|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
May 26th, 2004, 07:15 PM
|
|||
|
|||
any-find.com hijacker
trying to remove this from my computer. I ran ad-aware, and have an up dated McAfee. I just downloaded and ran hijack this, below is my log please review.
Logfile of HijackThis v1.97.7 Scan saved at 6:02:05 PM, on 5/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\Nhksrv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\DELLMMKB.EXE C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Netropa\OSD.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Internet Explorer\IEengine.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Louis Sorbo\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freehqmovies.com/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [SetupType] Portable O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: Privacy Bar (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1076506648858 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...028.2326851852 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.ahtd.state.ar.us/road/acgm.cab |
|
#2
May 27th, 2004, 05:32 AM
|
||||
|
||||
Re: any-find.com hijacker
Hi gotguitar10,
Have only HijackThis running and fix : R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freehqmovies.com/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab Restart PC after doing so and remove : C:\Program Files\Internet Explorer\IEengine.exe <- this file Hope this helps Cheers,
__________________
TonyKlein's "How can I be better protected?" |
|
#3
May 27th, 2004, 09:55 AM
|
|||
|
|||
|
Re: any-find.com hijacker
Hi Unzy, thanks for the reply.
I removed the files as you advised with HijackThis running. The computer was restarted. I couldn't find how to delete the C:\Program Files\Internet Explorer\IEengine.exe. The only place I could find a file similar was by going in through "My Computer">C drive>Internet Explorer and found a file there called IEengine. I received a message saying access was denied and I could not delete the file. There is also another file there called "mqzsjzri" that I did not recognize. It appears to also be an application file, was created on the same day about 2 1/2 hours before the IEengine file. Last night while waiting for a reply we ran the CWShredder program. After your instruction this morning we reran the HijackThis. Following is a new HijackThis log. Please review and advise. Thanks for your help. Logfile of HijackThis v1.97.7 Scan saved at 8:41:35 AM, on 5/27/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\DELLMMKB.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Netropa\OSD.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\QuickTime\qttask.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Internet Explorer\IEengine.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Internet Explorer\IEengine.exe C:\Program Files\Internet Explorer\IEengine.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Louis Sorbo\Local Settings\Temp\Temporary Directory 3 for hijackthis1977.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [SetupType] Portable O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: Privacy Bar (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1076506648858 O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...028.2326851852 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.ahtd.state.ar.us/road/acgm.cab |
|
#4
May 27th, 2004, 10:22 AM
|
||||
|
||||
|
Re: any-find.com hijacker
Hi gotguitar10,
Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in. These easily get lost in a Temp folder. Launch My Computer from the Desktop Icon. Select View, Details. Select the Folders button. Select Tools, Folder Options. Then select the View Tab. Select the Show hidden files and folders radio button is selected and that the Hide file extensions for known file types check box is unchecked. Once this is done, select Apply and then Like Current Folder (located near the top of the Folder Options box). Then select OK. That way you will see whether a file is a .exe or something else. And please don't go about deleting files because they look suspicious or you may wind up reinstalling. Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm O4 - Startup: PowerReg Scheduler.exe O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab Then reboot into safe mode and delete: C:\Program Files\Internet Explorer\IEengine.exe Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#5
May 27th, 2004, 11:41 AM
|
|||
|
|||
|
Re: any-find.com hijacker
Thank you very much Pieter. It looks like that worked. My homepage is staying on Google and the four websites haven't returned to my favorites.
