Jump to content


Photo

Help,HiJackThis LOG,can't get rid of thenewsearch


  • Please log in to reply
2 replies to this topic

#1 xer

xer

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 26 May 2004 - 06:58 AM

Scan saved at 02:50:44, on 5/25/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\WINDOWS\RUNWIN32.EXE
C:\WINDOWS\WININET32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\PEERGUARDIAN PR14\PEERGUARDIAN_1.99B_PR14.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MP3\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] E:\Downloads\Avast\ashServ.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: Search Using Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic (HKLM)
O9 - Extra button: Copernic (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
O9 - Extra 'Tools' menuitem: ?????? ??????? ?????? (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ויזה כ.א.ל (HKCU)
O9 - Extra button: ביטוח (HKCU)
O9 - Extra button: מעריב (HKCU)
O9 - Extra button: תמיכה (HKCU)
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7876.2879513889
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

What to do? I think I was seriously abducted by some hijacker,I tried spybot,it helped,but it came back,tried CWSshredder also.I am the only administrator on my PC,it's a home PC,noone uses it but me.Also I couldnt access regedit, it told that the Admin denied,I don't remember doing that.but I think I fixed that.
Also I get these messages recently:
1.(On Blue Screen)_-->No spare stack pages.It may be necessary to increase MinSPs in System.ini to prevent possible stack fault.Currently 5 minSps allocated.

2.Little blue Announcement popping up--->Current security settings prohibit running Active controls on this page.Page may not display correctly.Click OK
(I didn't change anything.)

3.On pages that last week I was able to see without any problems are now showing me error page with the announcement below:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 26 May 2004 - 06:27 PM

To start cleaning up your computer, please download CWShredder
This was written to deal with Coolweb and all its variants.

Download and run the program. Let it fix everything it finds, and reboot.

Run Hijack this again, and post a fresh log so we can deal with whatever is left.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 2x%dfid

2x%dfid

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 27 May 2004 - 09:09 AM

CW Shredder has worked for me, thanks dave38!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button