Jump to content


Photo

yoursearch247/Nameless spyware problem


  • Please log in to reply
3 replies to this topic

#1 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 08 June 2004 - 09:07 AM

I've had this problem with yoursearch247 for quite a while. It puts itself as my home page, erases pages in my history and replaces them with itself. I tried CWShredder and Ad Aware and made some progress, it got rid of the yoursearch247, but immediately something else replaced it. It's nameless (just says “Search The Web), doesn't have a real address, only numbers (69.50.173.154/index.php). Also, lately it's started to disconnect me for no reason, change the number my modem is dialling to and change the name and password for same. And it won't let me register e-mail accounts or log into the ones I already have. The problem with registering is the words/numbers that you have to type. For example it may show you a picture of the word "spyware" with a line through it and you have to type it into a box. Well, no matter how many times I try it says I've typed it wrong. Because of this, I had to get someone else to register this account and give me the name and password. I've tried CWShredder and Ad Aware and this doesn't remedy my problem, so here's my Hijack This log. sorry for rambling, I hope I've been clear.

Logfile of HijackThis v1.97.7
Scan saved at 01:40:03, on 08/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michéal\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Windows Media Player\WMPLAYER.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.173.254/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.173.254/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.173.254/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.173.254/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.173.254/search.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.50.173.254/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.50.173.254/search.php
O1 - Hosts: 69.50.173.254 auto.search.msn.com
O1 - Hosts: 69.50.173.254 auto.search.msn.com
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EBABB3D-51E1-45EA-8D93-EE135BA80020}: NameServer = 159.134.237.6 159.134.248.17

Thanks in advance for anyone that helps.

#2 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 08 June 2004 - 10:41 AM

bump

#3 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 08 June 2004 - 01:53 PM

Sorry to bump again but it's dropped off

#4 leprechaun 316

leprechaun 316

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 June 2004 - 12:36 PM

One more bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button