Is there anything I can do to prevent this problem from occurring again? P.S. I may write a song about this whole experience. Will include you!  Thanks again for all your help. |
|
#6
May 27th, 2004, 11:45 AM
|
||||
|
||||
|
Re: any-find.com hijacker
Hi gotguitar10,
Please read http://www.wilderssecurity.com/showthread.php?t=27971 on the prevention department. Make the song Hard&Heavy, (not necessarily about me) and get a lot of airtime.  ~that will make me happy~Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#7
July 14th, 2004, 04:15 PM
|
|||
|
|||
|
Re: any-find.com hijacker
I am continuing to have problems and I think they are still due to the any-find.com hijacker. Every time I run Adaware it locates two entries that contain "any-find.com". I chose to remove them but I think something remains. Following is a copy of the Adaware logfile:
Lavasoft Ad-aware Personal Build 6.181 Logfile created on :Wednesday, July 14, 2004 2:25:21 PM Created with Ad-aware Personal, free for private use. Using reference-file :01R332 12.07.2004 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file 7-14-2004 2:25:21 PM - Scan started. (Smart mode) Listing running processes ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 7-14-2004 4:40:29 PM BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:33 PM BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:33 PM BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 12/19/2002 2:09:44 PM Last accessed : 7/14/2004 7:25:21 PM Last modified : 8/18/2001 12:00:00 PM #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:33 PM BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 12/19/2002 2:08:17 PM Last accessed : 7/14/2004 7:25:21 PM Last modified : 8/29/2002 10:41:26 AM #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:34 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 12/19/2002 2:10:03 PM Last accessed : 7/14/2004 7:22:54 PM Last modified : 8/18/2001 12:00:00 PM #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-14-2004 4:40:34 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 12/19/2002 2:10:03 PM Last accessed : 7/14/2004 7:22:54 PM Last modified : 8/18/2001 12:00:00 PM #:7 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:35 PM BasePriority : Normal FileSize : 292 KB FileVersion : 7.4 ProductVersion : 7.4 Copyright : (C) 1993 - 2002 Lexmark International, Inc. CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service OriginalFilename : LexBceS.exe ProductName : MarkVision for Windows (32 bit) Created on : 8/15/2002 10:26:25 AM Last accessed : 7/14/2004 7:25:21 PM Last modified : 8/15/2002 10:26:25 AM #:8 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:36 PM BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 12/19/2002 2:09:57 PM Last accessed : 7/14/2004 7:25:21 PM Last modified : 8/18/2001 12:00:00 PM #:9 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:40:36 PM BasePriority : Normal FileSize : 170 KB FileVersion : 7.4 ProductVersion : 7.4 Copyright : (C) 1993 - 2002 Lexmark International, Inc. CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS OriginalFilename : LEXPPS.EXE ProductName : MarkVision for Windows (32 bit) Created on : 8/15/2002 10:26:25 AM Last accessed : 7/14/2004 7:25:21 PM Last modified : 8/15/2002 10:26:25 AM #:10 [guarddog.exe] FilePath : C:\Program Files\McAfee\McAfee Privacy Service\ ThreadCreationTime : 7-14-2004 4:40:36 PM BasePriority : Normal FileSize : 76 KB FileVersion : 6.02.1063.0 ProductVersion : 6.02.1063.0 Copyright : Copyright CompanyName : Network Associates, Inc. FileDescription : McAfee Privacy Service Application InternalName : IG32 OriginalFilename : GUARDDOG.EXE ProductName : McAfee Privacy Service Created on : 9/19/2003 5:47:14 PM Last accessed : 7/14/2004 7:25:22 PM Last modified : 2/12/2004 9:02:00 AM #:11 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 7-14-2004 4:40:42 PM BasePriority : Normal FileSize : 973 KB FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 5/12/2003 2:12:10 AM Last accessed : 7/14/2004 7:25:22 PM Last modified : 5/12/2003 2:12:10 AM #:12 [guarddog.exe] FilePath : C:\Program Files\McAfee\McAfee Privacy Service\ ThreadCreationTime : 7-14-2004 4:40:42 PM BasePriority : Normal FileSize : 76 KB FileVersion : 6.02.1063.0 ProductVersion : 6.02.1063.0 Copyright : Copyright CompanyName : Network Associates, Inc. FileDescription : McAfee Privacy Service Application InternalName : IG32 OriginalFilename : GUARDDOG.EXE ProductName : McAfee Privacy Service Created on : 9/19/2003 5:47:14 PM Last accessed : 7/14/2004 7:25:22 PM Last modified : 2/12/2004 9:02:00 AM #:13 [nhksrv.