http://aifind.info/

Discussion in 'adware, spyware & hijack cleaning' started by kozna, May 15, 2004.

Thread Status:
Not open for further replies.
  1. kozna

    kozna Registered Member

    Joined:
    May 15, 2004
    Posts:
    1
    Location:
    Australia
    Hi there...

    I've got this problem on my HomePage which is being redirected to the following site

    http://aifind.info/

    I've tried rebooting my computer to get rid of this, also rename to other homepages and use CWShredder.
    None of these seem to work with the site always appearing.

    Im not using any Anti-Virus software but i am running Windows2000 Pro with just the full installations of all 4 Service Packs released - without any updates)

    Thankyou in advance


    Regards
    Kozna



    Logfile of HijackThis v1.97.7
    Scan saved at 12:33:26 PM, on 5/16/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\AGRSMMSG.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Winamp3\Studio.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Documents and Settings\adam1\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search123.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://search123.biz/
    O1 - Hosts: 213.159.117.235 auto.search.msn.com
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINNT\system32\msxslab.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Watch.lnk = C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://64.151.69.121:8000/Java/cfs31235.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.2403009259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3957FC79-FAE1-4A95-80F9-5181EF1AD0F2}: NameServer = 202.129.64.42 202.129.64.198
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi kozna,

    Have only HijackThis running and fix :

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search123.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://search123.biz/

    O1 - Hosts: 213.159.117.235 auto.search.msn.com

    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINNT\system32\msxslab.dll

    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe

    restart PC after doing so download and run this program :

    CWShredder

    Open -> 'fix' -> click 'next'

    Clean temp internet files

    When done please update IE asap to the latest updates and patches at windowsupdate.com, to be better protected.

    Hope this helps

    Cheers,
     
Thread Status:
Not open for further replies.