http://any-find.com/index.htm

Discussion in 'adware, spyware & hijack cleaning' started by motogroup, May 22, 2004.

Thread Status:
Not open for further replies.
  1. motogroup

    motogroup Registered Member

    Joined:
    May 22, 2004
    Posts:
    11
    The title is not away as our web page. We have tried everything and nothing gets rid of this. Our home page is Yahoo and we can't even set as default. Not sure what to do short of reloading Windows 2000 back into our computer.

    HEEEEEEEEEEEEEEEEEEEEEEEEEEEEELP!!!!!!
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
  3. motogroup

    motogroup Registered Member

    Joined:
    May 22, 2004
    Posts:
    11
    Is this any help?


    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Conversions Plus\FORMATM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    c:\winnt\fonts\truetype\vnsystask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\dmadmin.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINNT\anvshell.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
    C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Internet Explorer\IEengine.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\PROGRA~1\Logitech\iTouch\kbdtray\kbdtray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\unzipped\hijackthis1977[1]\HijackThis.exe
    C:\unzipped\hijackthis1977[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Run32dll] c:\winnt\system32\task32.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [sysdll32.dll] C:\WINNT\system\sysdll32.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms (HKLM)
    O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
    O9 - Extra button: Save (HKLM)
    O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
    O9 - Extra button: RoboForm (HKLM)
    O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - WWW Prefix:
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
     
  4. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Yep, Thnx

    Fix the following wit HijackThis :

    O4 - HKLM\..\Run: [sysdll32.dll] C:\WINNT\system\sysdll32.exe
    O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe

    Restart PC after doing so and remove :

    C:\WINNT\system\sysdll32.exe <- this file
    C:\Program Files\Internet Explorer\IEengine.exe <- this file

    Cheers,
     
  5. motogroup

    motogroup Registered Member

    Joined:
    May 22, 2004
    Posts:
    11
    Hello
    Where are these located:

    C:\WINNT\system\sysdll32.exe <- this file
    C:\Program Files\Internet Explorer\IEengine.exe <- this file
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  7. motogroup

    motogroup Registered Member

    Joined:
    May 22, 2004
    Posts:
    11
    Hi,
    I was able to delete only IEnegine.exe and could not find the other.
    C:\WINNT\system\sysdll32.exe
    C:\Program Files\Internet Explorer\IEengine.exe

    Also I want to thank you. If you are even in Los Angeles look us up. We are Entertainment Editors for California Tour & Travel Magazine and Columnist for a few newspapers and would love to buy you and a guest dinner.

    Thomas & Maureen
     
  8. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi,

    You're welcome

    If the sysdll32.exe does not show up again in a new hijackthis log, then you should be ok

    Hope all is well again

    thnx for the offer

    Cheers,
     
  9. motogroup

    motogroup Registered Member

    Joined:
    May 22, 2004
    Posts:
    11
    Thank you. And if you're ever here in LA California our email column email is, anightlifeATyahoo.com.

    Thomas & Maureen
     
    Last edited by a moderator: May 23, 2004
Thread Status:
Not open for further replies.