1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Can't access search sites [HijackThis Log]

Discussion in 'Malware and Virus Removal Archive' started by Todd66, 2006/03/12.

  1. 2006/03/12
    Todd66

    Todd66 Inactive Thread Starter

    Joined:
    2006/03/12
    Messages:
    1
    Likes Received:
    0
    I cannot access Google, Yahoo, etc. I always have
    Norton Internet Security running. In addition, I ran AdAware, Ewido, HiJack This and Microsofts online security check. While I did eliminate several tracking cookies, I am still unable to get to the search sites. Any help is greatly appreciated.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:53:23 PM, on 3/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Video Enhanced\MSNVE.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for

    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://216.239.53.99/
    O2 - BHO: Yahoo! Companion BHO -

    {02478D38-C3F9-4efb-9B51-7695ECA05670} -

    C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}

    - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper -

    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class -

    {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

    Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -

    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus -

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

    Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog

    Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType

    Pro\type32.exe "
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

    IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe "
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet

    Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video

    Enhanced\MSNVE.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program

    files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program

    files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}

    - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

    (EPUImageControl Class) -

    http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

    http://software-dl.real.com/304f6832a1fc41d1bb22/netzip/RdxIE601.cab
    O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E}

    (MavenBootInstallerAXControl Class) -

    http://client.maven.net/client/mavenBootInstaller.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -

    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content

    Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX

    Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -

    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE

    Class) -

    http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools

    WebPlayer Class) -

    http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Insta

    ll3.0/Installer.exe
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} -

    http://www.mtv.com/overdrive/bin/setup.exe
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX

    Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{C3AFA1F5-252A-409E-8A68-0682EFB4

    FA34}: NameServer = 63.64.9.11,63.64.9.19
    O23 - Service: Ati HotKey Poller - Unknown owner -

    C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner -

    C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program

    Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program

    Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec

    Corporation - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\navapsvc.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America,

    Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -

    Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
     
    Todd66,
    #1
  2. 2006/03/13
    charlesvar

    charlesvar Inactive Alumni

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Hello Todd,

    To start with, look at your HOSTS file:

    WINDOWS\System32\Drivers\etc

    Open with Notepad and see if there are any Google or Yahoo entries in there.

    If you have the standard HOSTS file, there should be only one entry in there:
    127.0.0.1 localhost

    Regards - Charles
     
    charlesvar,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...