Search Engine Hijack

[andy99]

Please Help,

Everytime I complete a search using any of my engines i.e. google/yahoo/freeserve a few seconds later i get a second search engine pop up with results, which are invariably naff.

It displays itself as http://search-company.com, how do I get rid of this annoying pest.

I've tried spybot/ad-adware/intenet options but cannot find any control to switch it off.


Any help much appreciated

[Lobos]

Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.

[Kim2]

I too have this problem. My search engine list changes after about 3 seconds, and I can only get back the "real" list if I hit enter several times in the address box.

I also had about:blank but think I finally gotten rid of it (has been 2 days).

I did the above as suggested by Lobos Blanco and below is my logfile. Any help would really be appreciated. I really want my computer back!

Logfile of HijackThis v1.97.7
Scan saved at 7:40:45 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\essspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Find'n'Block Personal Firewall\Find'n'Block.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\google.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\google.htm
O2 - BHO: (no name) - {3820F798-6E62-0E04-C236-681CFE0F719F} - C:\WINDOWS\System32\dmqkpvni.dll
O2 - BHO: (no name) - {8A3C5EBB-DB92-A11B-3A0B-614BAC36A6B2} - C:\WINDOWS\System32\nnxrzreo.dll
O2 - BHO: (no name) - {C7ED8FD1-36E8-C638-3628-962DFB782EA2} - C:\WINDOWS\System32\jruebfvk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Find'n'Block Personal Firewall.lnk = C:\Program Files\Find'n'Block Personal Firewall\Find'n'Block.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...046.4516898148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

[Lobos]

Hi kim2


Do this

enable the viewing of Hidden files follow these steps:

How to see Hidden files and Folders
--------------------------------------------------------------------------

Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one
O2 - BHO: (no name) - {3820F798-6E62-0E04-C236-681CFE0F719F} - C:\WINDOWS\System32\dmqkpvni.dll
O2 - BHO: (no name) - {8A3C5EBB-DB92-A11B-3A0B-614BAC36A6B2} - C:\WINDOWS\System32\nnxrzreo.dll
O2 - BHO: (no name) - {C7ED8FD1-36E8-C638-3628-962DFB782EA2} - C:\WINDOWS\System32\jruebfvk.dll

-----------------------------------------------------------------------------------------------------------------------------------

reboot to normal

delete these files

C:\WINDOWS\System32\jruebfvk.dll
C:\WINDOWS\System32\nnxrzreo.dll
C:\WINDOWS\System32\dmqkpvni.dll

then

Click here to download AdAware 6 181

Run AdAware
Before you scan with AdAware, check for updates of the reference file 01R326 01.07.2004
by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files

Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.

and uncheck..

Automatically try to unregister objects prior to deletion.

Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them
Restart your computer

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Spybot - Search & Destroy 1.3

Then go Click here and download Spybot Search & Destroy 1.3

Install the program and launch it.

Before scanning press Online and Search for Updates.

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

come back Post another hijack this log and tell me how you computers running

Lobos

[Kim2]

Hi LobosBlanco,

It's been 24 hours since I followed your instructions and my computer is still fine.

For your info, when I tried to delete the three files, they were already gone (I also did a search of my hard drive just in case).

Thanks so much for your excellent help!

Kim2