msn

Discussion in 'adware, spyware & hijack cleaning' started by Clanger, Mar 12, 2004.

Thread Status:
Not open for further replies.
  1. Clanger

    Clanger Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    27
    I have a search enging called Start now but I want msn. I have tried to get this back but don't know how I have changed regedit to msn but it still doesn't work. I wonder can I change it with this program. Also I cannot search from my address bar it just comes back server not found.

    I would be grateful for any suggestions :(
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi Clanger,

    Could you please follow the instructions posted here:
    http://www.wilderssecurity.com/showthread.php?t=15913

    Regards,

    Pieter
     
  3. Clanger

    Clanger Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    27
    search

    I have done what I was instructed from my first post, sorry about putting it in the wrong forum. My search bar is search now (not by choice) and I would like msn search. Also I cannot search from my address bar,


    Logfile of HijackThis v1.97.7
    Scan saved at 14:40:07, on 12/03/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashserv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\soundman.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\WINDOWS\System32\lecvckxq.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Documents and Settings\Chris Allen\Application Data\awab.exe
    C:\WINDOWS\System32\wintsvcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\SECRETMAKER\secretmaker.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\mIRC\mirc.exe
    C:\IMSI\PICTUR~1\HotShots\hotshots.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Cucusoft\avi-dvd-pro\avi2mpgpro.exe
    C:\Program Files\Ares\ares.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Warez P2P Client\Warez.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SpywareBlaster\spywareblaster.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\FreshDevices\FreshDownload\fd.exe
    C:\Documents and Settings\Chris Allen\Desktop\hijackthis1977\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=134272
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=134272
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiscali.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = "msn"
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = "msn"
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiscali.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dixons.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://msn
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = (value not set)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://tiscali.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: (no name) - {79594677-0416-4097-A421-41BE9667B36F} - C:\Program Files\Popup Destroy\TrackPopup.dll (file missing)
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\PROGRA~1\SECRET~1\smiehlp.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe
    O4 - HKLM\..\Run: [ares] c:\program files\ares\ares.exe -h
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [bwpljfdz] C:\WINDOWS\System32\lecvckxq.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\ares.exe" -h
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
    O4 - HKCU\..\Run: [Surs] C:\Documents and Settings\Chris Allen\Application Data\awab.exe
    O4 - HKCU\..\Run: [WCPC] C:\WINDOWS\System32\wintsvcc.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.dixons.co.uk/
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38020.3616087963
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\system\IntraLaunch.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{106EEB41-6729-4ADF-A3C2-F9F36E71B586}: NameServer = 212.74.114.129 212.74.114.193
    O17 - HKLM\System\CS1\Services\Tcpip\..\{106EEB41-6729-4ADF-A3C2-F9F36E71B586}: NameServer = 212.74.114.129 212.74.114.193

    Hope you can help o_O
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi Clanger,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=134272
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=134272

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = "msn"
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = "msn"

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://msn

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://msn

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: (no name) - {79594677-0416-4097-A421-41BE9667B36F} - C:\Program Files\Popup Destroy\TrackPopup.dll (file missing)
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

    O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe

    O4 - HKLM\..\Run: [bwpljfdz] C:\WINDOWS\System32\lecvckxq.exe

    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
    O4 - HKCU\..\Run: [Surs] C:\Documents and Settings\Chris Allen\Application Data\awab.exe
    O4 - HKCU\..\Run: [WCPC] C:\WINDOWS\System32\wintsvcc.exe

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

    Next, download and run:
    CWShredder.
    Use the Fix button and follow the instructions you will receive.

    Then reboot into safe mode
    and delete:
    C:\WINDOWS\System32\wintsvcc.exe
    C:\Documents and Settings\Chris Allen\Application Data\awab.exe
    C:\WINDOWS\System32\lecvckxq.exe
    C:\WINDOWS\System32\regsvc32.exe

    Regards,

    Pieter
     
  5. Clanger

    Clanger Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    27
    You were absolutely brilliant, easy to follow instructions. I have a happy PC again. Thanks a lot :D
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    My pleasure. :)

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.