any-find.com hijacker

Discussion in 'adware, spyware & hijack cleaning' started by gotguitar10, May 26, 2004.

Thread Status:
Not open for further replies.
  1. gotguitar10

    gotguitar10 Registered Member

    Joined:
    May 26, 2004
    Posts:
    4
    trying to remove this from my computer. I ran ad-aware, and have an up dated McAfee. I just downloaded and ran hijack this, below is my log please review.

    Logfile of HijackThis v1.97.7
    Scan saved at 6:02:05 PM, on 5/26/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Nhksrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Netropa\OSD.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\IEengine.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Louis Sorbo\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freehqmovies.com/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [SetupType] Portable
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Privacy Bar (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1076506648858
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38028.2326851852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.ahtd.state.ar.us/road/acgm.cab
     
    gotguitar10, May 26, 2004
    #1
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi gotguitar10,

    Have only HijackThis running and fix :

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freehqmovies.com/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm

    O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

    Restart PC after doing so and remove :

    C:\Program Files\Internet Explorer\IEengine.exe <- this file

    Hope this helps

    Cheers,
     
    Unzy, May 27, 2004
    #2
  3. gotguitar10

    gotguitar10 Registered Member

    Joined:
    May 26, 2004
    Posts:
    4
    Hi Unzy, thanks for the reply.
    I removed the files as you advised with HijackThis running. The computer was restarted. I couldn't find how to delete the C:\Program Files\Internet Explorer\IEengine.exe. The only place I could find a file similar was by going in through "My Computer">C drive>Internet Explorer and found a file there called IEengine. I received a message saying access was denied and I could not delete the file. There is also another file there called "mqzsjzri" that I did not recognize. It appears to also be an application file, was created on the same day about 2 1/2 hours before the IEengine file.
    Last night while waiting for a reply we ran the CWShredder program. After your instruction this morning we reran the HijackThis. Following is a new HijackThis log. Please review and advise.
    Thanks for your help.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:41:35 AM, on 5/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Netropa\OSD.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Internet Explorer\IEengine.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\IEengine.exe
    C:\Program Files\Internet Explorer\IEengine.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Louis Sorbo\Local Settings\Temp\Temporary Directory 3 for hijackthis1977.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [SetupType] Portable
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Privacy Bar (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1076506648858
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38028.2326851852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.ahtd.state.ar.us/road/acgm.cab
     
    gotguitar10, May 27, 2004
    #3
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi gotguitar10,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Launch My Computer from the Desktop Icon.
    Select View, Details.
    Select the Folders button.
    Select Tools, Folder Options. Then select the View Tab. Select the Show hidden files and folders radio button is selected
    and that the Hide file extensions for known file types check box is unchecked. Once this is done, select Apply and then
    Like Current Folder (located near the top of the Folder Options box). Then select OK.

    That way you will see whether a file is a .exe or something else. And please don't go about deleting files because they look suspicious or you may wind up reinstalling.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

    Then reboot into safe mode and delete:
    C:\Program Files\Internet Explorer\IEengine.exe

    Regards,

    Pieter
     
    Pieter_Arntz, May 27, 2004
    #4
  5. gotguitar10

    gotguitar10 Registered Member

    Joined:
    May 26, 2004
    Posts:
    4
    Thank you very much Pieter. It looks like that worked. My homepage is staying on Google and the four websites haven't returned to my favorites.
    Is there anything I can do to prevent this problem from occurring again?
    P.S. I may write a song about this whole experience. Will include you! :cool:
    Thanks again for all your help.
     
    gotguitar10, May 27, 2004
    #5
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Pieter_Arntz, May 27, 2004
    #6
  7. gotguitar10

    gotguitar10 Registered Member

    Joined:
    May 26, 2004
    Posts:
    4
    I am continuing to have problems and I think they are still due to the any-find.com hijacker. Every time I run Adaware it locates two entries that contain "any-find.com". I chose to remove them but I think something remains. Following is a copy of the Adaware logfile:
    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Wednesday, July 14, 2004 2:25:21 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R332 12.07.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file


