds.

Now do the following:

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

 

Press "Scan Now"

 

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

 

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"

 

If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

 

Finally, close Ad-Aware, and reboot.

That ought to get rid of most of your spyware.

 

 

Go to START>.ALL PROGRAMS..ACCESSORIES>>SYSTEM TOOLS>> DISK CLEAN UP>> and clean everything...Especially TEMP folder.

 

Then get an online virus scan here: http://housecall.trendmicro.com/ Please select the Autoclean option when prompted.

or here: http://www.pandasoftware.com/activescan/

 

 

Also, how many Anti-Virus programs are you running? I think I see 2, can you please verify this for me :)

 

You can't possibly expect to prevent any future exploits without proper updates.

I would go to windowsupdates and install ALL critical updates. They are very important to have since they are vital to the health of your system. That will fix innumerable bugs, update a large number of important system files, and plug many security holes. It can also prevent future catastrophes! People have no idea how many predators there are out there. It's a shame really.

http://v4.windowsupdate.microsoft.com/en/default.asp

 

 

Then reboot and post one more log.. and we will finish from there.

Hello, irelynnmisses!

I followed your instructions scrupulously and bingo! The pest is gone. Thank you very much for your time and patience spent applying your thaumaturgic hands on my computer!

Yes, I have 2 antivirus programmes running: F-Prot (which is very good, with almost daily updates) and Spybot which, strangely enough, failed to recognize the spywares and malwares Ad-aware spotted and destroyed (42 of them, including registry inconsistencies!). I also run Dialer Control.

Other security measures and precautions I take include:

-Internet Options security set at Medium, with ActiveX controls and plug-ins set as follows:

a) download unsigned ActiveX controls (disabled)

B) initialize and script ActiveX controls not marked as safe (disabled)

c) script ActiveX controls marked safe for scripting (prompt)

d) download signed ActiveX controls (prompt)

And:

e) access data sources across domains (disabled)

f) software channel permissions (high safety)

g) installation of desktop items (prompt)

h) launching programs and files in an IFRAME (prompt)

i) navigate sub-frames across different domains (prompt)

j) userdata persistence (disabled)

k) scripting of Java applets (prompt)

 

And I block third-party cookies.

After each internet session I delete all temporary internet files, remove cookies, clean IE history.

I run the two antivirus programs almost every day.

How did I get hijacked in the first place, then? Well, I did make a mistake. I was visiting a dangerous site and suddenly a panel popped up suggesting I should enable ActiveX. Instead of hitting the OK button, I foolishly closed the window and that was my undoing (I reckon).

I closed the internet connection, ran the two antivirus programs, but nothing was spotted. I accessed the registry but didn’t find anything amiss there and then I’m always a bit reluctant to tamper with registry. And that’s when I decided to ask for help.

I hope I’m cured alright but just in case, I’m sending my hijackThis log together with my gratitude for sparing me the pain of having to reinstall the OS:

 

 

Logfile of HijackThis v1.97.7

Scan saved at 14.42.32, on 28/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\GEARSec.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\FSI\F-Prot\F-StopW.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\System32\khooker.exe

C:\Programmi\Iomega\AutoDisk\ADUserMon.exe

C:\Programmi\Iomega\DriveIcons\ImgIcon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\PGPsdkServ.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

C:\Programmi\Iomega\AutoDisk\ADService.exe

C:\Programmi\Microsoft Office\Office10\WINWORD.EXE

C:\Documents and Settings\andrew\Documenti\TEMPORANEA\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da PC Magazine

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\dllcache\tintsetp.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\dllcache\tintsetp.exe /IMEName

O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Programmi\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7978.6620833333

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Your biggest probles is that you are not patched up..

 

You can't possibly expect to resolve any future exploits without proper updates.

I would go to windowsupdates and install ALL critical updates. They are very important to have since they are vital to the health of your system. That will fix innumerable bugs, update a large number of important system files, and plug many security holes. It can also prevent future catastrophes! People have no idea how many predators there are out there. It's a shame really.

http://v4.windowsupdate.microsoft.com/en/default.asp

 

 

Download and install-

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, then again, you know this and then just occasionally to check for updates.

I highly recommend toolbar.google.com - you get a great popup blocker as well as very convenient search.

 

 

good luck

Share this post


Link to post
Share on other sites
Your biggest probles is that you are not patched up..

 

You can't possibly expect to resolve any future exploits without proper updates.

I would go to windowsupdates and install ALL critical updates. They are very important to have since they are vital to the health of your system. That will fix innumerable bugs, update a large number of important system files, and plug many security holes. It can also prevent future catastrophes! People have no idea how many predators there are out there. It's a shame really.

http://v4.windowsupdate.microsoft.com/en/default.asp

 

 

Download and install-

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, then again, you know this and then just occasionally to check for updates.

I highly recommend toolbar.google.com - you get a great popup blocker as well as very convenient search.

 

 

good luck

Hi!

SpywareBlaster and IESpyad I’ve already downloaded and I’m going to properly update my OS. I’d like to ask you a final question: could reverting to a pre-infection restore point have been a solution in my case?

Thank you so much for your precious advice. Keep up the good Samaritan work!

Best wishes

4crest

Share this post


Link to post
Share on other sites

No, you were probably infected then with other stuff.. You did good here :)

SPYBOT is not an anti-virus it is a spyware removal tool and hsould be updated and used frequently.

 

Can you please post a new hijackthis log.. I just did some reading on :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/

 

But reboot first.. then post a new log.

 

thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0