• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
zulu1128

Unable to Remove Your-Searcher.com

2 posts in this topic

I was just blasted with spyware as well as a couple of worms (removed by McAfee) and need some assistance if possible. Brower hijaced by your-searcher and it also keeps putting favorites in my list. I am also having the following other issues:

 

- Everytime I start a program, I get a Microsoft Office XP setup dialog box directing me to the CD to install something.

 

- Everytime I shutdown I get a program not responding for something called "WinMin"

 

- when I type an address in the bar, it redirects me.....

 

Hijack This log attached. Any help would be appriciated!!!!!

 

Logfile of HijackThis v1.98.0

Scan saved at 9:05:00 AM, on 7/23/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\myCIO\VScan\McShield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\myCIO\Agent\myAgtSvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ienq32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\myCIO\Agent\myagttry.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\WLANSTA.EXE

C:\WINDOWS\system32\ieps32.exe

C:\Program Files\SpyKiller\spykiller.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\WINDOWS\System32\msiexec.exe

C:\Documents and Settings\rallen\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qhdqn.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qhdqn.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qhdqn.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qhdqn.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5F180D9D-9458-3702-9EB3-84B7CCFF9CC5} - C:\WINDOWS\apiwf.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe

O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe

O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START

O4 - HKLM\..\Run: [ieps32.exe] C:\WINDOWS\system32\ieps32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [ienq32.exe] C:\WINDOWS\system32\ienq32.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: winlgn.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab

O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab

O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/C...nts/msvcp71.cab

O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/C...nts/msvcr71.cab

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/sv/online.chm::/on-line.exe

O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com/VS2/bin/myCioAgt.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.8.0.201.dll

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0