please help: how to get rid of homepage http://any-find.com/index.htm

Discussion in 'adware, spyware & hijack cleaning' started by friedmanim, May 31, 2004.

Thread Status:
Not open for further replies.
  1. friedmanim

    friedmanim Registered Member

    Joined:
    May 31, 2004
    Posts:
    2
    I want to get rid of http://any-find.com/index.htm.
    My problems are:
    1. It has become our homepage, and I can't change it.
    2. Also some junk was added to our favorites.
    3. Also when I try to reboot my computer, I get an error about "win min"

    I did all the steps in this link:
    https://www.wilderssecurity.com/showthread.php?t=15913

    I ran Ad-aware,

    and here is the HijackThis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 00:42:14, on 01/06/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\gsicon.exe
    C:\WINNT\system32\dslagent.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINNT\system32\RunDll32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Internet Explorer\IEengine.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/ChatTV/launcher.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE4CB0F4-5711-4048-9B18-F3BE262F89A9}: NameServer = 192.115.106.35 192.115.106.31

    can you pleeeease helpo_O?

    Thanks a lot!
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    This might be the nasty

    O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

    Can you see a file there in the Program Files folder ? please send it to submit@diamondcs.com.au

    Close all browser windows, and tick the O16 entry above, and these

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm

    Then choose Fix selected, and reboot. Does this get rid of it ?
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    this one is the problem

    O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe

    run HJt, fix that entry then reboot & delete
    C:\Program Files\Internet Explorer\IEengine.exe

    send a copy of that file to submit@diamondcs.com.au as well please
     
  4. friedmanim

    friedmanim Registered Member

    Joined:
    May 31, 2004
    Posts:
    2
    dvk01 -Thanks a lot!!!
    It fixed my problem!!
    I sent a copy of that file, like you asked.

    Gavin - DiamondCS - thank you so much for responding (though it didnt fix the problem). I really appericiate all the help!!!

    :) :) :)
     
Thread Status:
Not open for further replies.