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 7-14-2004 4:40:46 PM BasePriority : Normal FileSize : 28 KB Created on : 8/6/2001 7:41:48 PM Last accessed : 7/14/2004 7:25:22 PM Last modified : 8/6/2001 7:41:48 PM #:14 [mcvsrte.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ThreadCreationTime : 7-14-2004 4:40:49 PM BasePriority : Normal FileSize : 104 KB FileVersion : 8, 0, 0, 12 ProductVersion : 8, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte OriginalFilename : mcvsrte.exe ProductName : McAfee VirusScan Created on : 3/23/2004 5:57:36 PM Last accessed : 7/14/2004 7:25:22 PM Last modified : 8/9/2003 12:04:38 AM #:15 [mpfservice.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ThreadCreationTime : 7-14-2004 4:40:50 PM BasePriority : Normal FileSize : 492 KB FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 Copyright : Copyright CompanyName : McAfee Corporation FileDescription : McAfee Personal Firewall Service InternalName : MPFService OriginalFilename : MpfService.exe ProductName : McAfee Personal Firewall Created on : 3/23/2004 5:27:12 PM Last accessed : 7/14/2004 7:25:22 PM Last modified : 9/2/2003 7:00:00 PM #:16 [wkufind.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\ ThreadCreationTime : 7-14-2004 4:40:51 PM BasePriority : Normal FileSize : 28 KB FileVersion : 6.00.3215.0 ProductVersion : 6.00.3215.0 Copyright : Copyright CompanyName : Microsoft FileDescription : Microsoft InternalName : WkUFind OriginalFilename : WkUFind.exe ProductName : Microsoft Created on : 8/17/2001 4:41:58 AM Last accessed : 7/14/2004 7:25:22 PM Last modified : 8/17/2001 4:41:58 AM #:17 [dellmmkb.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 7-14-2004 4:40:52 PM BasePriority : Normal FileSize : 160 KB FileVersion : 2.0.0 ProductVersion : 2.0.0 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa(tm) Hot Key InternalName : Netropa Hot Key OriginalFilename : nhk.exe ProductName : Netropa Hot Key Created on : 1/13/2002 4:40:14 AM Last accessed : 7/14/2004 7:25:22 PM Last modified : 9/23/2001 1:14:48 PM #:18 [lxsupmon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-14-2004 4:40:55 PM BasePriority : Normal FileSize : 865 KB FileVersion : 3.0.105.1 ProductVersion : 3.0.105.1 Copyright : Copyright CompanyName : Lexmark International Inc. FileDescription : Supplies Monitor InternalName : LXSUPMON OriginalFilename : LXSUPMON.RC ProductName : Lexmark Supplies Monitor Created on : 8/15/2002 10:26:31 AM Last accessed : 7/14/2004 7:25:22 PM Last modified : 8/15/2002 10:26:31 AM #:19 [hpgs2wnd.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\ ThreadCreationTime : 7-14-2004 4:40:55 PM BasePriority : Normal FileSize : 68 KB FileVersion : 2,3,0,0\ ProductVersion : 2,3,0,0\ Copyright : Copyright CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd OriginalFilename : hpgs2wnd.exe ProductName : Hewlett-Packard hpgs2wnd Created on : 4/11/2002 9:19:34 AM Last accessed : 7/14/2004 7:25:22 PM Last modified : 4/11/2002 9:19:34 AM #:20 [mpftray.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ThreadCreationTime : 7-14-2004 4:40:58 PM BasePriority : Normal FileSize : 1348 KB FileVersion : 5.0.1.5 ProductVersion : 5.0.1.5 Copyright : Copyright CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Tray Monitor InternalName : MpfTray OriginalFilename : MPFTRAY.EXE ProductName : McAfee Personal Firewall (MPF) Created on : 3/23/2004 5:27:12 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 3/24/2004 8:56:00 PM #:21 [mskagent.exe] FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\ ThreadCreationTime : 7-14-2004 4:40:59 PM BasePriority : Normal FileSize : 96 KB FileVersion : 5, 0, 0, 4 ProductVersion : 5, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee SpamKiller Agent Interface module InternalName : MskAgent OriginalFilename : MskAgent.exe ProductName : McAfee SpamKiller Created on : 3/29/2004 9:23:49 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 12/22/2003 10:51:48 PM #:22 [cmgrdian.exe] FilePath : C:\Program Files\McAfee\McAfee Shared Components\Guardian\ ThreadCreationTime : 7-14-2004 4:41:01 PM BasePriority : Normal FileSize : 136 KB FileVersion : 3.01.1028.0 ProductVersion : 3.01.1028.0 Copyright : Copyright CompanyName : Network Associates, Inc. FileDescription : McAfee Guardian Agent InternalName : CMGrdian OriginalFilename : CMGrdian.exe ProductName : McAfee Windows Guardian Created on : 9/2/2003 9:01:00 AM Last accessed : 7/14/2004 7:25:23 PM Last modified : 9/2/2003 9:01:00 AM #:23 [hpgs2wnf.