[mysearchnow] - Computers



Search Tech-Forums - link takes you to our Forum's search page.

Note: The following is only a text archive!

To view the actual forum discussion, please visit our website at http://www.tech-forums.net

Pages:1


mysearchnow

(Click here to view the original thread with full colors/images)


Posted by: potfishpie

I have some spyware called mysearchnow.com on IE. it has two annoying bars and it's changed my home page. spybot and adaware don't remove it, will hijackthis work? Here is my log, is it ok??
Logfile of HijackThis v1.98.2
Scan saved at 17:59:21, on 03/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\OEJB\VEQVRD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALONEMESSAGECENTER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\CUCUSOFT\AVI-DVD-PRO\AVI2MPGPRO.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.opvwyqjtzpou.com/ kNoo0fHet3ovRRGQ0Ih6g3QWShomVdAESyAzzu7EcUHXslGI4e
nPwo8w2BHagiN/.htm[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://minisearch.startnow.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [url]http://minisearch.startnow.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRAM FILES\MASS DOWNLOADER\MDHELPER.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {26361263-F2CA-3649-C8AC-6C43853959F7} - C:\WINDOWS\SYSTEM\sbmcxdqw\uesmtinh.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {F63C5B76-F9FB-2E3C-EFC4-5F2E908F0579} - C:\WINDOWS\APPLICATION DATA\GREAT WEB PURE\DARTMULTI.EXE
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VEQVRD] C:\WINDOWS\SYSTEM\OEJB\VEQVRD.EXE
O4 - HKLM\..\Run: [vx4U5xa] C:\WINDOWS\UWETIF.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [WindowBlahGlueBase] C:\WINDOWS\All Users\Application Data\movesafewindowblah\Safefor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\GRISOFT\AVG7\AVGREGCL.EXE /BOOT
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [ballone] C:\WINDOWS\APPLIC~1\BYTEBU~1\movemess.exe
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [ballone] C:\WINDOWS\APPLIC~1\BYTEBU~1\movemess.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\PROGRAM FILES\MASS DOWNLOADER\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\PROGRAM FILES\MASS DOWNLOADER\Add_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - [url]http://64.158.165.143/100039/uk/gegames/geaccess.exe[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/0896fe6c06cb899aac21/netzip/RdxIE601.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - [url]http://www.ravantivirus.com/scan/ravonline.cab[/url]
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab[/url]


Posted by: rstones12

potfishpie,
Welcome to the Tech-Forums,
Please do the following items:

First off you have an outdated version of HiJackThis. You can go here to download the newest version: [URL=http://www.majorgeeks.com/download3155.html]HijackThis 1.99.1[/URL].

You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your [b]C:\[/b] drive called [b]C:\HJT[/b], download and unzip HijackThis into that directory. Run the program from that directory from now on.

[b][color=green][size=3]STEPS For Creating Folder[/size][/color][/b]
[list=1]
[b]1.[/b] Please go to My Computer, open your [b]C:\[/b] drive, Select: New >> Folder and name the folder [b]HJT[/b].

[b]2.[/b] Download HijackThis to the new folder:

[b]3.[/b] Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

[b]4.[/b] Close ALL windows except HJT

[b]5.[/b] SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

[b]6.[/b] POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
[/list]
[color=red]Please make sure you post the entire log including the top portion:[/color]

[b]DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER[/b]

Once you have done this please post back a new log using version 1.99.1

Thanks,
rstones12


Posted by: southernlady

Closed. Liz




vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited.


PPC Management
vB Easy Archive Final - Created by Xenon