    7-14-2004 2:25:21 PM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 7-14-2004 4:40:29 PM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:33 PM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:33 PM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:09:44 PM
    Last accessed : 7/14/2004 7:25:21 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:33 PM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:08:17 PM
    Last accessed : 7/14/2004 7:25:21 PM
    Last modified : 8/29/2002 10:41:26 AM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:34 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:10:03 PM
    Last accessed : 7/14/2004 7:22:54 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-14-2004 4:40:34 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:10:03 PM
    Last accessed : 7/14/2004 7:22:54 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:7 [lexbces.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:35 PM
    BasePriority : Normal
    FileSize : 292 KB
    FileVersion : 7.4
    ProductVersion : 7.4
    Copyright : (C) 1993 - 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : LexBce Service
    InternalName : LexBce Service
    OriginalFilename : LexBceS.exe
    ProductName : MarkVision for Windows (32 bit)
    Created on : 8/15/2002 10:26:25 AM
    Last accessed : 7/14/2004 7:25:21 PM
    Last modified : 8/15/2002 10:26:25 AM

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:36 PM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:09:57 PM
    Last accessed : 7/14/2004 7:25:21 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:9 [lexpps.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:40:36 PM
    BasePriority : Normal
    FileSize : 170 KB
    FileVersion : 7.4
    ProductVersion : 7.4
    Copyright : (C) 1993 - 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : LEXPPS.EXE
    InternalName : LEXPPS
    OriginalFilename : LEXPPS.EXE
    ProductName : MarkVision for Windows (32 bit)
    Created on : 8/15/2002 10:26:25 AM
    Last accessed : 7/14/2004 7:25:21 PM
    Last modified : 8/15/2002 10:26:25 AM

    #:10 [guarddog.exe]
    FilePath : C:\Program Files\McAfee\McAfee Privacy Service\
    ThreadCreationTime : 7-14-2004 4:40:36 PM
    BasePriority : Normal
    FileSize : 76 KB
    FileVersion : 6.02.1063.0
    ProductVersion : 6.02.1063.0
    Copyright : Copyright
    CompanyName : Network Associates, Inc.
    FileDescription : McAfee Privacy Service Application
    InternalName : IG32
    OriginalFilename : GUARDDOG.EXE
    ProductName : McAfee Privacy Service
    Created on : 9/19/2003 5:47:14 PM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 2/12/2004 9:02:00 AM

    #:11 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-14-2004 4:40:42 PM
    BasePriority : Normal
    FileSize : 973 KB
    FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
    ProductVersion : 6.00.2800.1221
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 5/12/2003 2:12:10 AM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 5/12/2003 2:12:10 AM

    #:12 [guarddog.exe]
    FilePath : C:\Program Files\McAfee\McAfee Privacy Service\
    ThreadCreationTime : 7-14-2004 4:40:42 PM
    BasePriority : Normal
    FileSize : 76 KB
    FileVersion : 6.02.1063.0
    ProductVersion : 6.02.1063.0
    Copyright : Copyright
    CompanyName : Network Associates, Inc.
    FileDescription : McAfee Privacy Service Application
    InternalName : IG32
    OriginalFilename : GUARDDOG.EXE
    ProductName : McAfee Privacy Service
    Created on : 9/19/2003 5:47:14 PM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 2/12/2004 9:02:00 AM

    #:13 [nhksrv.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-14-2004 4:40:46 PM
    BasePriority : Normal
    FileSize : 28 KB
    Created on : 8/6/2001 7:41:48 PM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 8/6/2001 7:41:48 PM

    #:14 [mcvsrte.exe]
    FilePath : c:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 7-14-2004 4:40:49 PM
    BasePriority : Normal
    FileSize : 104 KB
    FileVersion : 8, 0, 0, 12
    ProductVersion : 8, 0, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee VirusScan Real-time Engine
    InternalName : mcvsrte
    OriginalFilename : mcvsrte.exe
    ProductName : McAfee VirusScan
    Created on : 3/23/2004 5:57:36 PM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 8/9/2003 12:04:38 AM

    #:15 [mpfservice.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 7-14-2004 4:40:50 PM
    BasePriority : Normal
    FileSize : 492 KB
    FileVersion : 4.1.0.1
    ProductVersion : 4.1.0.1
    Copyright : Copyright
    CompanyName : McAfee Corporation
    FileDescription : McAfee Personal Firewall Service
    InternalName : MPFService
    OriginalFilename : MpfService.exe
    ProductName : McAfee Personal Firewall
    Created on : 3/23/2004 5:27:12 PM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 9/2/2003 7:00:00 PM

