1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active I.E. 7 homepage hijack by MSN.com

Discussion in 'Malware and Virus Removal Archive' started by ttwotees, 2009/04/24.

  1. 2009/04/24
    ttwotees

    ttwotees Inactive Thread Starter

    Joined:
    2009/04/23
    Messages:
    3
    Likes Received:
    0
    [Active] I.E. 7 homepage hijack by MSN.com

    I just built this PC a few weeks ago and apparenty something I downloaded
    had a stowaway that is doing the following:
    1. Hijacking my MYYAHOO.COM homepage - Each time I set my homepage in
    I.E.7 Tools/Internet Options/Homepage window to my preferred address,
    when I start the I.E. again, www.MSN.com appears. I've set it
    every way and everywhere I know and have researched, but to no avail till I
    arrived at WindowsBBS forum. I've downloaded Hijackthis and below is my log
    file.

    2. I also have a wireless security camera program that was setup to operate
    continuously, but will record by motion detector via wireless antenna/
    receiver,pc card and saves in a pre-set file. This file indicated that I needed
    to re-install the software, but now it will not install the software and shows
    an error message as follows:

    Feature: DSR_Video; Component:
    <blank>; File: <blank>; Error: Catastrophic Failure.

    I'm hoping something will show up in the log file that will cure both of these
    problems. Thanks in advance


    Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:46:40 PM, on 4/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Ahead\InCD\InCDsrv.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    H:\Program Files\GIGABYTE\G.O.M\GCSVR.EXE
    H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    H:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    h:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    H:\Program Files\McAfee\MPF\MPFSrv.exe
    H:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
    H:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
    H:\WINDOWS\System32\snmp.exe
    h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\StorageCraft\ImageManager\ImageManager.exe
    H:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    H:\WINDOWS\System32\vssvc.exe
    H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    H:\WINDOWS\system32\vsnapvss.exe
    H:\WINDOWS\Explorer.EXE
    h:\PROGRA~1\mcafee.com\agent\mcagent.exe
    H:\Program Files\WinZip E-Mail Companion\loadwzco.exe
    H:\WINDOWS\system32\RecvMessage.exe
    H:\Program Files\Java\jre6\bin\jusched.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    H:\Program Files\Ahead\InCD\InCD.exe
    H:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    H:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    H:\Program Files\GIGABYTE\ET6\GUI.exe
    H:\Program Files\Pure Networks\Network Magic\nmapp.exe
    H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    H:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    H:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    H:\Program Files\Palm\Hotsync.exe
    H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    H:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    H:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    H:\Program Files\Secunia\PSI\psi.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myyahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - ~0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file)
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - H:\Documents and Settings\Truman Trekell\Local Settings\Application Data\CyberDefender\cdmyidd.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - H:\Documents and Settings\Truman Trekell\Local Settings\Application Data\CyberDefender\cdmyidd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - H:\Documents and Settings\Truman Trekell\Local Settings\Application Data\CyberDefender\cdmyidd.dll
    O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "H:\Program Files\WinZip E-Mail Companion\loadwzco.exe "
    O4 - HKLM\..\Run: [tray3] H:\WINDOWS\system32\RecvMessage.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] "H:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [ISUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [IAAnotif] H:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [GBTUpd] H:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
    O4 - HKLM\..\Run: [EasyTuneVI] H:\Program Files\GIGABYTE\ET6\ETcall.exe
    O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [nmctxth] "H:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
    O4 - HKLM\..\Run: [nmapp] "H:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [FRYMXINS] "H:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl "
    O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [TomTomHOME.exe] "H:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe "
    O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "H:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: MailWasherPro.lnk = H:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O4 - Startup: Secunia PSI.lnk = H:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HotSync Manager.lnk = H:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Microtek Scanner Finder.lnk = H:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O4 - Global Startup: Nikon Monitor.lnk = H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = H:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236921144109
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - H:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: COM Service - Unknown owner - H:\Program Files\GIGABYTE\G.O.M\GCSVR.EXE
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - H:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - H:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - H:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
    O23 - Service: StorageCraft Image Manager - StorageCraft Technology Corporation - H:\Program Files\StorageCraft\ImageManager\ImageManager.exe
    O23 - Service: TomTomHOMEService - TomTom - H:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - H:\WINDOWS\system32\vsnapvss.exe

    --
     
    ttwotees,
    #1
  2. 2009/05/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Sorry for the wait.

    I'm not seeing any malware in the log.

    Please do this.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - ~0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file)
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Set you home page as you want it.

    Reboot

    Let me know if that helped.

    As far as your security camera Make sure you remove it in add/remove programs and then reinstall it.
    If you have done that or if it doesn't work then post the problem here.
    Other Software

    Geri
     
    Geri,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...