nodapic Posted September 15, 2007 Report Share Posted September 15, 2007 Hey y'all,I guess my search engine has been hijacked... So over the passed few hours I have been trying to fix it but no matter what I do it does not work. I do not seem to be the only one with this problem but when I do what they did to resolve their problem it does not solve mine.Here is a description:When I use IE7 and do a search on engines such as google, msn, yahoo, etc. I always get answers from commercial sites such as toseeka.com, MonsterMarketPlace.com, upspiral.us, HartfordYork.com, GetStuff.com, etc. Also, I cannot access my gmail account (it says that the security certificate is out of date, I can access google.com fine though). So, I figure that I should go and try to find pages that talk about is and that would have ways to fix it. Well, guess what, that hijack virus thing knows what pages to block and whenever I try to go to a support page, IE tells me that the site cannot be accessed. Nonetheless, I was able to get a hold of some help and I used some scripts to create logs. Here are some of the logs:HijackThis.exe:Logfile of HijackThis v1.99.1Scan saved at 2:36:00 PM, on 9/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell AIO Printer A940\dlbabmgr.exeC:\Program Files\Dell AIO Printer A940\dlbabmon.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cabO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeI also ran Fixwareout,exe adn mdlagentuj.exe but neither of them helped any...One interesting thing I noticed was that Firefox was not affected by the search result problem; however, it still did not let me go to any support sites. And gmail did not work either.Another thing that I checked was whether the DNS server was hijacked and that was not the case (it is automatically detect dns settings).You see, I am running out of options and would greatly appreciate any help!Thank you very much,BricePS: neither Norton, Spybot, Adaware or AVG could help on this... Link to post Share on other sites
rmurphy Posted September 17, 2007 Report Share Posted September 17, 2007 Hi there, and welcome to Besttechie! I'm Ryan, and I'll be helping you with your computer troubles.You will want to print out these instructions, or save them to notepad so that you can refer to them later.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please do an online scan with Kaspersky WebScanner You will need to use Internet Explorer to do thisClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.Next, go to start > Run and paste in the following: ipconfig >> dns.txt && notepad dns.txt and then press enter. Notepad will open, post the contents of it, along with the Kaspersky log.-Ryan Link to post Share on other sites
nodapic Posted October 2, 2007 Author Report Share Posted October 2, 2007 Hi Ryan,Thank you for your input -- I am sorry it took me so long to get back to you; very impolite of me.... The computer I am trying to fix is at my home and I am currently at school. I will post the new logs as soon as I get back there and have a chance of trying it again.thanks again,Brice Link to post Share on other sites
rmurphy Posted October 2, 2007 Report Share Posted October 2, 2007 OK. Send me a PM when you are able to post again.-Ryan Link to post Share on other sites
nodapic Posted November 13, 2007 Author Report Share Posted November 13, 2007 I reran HJT under a new name; it produced this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:43:01 AM, on 11/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Dell AIO Printer A940\dlbabmgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Dell AIO Printer A940\dlbabmon.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\winlogon.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\WordPerfect Office 11\Programs\wpwin11.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\ugga\ugga\ugga.exeO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-21-1085031214-1935655697-682003330-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sara')O4 - HKUS\S-1-5-21-1085031214-1935655697-682003330-1025\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Jeana')O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 4899 bytesThanks Ryan,Brice Link to post Share on other sites
rmurphy Posted November 14, 2007 Report Share Posted November 14, 2007 That looks good, and I didn't notice anything out of the ordinary in the KAV scan. How is your computer running?-Ryan Link to post Share on other sites
nodapic Posted November 23, 2007 Author Report Share Posted November 23, 2007 Hi Ryan,Thanks for your continuous help! As far as I can tell my computer runs fine; it does not take too much time to start up or is excessively slow processing. I did some more scanning, do you see something?---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 12:22:13 PM 11/23/2007 + Scan result: C:\System Volume Information\_restore{F84BD1EF-7F84-4585-8645-C54A23116FC8}\RP52\A0235015.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).C:\Documents and Settings\Galen.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\jeana@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.:mozilla.7:C:\Documents and Settings\Administrator.YODERS\Application Data\Mozilla\Firefox\Profiles\4n3dgxpa.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@overture[1].txt -> TrackingCookie.Overture : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\jeana@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\jeana@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.:mozilla.11:C:\Documents and Settings\Administrator.YODERS\Application Data\Mozilla\Firefox\Profiles\4n3dgxpa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.C:\Documents and Settings\Galen.YODERS\Cookies\galen@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\jeana@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.C:\Documents and Settings\Jeana.YODERS\Cookies\jeana@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.C:\Documents and Settings\Sara.YODERS\Cookies\sara@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.:mozilla.8:C:\Documents and Settings\Administrator.YODERS\Application Data\Mozilla\Firefox\Profiles\4n3dgxpa.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.::Report endNew Hijackthis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:34:04 PM, on 11/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell AIO Printer A940\dlbabmgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Dell AIO Printer A940\dlbabmon.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\ugga\ugga\ugga.exeO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 4623 bytesUnfortunately this did not change the behavior of the Search Engines or let me access my gmail.... I hope you have some more ideas..... Thanks again,Brice Link to post Share on other sites
rmurphy Posted November 23, 2007 Report Share Posted November 23, 2007 Congratulations, your log is clean For information on how to protect yourself in the future, read Infection PreventionDo you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.-Ryan Link to post Share on other sites
nodapic Posted November 23, 2007 Author Report Share Posted November 23, 2007 Hi Ryan,Thanks for the quick answer! I am still a little puzzled; the search engines are still hijacked and I still can't access gmail - do you think it might be a virus?Brice Link to post Share on other sites
rmurphy Posted November 23, 2007 Report Share Posted November 23, 2007 Open notepad and post the contents of the box below into it:ipconfig >> nodapic.txtnodapic.txtSave the file as "ipconfig.bat" (include the quotes) to your desktop.Double click the ipconfig.bat file; a black window will flash open then close - this is normal.Notepad will open with some text in it, please post that text.-Ryan Link to post Share on other sites
Recommended Posts