    #:16 [wkufind.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
    ThreadCreationTime : 7-14-2004 4:40:51 PM
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 6.00.3215.0
    ProductVersion : 6.00.3215.0
    Copyright : Copyright
    CompanyName : Microsoft
    FileDescription : Microsoft
    InternalName : WkUFind
    OriginalFilename : WkUFind.exe
    ProductName : Microsoft
    Created on : 8/17/2001 4:41:58 AM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 8/17/2001 4:41:58 AM

    #:17 [dellmmkb.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-14-2004 4:40:52 PM
    BasePriority : Normal
    FileSize : 160 KB
    FileVersion : 2.0.0
    ProductVersion : 2.0.0
    Copyright : Copyright
    CompanyName : Netropa Corp.
    FileDescription : Netropa(tm) Hot Key
    InternalName : Netropa Hot Key
    OriginalFilename : nhk.exe
    ProductName : Netropa Hot Key
    Created on : 1/13/2002 4:40:14 AM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 9/23/2001 1:14:48 PM

    #:18 [lxsupmon.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-14-2004 4:40:55 PM
    BasePriority : Normal
    FileSize : 865 KB
    FileVersion : 3.0.105.1
    ProductVersion : 3.0.105.1
    Copyright : Copyright
    CompanyName : Lexmark International Inc.
    FileDescription : Supplies Monitor
    InternalName : LXSUPMON
    OriginalFilename : LXSUPMON.RC
    ProductName : Lexmark Supplies Monitor
    Created on : 8/15/2002 10:26:31 AM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 8/15/2002 10:26:31 AM

    #:19 [hpgs2wnd.exe]
    FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
    ThreadCreationTime : 7-14-2004 4:40:55 PM
    BasePriority : Normal
    FileSize : 68 KB
    FileVersion : 2,3,0,0\
    ProductVersion : 2,3,0,0\
    Copyright : Copyright
    CompanyName : Hewlett-Packard
    FileDescription : hpgs2wnd
    InternalName : hpgs2wnd
    OriginalFilename : hpgs2wnd.exe
    ProductName : Hewlett-Packard hpgs2wnd
    Created on : 4/11/2002 9:19:34 AM
    Last accessed : 7/14/2004 7:25:22 PM
    Last modified : 4/11/2002 9:19:34 AM

    #:20 [mpftray.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 7-14-2004 4:40:58 PM
    BasePriority : Normal
    FileSize : 1348 KB
    FileVersion : 5.0.1.5
    ProductVersion : 5.0.1.5
    Copyright : Copyright
    CompanyName : McAfee Security
    FileDescription : McAfee Personal Firewall Tray Monitor
    InternalName : MpfTray
    OriginalFilename : MPFTRAY.EXE
    ProductName : McAfee Personal Firewall (MPF)
    Created on : 3/23/2004 5:27:12 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 3/24/2004 8:56:00 PM

    #:21 [mskagent.exe]
    FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
    ThreadCreationTime : 7-14-2004 4:40:59 PM
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 5, 0, 0, 4
    ProductVersion : 5, 0, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee SpamKiller Agent Interface module
    InternalName : MskAgent
    OriginalFilename : MskAgent.exe
    ProductName : McAfee SpamKiller
    Created on : 3/29/2004 9:23:49 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 12/22/2003 10:51:48 PM

    #:22 [cmgrdian.exe]
    FilePath : C:\Program Files\McAfee\McAfee Shared Components\Guardian\
    ThreadCreationTime : 7-14-2004 4:41:01 PM
    BasePriority : Normal
    FileSize : 136 KB
    FileVersion : 3.01.1028.0
    ProductVersion : 3.01.1028.0
    Copyright : Copyright
    CompanyName : Network Associates, Inc.
    FileDescription : McAfee Guardian Agent
    InternalName : CMGrdian
    OriginalFilename : CMGrdian.exe
    ProductName : McAfee Windows Guardian
    Created on : 9/2/2003 9:01:00 AM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 9/2/2003 9:01:00 AM

    #:23 [hpgs2wnf.exe]
    FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
    ThreadCreationTime : 7-14-2004 4:41:01 PM
    BasePriority : Normal
    FileSize : 76 KB
    FileVersion : 2, 6, 0,
    ProductVersion : 2, 6, 0,
    Copyright : Copyright 2001
    FileDescription : hpgs2wnf Module
    InternalName : hpgs2wnf
    OriginalFilename : hpgs2wnf.EXE
    ProductName : hpgs2wnf Module
    Created on : 4/11/2002 9:19:36 AM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 4/11/2002 9:19:36 AM

