PLEASE SUPPLY RELEVANT INFORMATION:Operating System Version:XPHome SP2
Problem Application Name & Version:69s*xsearch
Problem Hardware Make & Model:
Error Messages: browser hijacked !! HELP !! I'm not real savvy about repairing this, so very clear instructions will be much appreciated.
Logfile of HijackThis v1.99.0
Scan saved at 3:10:22 PM, on 1/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\dptiheltm.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martha\My Documents\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://realsearch.cc/?a=2R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://realsearch.cc/?a=2R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://realsearch.cc/?a=2R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://realsearch.cc/?a=2R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://realsearch.cc/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8l.hpwis.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://realsearch.cc/?a=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://realsearch.cc/?a=2R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://realsearch.cc/?a=2R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://realsearch.cc/?a=2R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =
http://realsearch.cc/?a=2R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =
http://realsearch.cc/?a=2R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://us8l.hpwis.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [8D267E86] C:\WINDOWS\system32\dptiheltm.exe
O4 - HKLM\..\Run: [E1AEB946] C:\WINDOWS\system32\acti2dios.exe
O4 - HKLM\..\Run: [FD8E57CE] C:\WINDOWS\system32\editror.exe
O4 - HKLM\..\Run: [93925DEE] C:\WINDOWS\system32\4svpmes.exe
O4 - HKLM\..\Run: [049B4806] C:\WINDOWS\system32\utcactl3.exe
O4 - HKLM\..\Run: [E8225A8E] C:\WINDOWS\system32\acneomorp.exe
O4 - HKLM\..\Run: [81A1DAE6] C:\WINDOWS\system32\parsg32.exe
O4 - HKLM\..\Run: [A83A12EB] C:\WINDOWS\system32\ctxpdsot.exe
O4 - HKLM\..\Run: [D022FC4E] C:\WINDOWS\system32\aamcluace.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [8BB78F73] C:\WINDOWS\system32\upvidmgr.exe
O4 - HKLM\..\Run: [89CC24C3] C:\WINDOWS\system32\sfsikcio.exe
O4 - HKLM\..\Run: [C182CED6] C:\WINDOWS\system32\o4svbthewm.exe
O4 - HKLM\..\Run: [9BB8CEDB] C:\WINDOWS\system32\bidbvi.exe
O4 - HKLM\..\Run: [FD100CF6] C:\WINDOWS\system32\acepatuapi.exe
O4 - HKLM\..\Run: [898EBA8B] C:\WINDOWS\system32\cnod3dcl.exe
O4 - HKLM\..\Run: [A709E76B] C:\WINDOWS\system32\tiimet.exe
O4 - HKLM\..\Run: [FA3854EE] C:\WINDOWS\system32\extodithci.exe
O4 - HKLM\..\Run: [8C7D9176] C:\WINDOWS\system32\mstrerro.exe
O4 - HKLM\..\Run: [DA7F520E] C:\WINDOWS\system32\xprxtr3d2a.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [8D267E86] C:\WINDOWS\system32\dptiheltm.exe
O4 - HKCU\..\Run: [E1AEB946] C:\WINDOWS\system32\acti2dios.exe
O4 - HKCU\..\Run: [FD8E57CE] C:\WINDOWS\system32\editror.exe
O4 - HKCU\..\Run: [93925DEE] C:\WINDOWS\system32\4svpmes.exe
O4 - HKCU\..\Run: [049B4806] C:\WINDOWS\system32\utcactl3.exe
O4 - HKCU\..\Run: [E8225A8E] C:\WINDOWS\system32\acneomorp.exe
O4 - HKCU\..\Run: [81A1DAE6] C:\WINDOWS\system32\parsg32.exe
O4 - HKCU\..\Run: [A83A12EB] C:\WINDOWS\system32\ctxpdsot.exe
O4 - HKCU\..\Run: [D022FC4E] C:\WINDOWS\system32\aamcluace.exe
O4 - HKCU\..\Run: [8BB78F73] C:\WINDOWS\system32\upvidmgr.exe
O4 - HKCU\..\Run: [89CC24C3] C:\WINDOWS\system32\sfsikcio.exe
O4 - HKCU\..\Run: [C182CED6] C:\WINDOWS\system32\o4svbthewm.exe
O4 - HKCU\..\Run: [9BB8CEDB] C:\WINDOWS\system32\bidbvi.exe
O4 - HKCU\..\Run: [FD100CF6] C:\WINDOWS\system32\acepatuapi.exe
O4 - HKCU\..\Run: [898EBA8B] C:\WINDOWS\system32\cnod3dcl.exe
O4 - HKCU\..\Run: [A709E76B] C:\WINDOWS\system32\tiimet.exe
O4 - HKCU\..\Run: [FA3854EE] C:\WINDOWS\system32\extodithci.exe
O4 - HKCU\..\Run: [8C7D9176] C:\WINDOWS\system32\mstrerro.exe
O4 - HKCU\..\Run: [DA7F520E] C:\WINDOWS\system32\xprxtr3d2a.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: http://*.69s*xsearch.com
O16 - DPF: Video Poker -
http://download.games.yahoo.com/games/clients/y/vpt0_x.cabO16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/games/clients/y/jt0_x.cabO16 - DPF: Yahoo! Dominoes -
http://download.games.yahoo.com/games/clients/y/dot8_x.cabO16 - DPF: Yahoo! Gin -
http://download.games.yahoo.com/games/clients/y/nt1_x.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe