Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Also Having Problem with Seach-Control

--------------------------------------------------------------------------------

I'm new here and this problem has been consistent ... I've just downloaded and ran HJT and here is the log. What is safe to delete here, etc.

Thanks,
Eva

Logfile of HijackThis v1.98.2
Scan saved at 1:03:04 PM, on 8/22/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-control.com/srh/165/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/165/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-control.com/srh/165/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-control.com/srh/165/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-control.com/srh/165/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/...&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O4 - HKLM\..\Run: [ntldr] C:\WINDOWS\SYSTEM\ntldr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\AnyWho.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared...,16/mcgdmgr.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/165.chm::/file.exe
 

·
Administrator
Joined
·
4,870 Posts
Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following program:

TWAIN

Open Hijack This and click on Scan. Check the following entries (make sure you do not to miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-control.com/srh/165/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/165/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-control.com/srh/165/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-control.com/srh/165/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-control.com/srh/165/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-control.com/srh/165/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-control.com/srh/165/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-control.com/srh/165/


R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL


O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)

O4 - HKLM\..\Run: [ntldr] C:\WINDOWS\SYSTEM\ntldr.exe

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)


O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/165.chm::/file.exe report.php?p=71799

Please remember to close any open windows and browsers before fixing any entries.

In Hijack This, hit the Fix checked button.

Reboot into Safe Mode (hit F8 key until menu shows). Delete the following Files/Folders if they exist. Do a search if you don’t see them.

C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL <<< This File
C:\WINDOWS\TWAINTEC.DLL <<< This File
C:\PROGRAM FILES\SYSAI\ <<< This Folder
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL <<< This File
C:\WINDOWS\SYSTEM\ntldr.exe <<< This File
C:\WINDOWS\SYSTEM\ms.exe <<< This File


Reboot into Normal Mode.

Run an online scan at Trend Micro.
Please select the “autoclean” option when prompted to do so.

Please post a fresh Hijack This log so that we can check if your system is clean.

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place? You need an antivirus that is continually updated, a good firewall, a spyware blocker like SpywareBlaster, a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list which will impair attempts to infect your system. All of the above have good free versions available. However, be very cautious, about any security software that is advertised in popups or in other intrusive ways. They are not only usually useless, but also often have malware in them.

More info and downloads are available at:

Spyware Blaster
Spyware Guard
IE-Spyad
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top