Your-Searcher / win min problem - Page 2

BryanC · 11-29-2004, 01:42 PM

same c*** even in safe mode

MicroBell · 11-29-2004, 01:56 PM

OK...try again..but this time shut down Norton and it's Auto Protect feature and disconnect from the internet. The look.log file thats in the folder....does it contain this same garbage? When it says "Can't find look.log make new" say NO .Maybe try downloading the Ms4Hd_look file again. I know it works...as I have XP and have run this tool.

The log should look simular to this....

This is the MS4Look log: hdr.dll] = "d" (REG_SZ) (0 bytes)

----------------------------------------
Handle OK.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes
(key has 0 subkeys and 14 value entries - last modified 08:22(UTC) 20/11/2004)
[ie4unit.exe] = "d" (REG_SZ) (0 bytes)
[ipxroutex.exe] = "d" (REG_SZ) (0 bytes)
[service.exe] = "d" (REG_SZ) (0 bytes)
[rdshost32.exe] = "d" (REG_SZ) (0 bytes)
[rshe.exe] = "d" (REG_SZ) (0 bytes)
[net2.exe] = "d" (REG_SZ) (0 bytes)
[mqsvch.exe] = "d" (REG_SZ) (0 bytes)
[dllhostxp.exe] = "d" (REG_SZ) (0 bytes)
[extrac16.exe] = "d" (REG_SZ) (0 bytes)
[mqbckup.exe] = "d" (REG_SZ) (0 bytes)
[pxhping.exe] = "d" (REG_SZ) (0 bytes)
[rdpnr.exe] = "d" (REG_SZ) (0 bytes)
[slservc.exe] = "d" (REG_SZ) (0 bytes)
[clfmon.exe] = "d" (REG_SZ) (0 bytes)

BryanC · 11-29-2004, 02:43 PM

same problem still.

went back to safe mode where i no nortons doesnt run and still same porb.

if i click no it wont generate the log. it will just create the err.log

MicroBell · 11-29-2004, 05:02 PM

BryanC:

I contacted the programmer on this since this fix is new to me and wasn't sure if I missed a step. Please make sure you have unziped those 3 files to a folder on the root of C:\ For example make a folder on C: drive called MS4Look and unzip it there and ALL 3 files (2EXE 1BAT MUST be in same folder). This program will not run from a TEMP directory or from the zip file thats open. Also if you have any Script blocking software installed..it will need disabled.

shark · 11-30-2004, 04:35 AM

I also have a problem with this - (O15 - Trusted Zone: http://*.63.219.181.7).

I just ran the ms4look.exe and it gave me that list.

BryanC · 11-30-2004, 10:44 AM

i have this installed on my 2nd hard drive but i will transfer if to C: now and will retry. Would the problem be solved if I removed internet explorer and reinstalled it?

no difference on C: either

ive added...

O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: *.frame.crazywinnings.com

to the restricted zones on ie. not sure if that will make a difference either.

BryanC · 11-30-2004, 12:20 PM

on another forum i found this....

Download this file rem.zip from http://forums.net-integration.net/i...=post&id=117038
or
http://forums.skads.org/index.php?a...type=post&id=33

The person had the same trusted website problem and run that. Later the person said he got rid of it without removing anything. didnt say what or if he did anything tho. Would anyone be able to read those logs if i tried that?

Cheers

MicroBell · 11-30-2004, 02:54 PM

Well....Your top link doesn't work. And I could not find the thread in the other...but it's good bet it won't work. This orginal hijack was easy to remove but they changed the way it's installed. So he can no longer be removed like it was before.

Ok..lets try this. Reboot into safe mode and run regedit. Navigate to the following key....

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd

Click file...export..on the bottom select "Save as TXT File. On the bottom box make sure "Just Selected Key" is checked..and NOT All! Open that text file and copy it's content into your next post. If it's really big...just attach the TXT file to the post.

BryanC · 12-02-2004, 09:58 AM

here is the regedit log

BryanC · 12-04-2004, 08:14 AM

Ive formatted my pc as the problem was still occuring and my dad wasnt happy with what was being shown.

I am now using firefox explorer which hopfeully will protect my pc a little better.

Thanks to all for your help and time with the problem i had.

Bryan

greyknight17 · 12-04-2004, 08:38 AM

I would install SpywareBlaster since it protects Mozilla/Firefox also:

To help prevent future spyware installations/infections, please read the Anti-Spyware Section and use the tools provided.

11-29-2004, 01:42 PM	#21 (permalink)
BryanC Registered User Join Date: Nov 2004 Posts: 16 OS: win xp	same c*** even in safe mode Last edited by CTSNKY : 11-30-2004 at 10:18 AM.