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\ ThreadCreationTime : 7-14-2004 4:41:01 PM BasePriority : Normal FileSize : 76 KB FileVersion : 2, 6, 0, ProductVersion : 2, 6, 0, Copyright : Copyright 2001 FileDescription : hpgs2wnf Module InternalName : hpgs2wnf OriginalFilename : hpgs2wnf.EXE ProductName : hpgs2wnf Module Created on : 4/11/2002 9:19:36 AM Last accessed : 7/14/2004 7:25:23 PM Last modified : 4/11/2002 9:19:36 AM #:24 [mcagent.exe] FilePath : C:\PROGRA~1\mcafee.com\agent\ ThreadCreationTime : 7-14-2004 4:41:02 PM BasePriority : Normal FileSize : 240 KB FileVersion : 4, 3, 0, 27 ProductVersion : 4, 3, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent OriginalFilename : mcagent.exe ProductName : McAfee SecurityCenter Created on : 6/28/2004 6:29:04 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 12/8/2003 8:38:52 PM #:25 [mcvsshld.exe] FilePath : C:\PROGRA~1\mcafee.com\vso\ ThreadCreationTime : 7-14-2004 4:41:03 PM BasePriority : Normal FileSize : 160 KB FileVersion : 8, 0, 0, 15 ProductVersion : 8, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld OriginalFilename : mcvsshld.exe ProductName : McAfee VirusScan Created on : 3/23/2004 5:57:36 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 8/18/2003 3:50:34 AM #:26 [mcvsescn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ThreadCreationTime : 7-14-2004 4:41:05 PM BasePriority : Normal FileSize : 408 KB FileVersion : 8, 0, 0, 30 ProductVersion : 8, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn OriginalFilename : mcvsescn.EXE ProductName : McAfee VirusScan Created on : 5/27/2004 8:51:29 PM Last accessed : 7/14/2004 7:22:54 PM Last modified : 4/28/2004 10:55:12 PM #:27 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ThreadCreationTime : 7-14-2004 4:41:06 PM BasePriority : Normal FileSize : 96 KB FileVersion : 6.5 ProductVersion : QuickTime 6.5 CompanyName : Apple Computer, Inc. InternalName : QuickTime Task OriginalFilename : QTTask.exe ProductName : QuickTime Created on : 4/13/2004 5:22:58 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 4/13/2004 5:22:58 PM #:28 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-14-2004 4:41:10 PM BasePriority : Normal FileSize : 31 KB FileVersion : 5.1.2600.0 (xpclient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll OriginalFilename : RUNDLL.EXE ProductName : Microsoft Created on : 12/19/2002 2:09:38 PM Last accessed : 7/14/2004 7:23:07 PM Last modified : 8/18/2001 12:00:00 PM #:29 [quickdcf.exe] FilePath : C:\Program Files\FinePixViewer\ ThreadCreationTime : 7-14-2004 4:41:18 PM BasePriority : Normal FileSize : 196 KB FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 Copyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD. CompanyName : FUJI PHOTO FILM CO., LTD. FileDescription : Exif Launcher InternalName : QuickDCF OriginalFilename : QuickDCF.exe ProductName : FinePixViewer Created on : 1/10/2002 3:53:14 AM Last accessed : 7/14/2004 7:25:23 PM Last modified : 1/10/2002 3:53:14 AM #:30 [mpfagent.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ThreadCreationTime : 7-14-2004 4:41:18 PM BasePriority : Normal FileSize : 556 KB FileVersion : 5.1.0.8 ProductVersion : 5.1.0.8 Copyright : Copyright CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Agent Interface InternalName : MpfAgent OriginalFilename : MPFAGENT.EXE ProductName : McAfee Personal Firewall (MPF) Created on : 3/23/2004 5:27:12 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 6/7/2004 3:42:20 PM #:31 [wkcalrem.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\ ThreadCreationTime : 7-14-2004 4:41:20 PM BasePriority : Normal FileSize : 24 KB FileVersion : 6.00.1911.0 ProductVersion : 6.00.1911.0 Copyright : Copyright CompanyName : Microsoft FileDescription : Microsoft InternalName : WkCalRem OriginalFilename : WKCALREM.EXE ProductName : Microsoft Created on : 8/7/2001 11:06:54 PM Last accessed : 7/14/2004 7:25:23 PM Last modified : 8/7/2001 11:06:54 PM #:32 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-14-2004 4:41:23 PM BasePriority : Normal FileSize : 80 KB FileVersion : 6.14.10.5216 ProductVersion : 6.14.10.5216 Copyright : (C) NVIDIA Corporation. All rights reserved. CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 52.16 InternalName : NVSVC OriginalFilename : nvsvc32.exe ProductName : NVIDIA Driver Helper Service, Version 52.16 Created on : 10/6/2003 7:16:00 PM Last accessed : 7/14/2004 7:25:24 PM Last modified : 10/6/2003 7:16:00 PM #:33 [sgmain.exe] FilePath : C:\Program Files\SpywareGuard\ ThreadCreationTime : 7-14-2004 4:41:27 PM BasePriority : Normal FileSize : 352 KB FileVersion : 2.02.0001 ProductVersion : 2.02.0001 Copyright : Copyright (C) 2002-2003 Javacool Software LLC FileDescription : SpywareGuard InternalName : sgmain OriginalFilename : sgmain.exe ProductName : SpywareGuard Created on : 8/30/2003 12:05:35 AM Last accessed : 7/14/2004 7:25:24 PM Last