hijacked by mysearchnow.com, i need help!

Discussion in 'adware, spyware & hijack cleaning' started by LeoNeSs, Jul 9, 2004.

Thread Status:
Not open for further replies.
  1. LeoNeSs

    LeoNeSs Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    1
    Vendor: Possible Browser Hijack attempt
    Category: Data Miner
    Object Type:RegData
    Size:-
    Location: Software\Microsoft\Internet Explorer\Main "Start
    Last Activity: 09/07/2004
    Risk Level: Medium
    Comment: Possible browser hijack attempt
    Description: Possible attempt to control\redirect the browser. This object referrs to a "blacklisted" site.


    My deafult browser comes up as http://mysearchnow.com/passthrough/popupbaropener.html homepage all the time.

    I have used Adware, CWShredder, Spybot Search & Destroy to detect it, and I found it and deleted it. However, it is still there.

    And please don't paste a whole collection of other spy catching programs.

    Is there a manual way to remove it?

    here is my hijackthis scan report:

    Logfile of HijackThis v1.97.7
    Scan saved at 15:41:24, on 09.07.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\DOWNLO~1\avgserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\PROGRA~1\DOWNLO~1\avgcc32.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\DOWNLO~1\NOKIAP~1\TRAYAP~1.EXE
    C:\WINDOWS\vsnphv71.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Documents and Settings\hp\Belgelerim\downloaded\MsgPlus.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\ELSEDE~1\Safe Deaf.exe
    C:\Program Files\downloads\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\DOWNLO~1\AD-AWA~1\Ad-aware.exe
    C:\Documents and Settings\hp\Belgelerim\Alınan Dosyalarım\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\DOWNLO~1\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\DOWNLO~1\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [SNPHV71] C:\WINDOWS\vsnphv71.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] c:\program files\downloads\ChkFont.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\hp\Belgelerim\downloaded\MsgPlus.exe"
    O4 - HKLM\..\Run: [Mfcd base] C:\PROGRA~1\ELSEDE~1\Safe Deaf.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\downloads\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\hp\Belgelerim\downloaded\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab28177.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28177.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28177.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    thank u,
    Petek
     
    LeoNeSs, Jul 9, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...