Ad:

Viruses, Spyware and other Nasties Discussion Thread
Marked Solved
Views: 1901

May 2nd, 2006

Search Engine trouble

Expand Post »

Hi,

I use google for doing regular online search. But i am having trouble opening any website or information link google finds for me. If i try to open any link that google finds, the webpage automatically gets directed to other search sites like lycos, ebay and few other search engines i haven't heard about. I have adaware, spybot, CCleaner and Norton antivirus. I run them regularly. But they generally dont find anything.

I dont know if i have any spyware sitting inside my computer or anything else.

i will appreciate your advice on this
Thanks

Similar Threads

The secrets of google search engine ranking in Promotion and Marketing Plans
search engine in PHP
Internet Explorer Freezes when using a search engine in Windows 95 / 98 / Me
Intigrating a search engine into a website. in Configuring Readymade Scripts
Deleting subjects in a search engine window in Web Browsers

adi's Comp

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Dec 2005

Permalink

May 2nd, 2006

Re: Search Engine trouble

try using xoftspy and get the serial key from theserials.com
i dont recommend going to theserials.com unless you have norton or are using a mozilla firefox browser because if you use internet explorer it will automaticly download some nasty adware

kylethedarkn

Team Colleague

Reputation Points: 55

Solved Threads: 39

A.K.A. The Laughing Man

Offline

600 posts
since May 2006

Permalink

May 2nd, 2006

Re: Search Engine trouble

Adi,

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

C:\HijackThis\
C:\Programs\hijackthis\
C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

kylethedarkn - please don't advise victims to illegaly cheat the system by using pre-used serial keys. Don't cheat the companys that help us in our fight agaisnt malware. Secondly, don't advise victims to visit sites where they are likely to further burden down their computer with more spyware.

Thanks.

'Stein

Team Colleague

Reputation Points: 222

Solved Threads: 105

Lapsed Skeptic

Offline

1,605 posts
since Jan 2006

Permalink

May 2nd, 2006

Re: Search Engine trouble

jhay116,

Thanks for your quick reply. Here is the scan log file created by hijackthis.
The whole problem started when i tried to download mozilla firefox browser from their website. I removed the browser but the problem continued.
.........................

Logfile of HijackThis v1.99.1
Scan saved at 7:57:48 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {F1255ED0-C4E7-C617-7C49-E713DD9CA572} - StatusCheck.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Kargo] syspanel.exe
O4 - HKLM\..\Run: [10010] cmon14.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [progmen] TorontoMail.exe
O4 - HKCU\..\Run: [Testimonials] bingo9.exe
O4 - HKCU\..\Run: [NopeZ] ERTYDF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{416D0866-FD9C-4562-A7B5-662CA04F4DCB}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{9574568B-CDD5-4424-B7E0-3FC78449868A}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A18EA0EC-AB92-467D-ACE0-62656490C9E1}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{E61979FE-5577-4B37-89B9-36B47C182F2E}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS3\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

...........................................................

Pl. advice.
Thanks

adi's Comp

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Dec 2005

Permalink

May 2nd, 2006

Re: Search Engine trouble

Hmm about the Firefox, I don't think it was the FireFox itself that caused the problem, unless it was downloaded from a 3rd party, that might have included other software.

First off, you have a WareOut infection.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {F1255ED0-C4E7-C617-7C49-E713DD9CA572} - StatusCheck.dll (file missing)
O4 - HKLM\..\Run: [Kargo] syspanel.exe
O4 - HKLM\..\Run: [10010] cmon14.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKCU\..\Run: [progmen] TorontoMail.exe
O4 - HKCU\..\Run: [Testimonials] bingo9.exe
O4 - HKCU\..\Run: [NopeZ] ERTYDF.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{416D0866-FD9C-4562-A7B5-662CA04F4DCB}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{9574568B-CDD5-4424-B7E0-3FC78449868A}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A18EA0EC-AB92-467D-ACE0-62656490C9E1}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{E61979FE-5577-4B37-89B9-36B47C182F2E}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS3\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt along with a new HJT log.

Thanks.

'Stein

Team Colleague

Reputation Points: 222

Solved Threads: 105

Lapsed Skeptic

Offline

1,605 posts
since Jan 2006

Permalink

May 2nd, 2006

Re: Search Engine trouble

jhay116,
Thanks again for yr reply.
here is the log file after following your instructions.
Thanks for your help.
Pl. let me know if anything else needs to be fixed.

...........................Logfile of HijackThis v1.99.1
Scan saved at 9:53:17 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HTJ\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

...................................................

Thanks again!!

Quote originally posted by jhay116 ...

Hmm about the Firefox, I don't think it was the FireFox itself that caused the problem, unless it was downloaded from a 3rd party, that might have included other software.

First off, you have a WareOut infection.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {F1255ED0-C4E7-C617-7C49-E713DD9CA572} - StatusCheck.dll (file missing)
O4 - HKLM\..\Run: [Kargo] syspanel.exe
O4 - HKLM\..\Run: [10010] cmon14.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKCU\..\Run: [progmen] TorontoMail.exe
O4 - HKCU\..\Run: [Testimonials] bingo9.exe
O4 - HKCU\..\Run: [NopeZ] ERTYDF.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{416D0866-FD9C-4562-A7B5-662CA04F4DCB}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{9574568B-CDD5-4424-B7E0-3FC78449868A}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A18EA0EC-AB92-467D-ACE0-62656490C9E1}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{E61979FE-5577-4B37-89B9-36B47C182F2E}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CS3\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt along with a new HJT log.

Thanks.

adi's Comp

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Dec 2005

Permalink

May 2nd, 2006

Re: Search Engine trouble

Well the log looks clean.

1 last thing, post the contents of C:\fixwareout\report.txt , so i can double check youre clean.

Thanks.

'Stein

Team Colleague

Reputation Points: 222

Solved Threads: 105

Lapsed Skeptic

Offline

1,605 posts
since Jan 2006

Permalink

May 3rd, 2006

Re: Search Engine trouble

jhay116,

my apologies for not posting it. Here is the report file
.................................

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pohmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dmhop.exe"=-
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\DMHOP.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
..........................................................

I do appreciate your help!
Thanks

Quote originally posted by jhay116 ...

Well the log looks clean.

1 last thing, post the contents of C:\fixwareout\report.txt , so i can double check youre clean.

Thanks.

adi's Comp

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Dec 2005

Permalink

May 3rd, 2006

Re: Search Engine trouble

Haha awsome, clean be ye.

If ya could mark the thread as solved, it'd be great.

Thanks again

'Stein

Team Colleague

Reputation Points: 222

Solved Threads: 105

Lapsed Skeptic

Offline

1,605 posts
since Jan 2006

Permalink

May 3rd, 2006

Re: Search Engine trouble

Thanks jhay116,
Appreciate your help!

adi's Comp

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Dec 2005

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Spyfalcon & Malwarewipe, and I can't get ride of it!

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Trojan.PWS.Yaspy.A

DaniWeb Message

Cancel Changes

User Name
Password