modified : 8/30/2003 12:05:35 AM #:34 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-14-2004 4:41:27 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 12/19/2002 2:10:03 PM Last accessed : 7/14/2004 7:22:54 PM Last modified : 8/18/2001 12:00:00 PM #:35 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-14-2004 4:41:33 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-114 ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 12/19/2002 2:10:03 PM Last accessed : 7/14/2004 7:22:54 PM Last modified : 8/18/2001 12:00:00 PM #:36 [sgbhp.exe] FilePath : C:\Program Files\SpywareGuard\ ThreadCreationTime : 7-14-2004 4:41:35 PM BasePriority : Normal FileSize : 228 KB FileVersion : 2.02.0001 ProductVersion : 2.02.0001 Copyright : Copyright (C) 2002-2003 Javacool Software LLC. FileDescription : SG Browser Hijacking Protection InternalName : sgbhp OriginalFilename : sgbhp.exe ProductName : SG Browser Hijacking Protection Created on : 8/29/2003 4:14:56 PM Last accessed : 7/14/2004 7:25:24 PM Last modified : 8/29/2003 4:14:56 PM #:37 [osd.exe] FilePath : C:\Program Files\Netropa\ ThreadCreationTime : 7-14-2004 4:42:59 PM BasePriority : Normal FileSize : 88 KB FileVersion : 2.02 ProductVersion : 2.02 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa(r) Onscreen Display InternalName : OSD OriginalFilename : osd.exe ProductName : Onscreen Display Created on : 1/13/2002 4:40:14 AM Last accessed : 7/14/2004 7:25:24 PM Last modified : 9/19/1850 10:25:13 AM #:38 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ThreadCreationTime : 7-14-2004 7:22:50 PM BasePriority : High FileSize : 220 KB Created on : 3/23/2004 5:57:32 PM Last accessed : 7/14/2004 7:22:50 PM Last modified : 3/13/2002 2:50:34 PM #:39 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ThreadCreationTime : 7-14-2004 7:24:53 PM BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 5/26/2004 2:38:48 PM Last accessed : 7/14/2004 7:25:09 PM Last modified : 7/13/2003 2:00:20 AM Memory scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Started registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Started deep registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page/any-find.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://any-find.com/index.htm" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://any-find.com/index.htm" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bar/any-find.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://any-find.com/sp.htm" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://any-find.com/sp.htm" Deep registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 2 Objects found so far: 2 ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Deep scanning and examining files (C  ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Hosts file scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ 1 entries scanned. New objects :0 Objects found so far: 2 Performing conditional scans.. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Conditional scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 2 2:29:15 PM Scan complete Summary of this scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Total scanning time :00:03:50:547 Objects scanned :53410 Objects identified :2 Objects ignored :0 New objects :2 I reran Hijackthis and see some entries still located there. Please review and advise me on my next course of action. Logfile of HijackThis v1.98.0 Scan saved at 2:51:14 PM, on 7/14/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\Nhksrv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\DELLMMKB.EXE C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\FinePixViewer\QuickDCF.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Netropa\OSD.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Documents and Settings\Louis Sorbo\My Documents\Downloads\HijackThis1980hf.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [SetupType] Portable O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...3/mcinsctl.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.ahtd.state.ar.us/road/acgm.cab We did have some success. My browser is no longer being redirected and the noxious websites do not return to my Favorites. I am having problems in other areas that I suspect may be connected. My McAfee Privacy Service gives me Internet Program Alerts every time I start my computer. I have tried to change the settings within the McAfee Security Center but once the computer is restarted the settings revert back to where they were. I appreciate your help. Things are a lot better than they were before I found your website! Thanks. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