    #:24 [mcagent.exe]
    FilePath : C:\PROGRA~1\mcafee.com\agent\
    ThreadCreationTime : 7-14-2004 4:41:02 PM
    BasePriority : Normal
    FileSize : 240 KB
    FileVersion : 4, 3, 0, 27
    ProductVersion : 4, 3, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee SecurityCenter Agent
    InternalName : mcagent
    OriginalFilename : mcagent.exe
    ProductName : McAfee SecurityCenter
    Created on : 6/28/2004 6:29:04 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 12/8/2003 8:38:52 PM

    #:25 [mcvsshld.exe]
    FilePath : C:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 7-14-2004 4:41:03 PM
    BasePriority : Normal
    FileSize : 160 KB
    FileVersion : 8, 0, 0, 15
    ProductVersion : 8, 0, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee VirusScan ActiveShield Resource
    InternalName : msvcshld
    OriginalFilename : mcvsshld.exe
    ProductName : McAfee VirusScan
    Created on : 3/23/2004 5:57:36 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 8/18/2003 3:50:34 AM

    #:26 [mcvsescn.exe]
    FilePath : c:\progra~1\mcafee.com\vso\
    ThreadCreationTime : 7-14-2004 4:41:05 PM
    BasePriority : Normal
    FileSize : 408 KB
    FileVersion : 8, 0, 0, 30
    ProductVersion : 8, 0, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee VirusScan E-mail Scan Module
    InternalName : mcvsescn
    OriginalFilename : mcvsescn.EXE
    ProductName : McAfee VirusScan
    Created on : 5/27/2004 8:51:29 PM
    Last accessed : 7/14/2004 7:22:54 PM
    Last modified : 4/28/2004 10:55:12 PM

    #:27 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ThreadCreationTime : 7-14-2004 4:41:06 PM
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 6.5
    ProductVersion : QuickTime 6.5
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    OriginalFilename : QTTask.exe
    ProductName : QuickTime
    Created on : 4/13/2004 5:22:58 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 4/13/2004 5:22:58 PM

    #:28 [rundll32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-14-2004 4:41:10 PM
    BasePriority : Normal
    FileSize : 31 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Run a DLL as an App
    InternalName : rundll
    OriginalFilename : RUNDLL.EXE
    ProductName : Microsoft
    Created on : 12/19/2002 2:09:38 PM
    Last accessed : 7/14/2004 7:23:07 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:29 [quickdcf.exe]
    FilePath : C:\Program Files\FinePixViewer\
    ThreadCreationTime : 7-14-2004 4:41:18 PM
    BasePriority : Normal
    FileSize : 196 KB
    FileVersion : 3, 0, 0, 0
    ProductVersion : 3, 0, 0, 0
    Copyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
    CompanyName : FUJI PHOTO FILM CO., LTD.
    FileDescription : Exif Launcher
    InternalName : QuickDCF
    OriginalFilename : QuickDCF.exe
    ProductName : FinePixViewer
    Created on : 1/10/2002 3:53:14 AM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 1/10/2002 3:53:14 AM

    #:30 [mpfagent.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 7-14-2004 4:41:18 PM
    BasePriority : Normal
    FileSize : 556 KB
    FileVersion : 5.1.0.8
    ProductVersion : 5.1.0.8
    Copyright : Copyright
    CompanyName : McAfee Security
    FileDescription : McAfee Personal Firewall Agent Interface
    InternalName : MpfAgent
    OriginalFilename : MPFAGENT.EXE
    ProductName : McAfee Personal Firewall (MPF)
    Created on : 3/23/2004 5:27:12 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 6/7/2004 3:42:20 PM

    #:31 [wkcalrem.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
    ThreadCreationTime : 7-14-2004 4:41:20 PM
    BasePriority : Normal
    FileSize : 24 KB
    FileVersion : 6.00.1911.0
    ProductVersion : 6.00.1911.0
    Copyright : Copyright
    CompanyName : Microsoft
    FileDescription : Microsoft
    InternalName : WkCalRem
    OriginalFilename : WKCALREM.EXE
    ProductName : Microsoft
    Created on : 8/7/2001 11:06:54 PM
    Last accessed : 7/14/2004 7:25:23 PM
    Last modified : 8/7/2001 11:06:54 PM

    #:32 [nvsvc32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-14-2004 4:41:23 PM
    BasePriority : Normal
    FileSize : 80 KB
    FileVersion : 6.14.10.5216
    ProductVersion : 6.14.10.5216
    Copyright : (C) NVIDIA Corporation. All rights reserved.
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 52.16
    InternalName : NVSVC
    OriginalFilename : nvsvc32.exe
    ProductName : NVIDIA Driver Helper Service, Version 52.16
    Created on : 10/6/2003 7:16:00 PM
    Last accessed : 7/14/2004 7:25:24 PM
    Last modified : 10/6/2003 7:16:00 PM

    #:33 [sgmain.exe]
    FilePath : C:\Program Files\SpywareGuard\
    ThreadCreationTime : 7-14-2004 4:41:27 PM
    BasePriority : Normal
    FileSize : 352 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC
    FileDescription : SpywareGuard
    InternalName : sgmain
    OriginalFilename : sgmain.exe
    ProductName : SpywareGuard
    Created on : 8/30/2003 12:05:35 AM
    Last accessed : 7/14/2004 7:25:24 PM
    Last modified : 8/30/2003 12:05:35 AM

    #:34 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-14-2004 4:41:27 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:10:03 PM
    Last accessed : 7/14/2004 7:22:54 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:35 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-14-2004 4:41:33 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 12/19/2002 2:10:03 PM
    Last accessed : 7/14/2004 7:22:54 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:36 [sgbhp.exe]
    FilePath : C:\Program Files\SpywareGuard\
    ThreadCreationTime : 7-14-2004 4:41:35 PM
    BasePriority : Normal
    FileSize : 228 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC.
    FileDescription : SG Browser Hijacking Protection
    InternalName : sgbhp
    OriginalFilename : sgbhp.exe
    ProductName : SG Browser Hijacking Protection
    Created on : 8/29/2003 4:14:56 PM
    Last accessed : 7/14/2004 7:25:24 PM
    Last modified : 8/29/2003 4:14:56 PM

    #:37 [osd.exe]
    FilePath : C:\Program Files\Netropa\
    ThreadCreationTime : 7-14-2004 4:42:59 PM
    BasePriority : Normal
    FileSize : 88 KB
    FileVersion : 2.02
    ProductVersion : 2.02
    Copyright : Copyright
    CompanyName : Netropa Corp.
    FileDescription : Netropa(r) Onscreen Display
    InternalName : OSD
    OriginalFilename : osd.exe
    ProductName : Onscreen Display
    Created on : 1/13/2002 4:40:14 AM
    Last accessed : 7/14/2004 7:25:24 PM
    Last modified : 9/19/1850 10:25:13 AM

    #:38 [mcshield.exe]
    FilePath : c:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 7-14-2004 7:22:50 PM
    BasePriority : High
    FileSize : 220 KB
    Created on : 3/23/2004 5:57:32 PM
    Last accessed : 7/14/2004 7:22:50 PM
    Last modified : 3/13/2002 2:50:34 PM

    #:39 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ThreadCreationTime : 7-14-2004 7:24:53 PM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 5/26/2004 2:38:48 PM
    Last accessed : 7/14/2004 7:25:09 PM
    Last modified : 7/13/2003 2:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page/any-find.com

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "http://any-find.com/index.htm"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Search Page
    Data : "http://any-find.com/index.htm"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bar/any-find.com

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "http://any-find.com/sp.htm"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Search Bar
    Data : "http://any-find.com/sp.htm"


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 2


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    1 entries scanned.
    New objects :0
    Objects found so far: 2




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    2:29:15 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:03:50:547
    Objects scanned :53410
    Objects identified :2
    Objects ignored :0
    New objects :2



    I reran Hijackthis and see some entries still located there. Please review and advise me on my next course of action.
    Logfile of HijackThis v1.98.0
    Scan saved at 2:51:14 PM, on 7/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Nhksrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Netropa\OSD.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Documents and Settings\Louis Sorbo\My Documents\Downloads\HijackThis1980hf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [SetupType] Portable
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.ahtd.state.ar.us/road/acgm.cab

    We did have some success. My browser is no longer being redirected and the noxious websites do not return to my Favorites.

    I am having problems in other areas that I suspect may be connected. My McAfee Privacy Service gives me Internet Program Alerts every time I start my computer. I have tried to change the settings within the McAfee Security Center but once the computer is restarted the settings revert back to where they were.

    I appreciate your help. Things are a lot better than they were before I found your website!

    Thanks.
     
    gotguitar10, Jul 14, 2004
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...