search pane in IE and Windows Explorer

  • Thread starter Thread starter JJ
  • Start date Start date
J

JJ

Hi,
I'm pretty frustrated at this point. Some nice people
have given me some leads but so far nothing has worked to
stop the search pane from opening automatically in IE and
Explorer. I'm using XP-Pro, with IE 6.0. I'm pasting
the results of the "hijack this" scan and hope someone
can review it and offer advice. Thanks in advance.

JJ

Logfile of HijackThis v1.96.0
Scan saved at 6:35:01 PM, on 8/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files2\Norton AntiVirus\navapsvc.exe
C:\Program Files2\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files2\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files2\Norton Internet Security\SymProxySvc.exe
C:\PROGRA~2\NORTON~1\navapw32.exe
C:\Program Files2\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files2\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files2\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Srng\Srng.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files2\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files2\AdsGone\adsgone.exe
C:\Program Files2\Norton Internet Security\ATRACK.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files2\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JJH\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = IE
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-
1AA7A44296DA} - C:\WINDOWS\System32\Gr02.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-
6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - C:\Program Files\Microsoft
Money\System\mnyside.dll
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-
F3159A5E7778} - C:\Program Files\POP\pop167.dll (file
missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files2\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files2\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~2\NORTON~1
\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files2\Norton
Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32
\\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files2
\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files2
\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files2
\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files2
\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [POP] C:\Program Files\POP\PopSrv146.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program
Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - Startup: AdsGone.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - Startup: MailWasher.lnk = C:\Program Files2
\MailWasher Pro\MailWasher.exe
O4 - User Startup: AdsGone.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - User Startup: MailWasher.lnk = C:\Program Files2
\MailWasher Pro\MailWasher.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AdsGone (HKLM)
O9 - Extra 'Tools' menuitem: &AdsGone Settings (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: symsupportutil - https://www-
secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://www.spywarenuker.com/product/camp/SpywareNuker_com/
SpywareNukerInstaller.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.ca
b
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37767.4682407407
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
 
*Ouch!*

Go to http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE)
http://mvp.support.microsoft.com
Hi,
I'm pretty frustrated at this point. Some nice people
have given me some leads but so far nothing has worked to
stop the search pane from opening automatically in IE and
Explorer. I'm using XP-Pro, with IE 6.0. I'm pasting
the results of the "hijack this" scan and hope someone
can review it and offer advice. Thanks in advance.

JJ

Logfile of HijackThis v1.96.0
Scan saved at 6:35:01 PM, on 8/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files2\Norton AntiVirus\navapsvc.exe
C:\Program Files2\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files2\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files2\Norton Internet Security\SymProxySvc.exe
C:\PROGRA~2\NORTON~1\navapw32.exe
C:\Program Files2\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files2\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files2\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Srng\Srng.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files2\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files2\AdsGone\adsgone.exe
C:\Program Files2\Norton Internet Security\ATRACK.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files2\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JJH\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = IE
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-
1AA7A44296DA} - C:\WINDOWS\System32\Gr02.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-
6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - C:\Program Files\Microsoft
Money\System\mnyside.dll
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-
F3159A5E7778} - C:\Program Files\POP\pop167.dll (file
missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files2\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files2\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~2\NORTON~1
\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files2\Norton
Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32
\\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files2
\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files2
\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files2
\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files2
\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [POP] C:\Program Files\POP\PopSrv146.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program
Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - Startup: AdsGone.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - Startup: MailWasher.lnk = C:\Program Files2
\MailWasher Pro\MailWasher.exe
O4 - User Startup: AdsGone.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - User Startup: MailWasher.lnk = C:\Program Files2
\MailWasher Pro\MailWasher.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AdsGone (HKLM)
O9 - Extra 'Tools' menuitem: &AdsGone Settings (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: symsupportutil - https://www-
secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://www.spywarenuker.com/product/camp/SpywareNuker_com/
SpywareNukerInstaller.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.ca
b
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37767.4682407407
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
Click to expand...
Click to expand...
 
JJ,
Please follow PA Bear's advise and post your log at the Spywareinfo forum.
FYI: you have 2 problems I spotted right off ........
1) ShopNav parasite
http://doxdesk.com/parasite/ShopNav.html

2) SpywareNuker
http://doxdesk.com/parasite/ (scroll down about 2\3 of the page)
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 8-11-03]
Please post replies to this Newsgroup, email address is invalid
--
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
--

JJ said:
Hi,
I'm pretty frustrated at this point. Some nice people
have given me some leads but so far nothing has worked to
stop the search pane from opening automatically in IE and
Explorer. I'm using XP-Pro, with IE 6.0. I'm pasting
the results of the "hijack this" scan and hope someone
can review it and offer advice. Thanks in advance.

JJ

Logfile of HijackThis v1.96.0
Scan saved at 6:35:01 PM, on 8/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files2\Norton AntiVirus\navapsvc.exe
C:\Program Files2\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files2\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files2\Norton Internet Security\SymProxySvc.exe
C:\PROGRA~2\NORTON~1\navapw32.exe
C:\Program Files2\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files2\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files2\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Srng\Srng.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files2\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files2\AdsGone\adsgone.exe
C:\Program Files2\Norton Internet Security\ATRACK.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files2\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JJH\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = IE
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-
1AA7A44296DA} - C:\WINDOWS\System32\Gr02.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-
6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - C:\Program Files\Microsoft
Money\System\mnyside.dll
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-
F3159A5E7778} - C:\Program Files\POP\pop167.dll (file
missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files2\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files2\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~2\NORTON~1
\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files2\Norton
Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32
\\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files2
\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files2
\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files2
\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files2
\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [POP] C:\Program Files\POP\PopSrv146.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program
Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - Startup: AdsGone.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - Startup: MailWasher.lnk = C:\Program Files2
\MailWasher Pro\MailWasher.exe
O4 - User Startup: AdsGone.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - User Startup: MailWasher.lnk = C:\Program Files2
\MailWasher Pro\MailWasher.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files2
\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AdsGone (HKLM)
O9 - Extra 'Tools' menuitem: &AdsGone Settings (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: symsupportutil - https://www-
secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://www.spywarenuker.com/product/camp/SpywareNuker_com/
SpywareNukerInstaller.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.ca
b
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37767.4682407407
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
Click to expand...
 
Back
Top