• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
bladerunner

mysearchnow need help

4 posts in this topic

Hello good people,

i've tried to get rid if mysearchnow with spybot, adaware, and to no evail.

I've just downloaded Hijack This but i don't know which entries to remove. Below is the log that was produced. Any help/advice appreciated ;)

 

Logfile of HijackThis v1.97.7

Scan saved at 04:16:17, on 27/06/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\spoolsv.exe

E:\PROGRA~1\Grisoft\AVG6\avgserv.exe

E:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\ZoneLabs\vsmon.exe

E:\Program Files\StayAlive\StayAlive.EXE

E:\WINDOWS\System32\rundll32.exe

E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

E:\Program Files\Messenger Plus! 3\MsgPlus.exe

E:\PROGRA~1\axisbytebird\cdrom funk up.exe

E:\WINDOWS\System32\MsSvc16\WinSvc32.exe

E:\Program Files\Tesconet\Tesconet.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\mIRC\mirc.exe

D:\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.h...tp://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.37.72.233:3128

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://tesco.autoregister.net/cd

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DXM6Patch_981116] E:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Tesco.net] rundll32 E:\PROGRA~1\Tesconet\RyDial.dll,QuickStart

O4 - HKLM\..\Run: [stayAlive] E:\Program Files\StayAlive\StayAlive.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Team1] E:\PROGRA~1\axisbytebird\cdrom funk up.exe

O4 - HKLM\..\RunServices: [WinSvc32.exe] E:\WINDOWS\System32\MsSvc16\WinSvc32.exe

O4 - HKCU\..\Run: [Y!TunnelPro] E:\Program Files\Y!TunnelPro V1.3 Build 272\YTunnelPro.exe

O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - Startup: SMILEY.lnk = D:\yahoo stuff\yahoo programs\SMILEY.EXE

O4 - Global Startup: WinSvc32.exe

O4 - Global User Startup: WinSvc32.exe

O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net

O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com

O15 - Trusted Zone: http://memberservices.tesco.net

O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B6A9F44-33CE-4667-AAB3-8D4F7BADCF09}: NameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{0B6A9F44-33CE-4667-AAB3-8D4F7BADCF09}: NameServer = 194.168.4.100 194.168.8.100

Share this post


Link to post
Share on other sites

Hello and welcome :wave:

 

First open task manager and end task on this item in the process list:

cdrom funk up.exe

Make certain that the process does not return before proceeding. It is important to do it in the proper order, otherwise you'll have to start over.

 

Then, once the process is killed, have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.h...tp://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

 

O4 - HKLM\..\Run: [DXM6Patch_981116] E:\WINDOWS\p_981116.exe /Q:A <-- old directx patch, unneeded

O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Team1] E:\PROGRA~1\axisbytebird\cdrom funk up.exe

O4 - HKLM\..\RunServices: [WinSvc32.exe] E:\WINDOWS\System32\MsSvc16\WinSvc32.exe

 

O4 - Global Startup: WinSvc32.exe

O4 - Global User Startup: WinSvc32.exe

 

When done, reboot. Then find and delete:

 

E:\Program Files\axisbytebird\ <--- folder

E:\WINDOWS\System32\MsSvc16\WinSvc32.exe

 

Messenger Plus! 3, I am not too sure about, I'll have to research this, but version 2 had some "bundled" sponsors... including mysearchnow AKA lop.com. So it's up to you to decide whether you want to keep it or not. If you choose to remove it, do so via Add/Remove Programs in Control Panel.

 

Post a new Hijack This log when done.

 

Regards and good luck,

 

Gal

Share this post


Link to post
Share on other sites

Thanks Galadriel!! mysearchnow is no more thanks to you :)

 

Logfile of HijackThis v1.97.7

Scan saved at 05:56:40, on 27/06/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\spoolsv.exe

E:\PROGRA~1\Grisoft\AVG6\avgserv.exe

E:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\ZoneLabs\vsmon.exe

E:\Program Files\StayAlive\StayAlive.EXE

E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

E:\WINDOWS\System32\rundll32.exe

E:\Program Files\Tesconet\Tesconet.exe

E:\Program Files\Internet Explorer\iexplore.exe

D:\Downloads\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.37.72.233:3128

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://tesco.autoregister.net/cd

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Tesco.net] rundll32 E:\PROGRA~1\Tesconet\RyDial.dll,QuickStart

O4 - HKLM\..\Run: [stayAlive] E:\Program Files\StayAlive\StayAlive.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [Y!TunnelPro] E:\Program Files\Y!TunnelPro V1.3 Build 272\YTunnelPro.exe

O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: SMILEY.lnk = D:\yahoo stuff\yahoo programs\SMILEY.EXE

O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net

O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com

O15 - Trusted Zone: http://memberservices.tesco.net

O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B6A9F44-33CE-4667-AAB3-8D4F7BADCF09}: NameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{0B6A9F44-33CE-4667-AAB3-8D4F7BADCF09}: NameServer = 194.168.4.100 194.168.8.100

 

 

Thanks for taking the time to help me, much appreciated! :)

Share this post


Link to post
Share on other sites

Glad to be of help. :)

 

Good job getting cleaned up. :thumbsup:

 

Regards,

 

Gal

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0