Nssfrch Toolbar

vkb
vkb
in Malware talk

Hi, I am getting nssfrch toolbar in my IE. How to remove it? I ran superantispyware but it didnt remove the nssfrch toolbar. Can anyone please help?


Thanks,


vkb

Comments

  • alexcrist
    alexcrist

    Hello vkb,


    Please post a HijackThis! log.


    Cris.

  • ldtuck001
    ldtuck001
    Hi, I am getting nssfrch toolbar in my IE. How to remove it? I ran superantispyware but it didnt remove the nssfrch toolbar. Can anyone please help?


    Thanks,


    vkb


    hi cris i'm getting the nssfrch toolbar and want it gone here is my hijack log


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 1:47:22 AM, on 10/29/2007


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16544)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe


    C:\WINDOWS\Explorer.EXE


    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe


    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


    C:\WINDOWS\System32\WLTRYSVC.EXE


    C:\WINDOWS\System32\bcmwltry.exe


    C:\WINDOWS\system32\LEXBCES.EXE


    C:\WINDOWS\system32\LEXPPS.EXE


    C:\WINDOWS\system32\spoolsv.exe


    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe


    C:\WINDOWS\System32\GEARSec.exe


    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe


    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe


    C:\Program Files\Norton Ghost\Agent\VProSvc.exe


    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe


    C:\WINDOWS\system32\hkcmd.exe


    C:\WINDOWS\system32\igfxpers.exe


    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


    C:\WINDOWS\system32\igfxsrvc.exe


    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


    C:\WINDOWS\system32\WLTRAY.exe


    C:\WINDOWS\stsystra.exe


    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe


    C:\WINDOWS\system32\dla\tfswctrl.exe


    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


    C:\Program Files\Dell\Media Experience\DMXLauncher.exe


    C:\Program Files\Common Files\Symantec Shared\ccApp.exe


    C:\Program Files\Norton Ghost\Agent\GhostTray.exe


    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe


    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe


    C:\Program Files\QuickTime\qttask.exe


    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


    C:\Program Files\AT&T\Internet Security Wizard\ISW.exe


    C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe


    C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe


    C:\Program Files\NetWaiting\netWaiting.exe


    C:\Program Files\Dell Support\DSAgnt.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


    C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe


    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe


    C:\Program Files\Digital Line Detect\DLG.exe


    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe


    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe


    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe


    C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe


    C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\CCleaner\CCleaner.exe


    C:\WINDOWS\system32\msiexec.exe


    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe


    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


    C:\Program Files\Internet Explorer\iexplore.exe


    C:\Program Files\Internet Explorer\iexplore.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061003


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061003


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


    O2 - BHO: (no name) - rsion - (no file)


    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


    O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll


    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll


    O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL


    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


    O2 - BHO: (no name) - ¸@3D70E-1895-11CF-8E15-001234567890} - (no file)


    O2 - BHO: (no name) - è@497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)


    O2 - BHO: (no name) - ˆ@68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


    O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


    O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL


    O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll


    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe


    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe


    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"


    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe


    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe


    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"


    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe


    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup


    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start


    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe


    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"


    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe


    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup


    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"


    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


    O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN


    O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"


    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"


    O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"


    O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s


    O4 - HKLM\..\Run: [spywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot


    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe


    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


    O4 - HKCU\..\Run: [spywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot


    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')


    O4 - Global Startup: Digital Line Detect.lnk = ?


    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe


    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html


    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021MWUS


    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000


    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm


    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm


    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL


    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab


    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab


    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab


    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe


    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe


    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe


    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe


    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe


    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe


    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe


    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe


    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe


    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe


    O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe


    O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe


    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


    --


    End of file - 14121 bytes

All Time Leaders

Categories

Defenders of the month