11-29-2004, 01:56 PM	#22 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,954 OS: Windows XP-Pro SP2	OK...try again..but this time shut down Norton and it's Auto Protect feature and disconnect from the internet. The look.log file thats in the folder....does it contain this same garbage? When it says "Can't find look.log make new" say NO .Maybe try downloading the Ms4Hd_look file again. I know it works...as I have XP and have run this tool. The log should look simular to this.... This is the MS4Look log: hdr.dll] = "d" (REG_SZ) (0 bytes) ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes (key has 0 subkeys and 14 value entries - last modified 08:22(UTC) 20/11/2004) [ie4unit.exe] = "d" (REG_SZ) (0 bytes) [ipxroutex.exe] = "d" (REG_SZ) (0 bytes) [service.exe] = "d" (REG_SZ) (0 bytes) [rdshost32.exe] = "d" (REG_SZ) (0 bytes) [rshe.exe] = "d" (REG_SZ) (0 bytes) [net2.exe] = "d" (REG_SZ) (0 bytes) [mqsvch.exe] = "d" (REG_SZ) (0 bytes) [dllhostxp.exe] = "d" (REG_SZ) (0 bytes) [extrac16.exe] = "d" (REG_SZ) (0 bytes) [mqbckup.exe] = "d" (REG_SZ) (0 bytes) [pxhping.exe] = "d" (REG_SZ) (0 bytes) [rdpnr.exe] = "d" (REG_SZ) (0 bytes) [slservc.exe] = "d" (REG_SZ) (0 bytes) [clfmon.exe] = "d" (REG_SZ) (0 bytes) __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

11-29-2004, 05:02 PM	#24 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,954 OS: Windows XP-Pro SP2	BryanC: I contacted the programmer on this since this fix is new to me and wasn't sure if I missed a step. Please make sure you have unziped those 3 files to a folder on the root of C:\ For example make a folder on C: drive called MS4Look and unzip it there and ALL 3 files (2EXE 1BAT MUST be in same folder). This program will not run from a TEMP directory or from the zip file thats open. Also if you have any Script blocking software installed..it will need disabled. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

11-30-2004, 04:35 AM	#25 (permalink)
shark Registered User Join Date: Nov 2004 Posts: 1 OS: WinXP	I also have a problem with this - (O15 - Trusted Zone: http://.63.219.181.7). I just ran the ms4look.exe and it gave me that list. Last edited by shark : 11-30-2004 at 04:47 AM.*

11-30-2004, 10:44 AM	#26 (permalink)
BryanC Registered User Join Date: Nov 2004 Posts: 16 OS: win xp	i have this installed on my 2nd hard drive but i will transfer if to C: now and will retry. Would the problem be solved if I removed internet explorer and reinstalled it? no difference on C: either ive added... O15 - Trusted Zone: http://.63.219.181.7 O15 - Trusted Zone: .frame.crazywinnings.com to the restricted zones on ie. not sure if that will make a difference either. Last edited by BryanC : 11-30-2004 at 10:57 AM.

11-29-2004, 02:43 PM	#23 (permalink)
BryanC Registered User Join Date: Nov 2004 Posts: 16 OS: win xp	same problem still. went back to safe mode where i no nortons doesnt run and still same porb. if i click no it wont generate the log. it will just create the err.log

11-30-2004, 12:20 PM	#27 (permalink)
BryanC Registered User Join Date: Nov 2004 Posts: 16 OS: win xp	on another forum i found this.... Download this file rem.zip from http://forums.net-integration.net/i...=post&id=117038 or http://forums.skads.org/index.php?a...type=post&id=33 The person had the same trusted website problem and run that. Later the person said he got rid of it without removing anything. didnt say what or if he did anything tho. Would anyone be able to read those logs if i tried that? Cheers

11-30-2004, 02:54 PM	#28 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,954 OS: Windows XP-Pro SP2	Well....Your top link doesn't work. And I could not find the thread in the other...but it's good bet it won't work. This orginal hijack was easy to remove but they changed the way it's installed. So he can no longer be removed like it was before. Ok..lets try this. Reboot into safe mode and run regedit. Navigate to the following key.... HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd Click file...export..on the bottom select "Save as TXT File. On the bottom box make sure "Just Selected Key" is checked..and NOT All! Open that text file and copy it's content into your next post. If it's really big...just attach the TXT file to the post. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

12-02-2004, 09:58 AM	#29 (permalink)
BryanC Registered User Join Date: Nov 2004 Posts: 16 OS: win xp	here is the regedit log

12-04-2004, 08:14 AM	#30 (permalink)
BryanC Registered User Join Date: Nov 2004 Posts: 16 OS: win xp	Ive formatted my pc as the problem was still occuring and my dad wasnt happy with what was being shown. I am now using firefox explorer which hopfeully will protect my pc a little better. Thanks to all for your help and time with the problem i had. Bryan

12-04-2004, 08:38 AM	#31 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,327 OS: Windows 98 & Windows XP Home/Pro My System	I would install SpywareBlaster since it protects Mozilla/Firefox also: To help prevent future spyware installations/infections, please read the Anti-Spyware Section and use the tools provided. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools