Easysearch - HiJackThis Log

Discussion in 'adware, spyware & hijack cleaning' started by Geist, Apr 29, 2004.

Thread Status:
Not open for further replies.
  1. Geist

    Geist Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    9
    Hello,

    for 2 weeks im fighting for my startpage and it wont work... well i started with searchtown.net getting it from my pc but now i got this easysearch and it wont get it from my pc. I would really appreciate some help, because slowly im getting insane.


    Here is my log (in addition running Spybot, HiJackThis and CW Shredder didnt work out with deleting simply the "easysearch" files in HijackThis, it came back after a restart - so probably there is an important file in HiJackThis i forgot to deleteo_O or a .exe file somewhere on my pco_O)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Programme\ICQPlus\vplus.exe
    C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\mozilla.org\Mozilla\mozilla.exe
    C:\MyStuff\Programme\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easysearch.cc/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easysearch.cc/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easysearch.cc
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easysearch.cc/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easysearch.cc/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.easysearch.cc/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.easysearch.cc
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easysearch.cc/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easysearch.cc/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
    O2 - BHO: (no name) - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\PROGRA~1\Wyns\wyns.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BIVFM] C:\WINDOWS\BIVFM.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37902.5721875
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

    Thx for any help ...
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Geist,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easysearch.cc/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easysearch.cc/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easysearch.cc
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easysearch.cc/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easysearch.cc/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.easysearch.cc/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.easysearch.cc
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easysearch.cc/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easysearch.cc/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

    O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
    O2 - BHO: (no name) - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\PROGRA~1\Wyns\wyns.dll

    O4 - HKLM\..\Run: [BIVFM] C:\WINDOWS\BIVFM.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe

    Download and run: http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe
    Use the Fix button and follow the instructions you will receive.

    Then reboot and delete:
    C:\WINDOWS\SysUpd.exe

    Regards,

    Pieter
     
  3. Geist

    Geist Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    9
    Thank you very much... seems a terrible odyssey has come to an end :)
     
Thread Status:
Not open for further replies.