superwebsearch

Discussion in 'SpywareBlaster & Other Forum' started by Sharon, Oct 7, 2004.

Thread Status:
Not open for further replies.
  1. Sharon

    Sharon Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    11
    Hello,
    I haven't posted in quite some time.
    I had to use IE6 yesterday and seem to have superwebsearch on my computer. I have read the post pertaining to this and as far as I can tell, I do not have any of the files listed. Adaware and Spybot didn't find anything. But when I ran Hijack this, it found:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/

    I had it clean the two entries. When I ran Spysweeper it found: Ezula iLookup, version 2.0 Adware: WildMedia, version 1. I had it clean everything. When I rebooted Spyware Blaster popped up with this:

    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 13:05:22 10/06/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Search Bar
    Old Value: <none>
    New Value: http://www.superwebsearch.com/ie/
    User Action Taken: RESTORE OLD VALUE

    I don't know how to clean this up. In all the searching I've done, there isn't one file relating to any of the spyware found. So, my question is why is superwebsearch still trying to change my home page? I've also run CWShredder and mini removal coolwebsearch smartkiller, it hasn't found anything. This is the latest HJT log:
    I question this entry C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS What is it? I haven't downloaded anything from Lanovation.

    Logfile of HijackThis v1.97.7
    Scan saved at 5:42:22 PM, on 10/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.webroot.com/php/disp0201...=2&mjv=5&mnv=5&bld=19&cd=&dcc=&drc=&mo=2&sid=
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\15bn0auu.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Sharon\Application Data\Mozilla\Profiles\default\15bn0auu.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095213295093
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    Thank you,
    Sharon
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
Thread Status:
Not open for further replies.