Jump to content


Photo

search-to-find.com


  • Please log in to reply
3 replies to this topic

#1 DougsMansion

DougsMansion

    Member

  • New Member
  • Pip
  • 4 posts

Posted 20 June 2004 - 09:27 PM

It seems I'm having some of the same problems as a lot of other people. My IE homepage was originally changed to res://xzsam.dll/index.html#96676 which is a "Home Search" page with a number of different links. The homepage address is now res://smsaf.dll/index.html#96676, but displays the same "Home Search" page. Also, when performing Google or Yahoo searches, a new IE window pops up with the address http://search-to-fin....php?qq=<search topic>&pin=96676, with <search topic> being whatever I searched for in Google or Yahoo. I am also receiving various popups which all seem to be connected to www.8ad.com. I also have "Home Search Assistent," "Search Extender," and "Shopping Wizard" installed in my control panel list. When I try to remove them I receive a message that says "Unable to open [url="http://looking-for.cc/uninstall/HomeSearchAssistent.html,""]http://looking-for.cc/uninstall/HomeSearch...ent.html,"[/url] "Unable to open [url="http://looking-for.cc/uninstall/SearchExtender.html,""]http://looking-for.cc/uninstall/SearchExtender.html,"[/url] and "Unable to open [url="http://looking-for.cc/uninstall/ShoppingWizard.html,""]http://looking-for.cc/uninstall/ShoppingWizard.html,"[/url] respectively. Any help would be greatly appreciated. I have posted my HiJackThis log below.




Logfile of HijackThis v1.97.7
Scan saved at 10:26:21 PM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\mfcpi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\appdg32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\smsaf.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://smsaf.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://smsaf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\smsaf.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://smsaf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\smsaf.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.bigfishga...bbles/plus.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D853BE15-7FD6-5366-6853-F6EAD33A6059} - C:\WINDOWS\system32\apita.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [mfcpi.exe] C:\WINDOWS\mfcpi.exe
O4 - HKCU\..\Run: [untfs] C:\WINDOWS\System32\untfs.exe
O4 - HKLM\..\RunOnce: [appdg32.exe] C:\WINDOWS\system32\appdg32.exe
O4 - HKLM\..\RunOnce: [d3ep.exe] C:\WINDOWS\d3ep.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab



Thank you in advance for anything you can do for me!!!

Edited by DougsMansion, 20 June 2004 - 09:37 PM.


#2 DougsMansion

DougsMansion

    Member

  • New Member
  • Pip
  • 4 posts

Posted 01 July 2004 - 08:58 PM

BUMP

#3 DougsMansion

DougsMansion

    Member

  • New Member
  • Pip
  • 4 posts

Posted 11 July 2004 - 10:48 AM

BUMP

#4 DougsMansion

DougsMansion

    Member

  • New Member
  • Pip
  • 4 posts

Posted 15 July 2004 - 07:31 PM

I've rebooted a couple times since my original post, so I thought I'd post a new HijackThis logfile. Any help would be greatly appreciated! Thanks a lot!


Logfile of HijackThis v1.97.7
Scan saved at 8:28:07 PM, on 7/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\atlxv32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\addjp.exe
C:\WINDOWS\javary.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujhms.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ujhms.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ujhms.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujhms.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ujhms.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ujhms.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.bigfishga...bbles/plus.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1267B80D-1183-D8F5-834A-13C4038C9320} - C:\WINDOWS\ipai32.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [atlxv32.exe] C:\WINDOWS\system32\atlxv32.exe
O4 - HKCU\..\Run: [untfs] C:\WINDOWS\System32\untfs.exe
O4 - HKLM\..\RunOnce: [atlkg.exe] C:\WINDOWS\atlkg.exe
O4 - HKLM\..\RunOnce: [sysgt.exe] C:\WINDOWS\system32\sysgt.exe
O4 - HKLM\..\RunOnce: [addjp.exe] C:\WINDOWS\addjp.exe
O4 - HKLM\..\RunOnce: [javaks32.exe] C:\WINDOWS\system32\javaks32.exe
O4 - HKLM\..\RunOnce: [javagr32.exe] C:\WINDOWS\system32\javagr32.exe
O4 - HKLM\..\RunOnce: [atlnt32.exe] C:\WINDOWS\system32\atlnt32.exe
O4 - HKLM\..\RunOnce: [apilk32.exe] C:\WINDOWS\system32\apilk32.exe
O4 - HKLM\..\RunOnce: [javary.exe] C:\WINDOWS\javary.exe
O4 - HKLM\..\RunOnce: [winuu.exe] C:\WINDOWS\system32\winuu.exe
O4 - HKLM\..\RunOnce: [msbh.exe] C:\WINDOWS\msbh.exe
O4 - HKLM\..\RunOnce: [cryd32.exe] C:\WINDOWS\system32\cryd32.exe
O4 - HKLM\..\RunOnce: [wingu32.exe] C:\WINDOWS\system32\wingu32.exe
O4 - HKLM\..\RunOnce: [msjs.exe] C:\WINDOWS\msjs.exe
O4 - HKLM\..\RunOnce: [sdkry.exe] C:\WINDOWS\system32\sdkry.exe
O4 - HKLM\..\RunOnce: [ieak32.exe] C:\WINDOWS\system32\ieak32.exe
O4 - HKLM\..\RunOnce: [netgz32.exe] C:\WINDOWS\system32\netgz32.exe
O4 - HKLM\..\RunOnce: [netku.exe] C:\WINDOWS\netku.exe
O4 - HKLM\..\RunOnce: [crqz32.exe] C:\WINDOWS\system32\crqz32.exe
O4 - HKLM\..\RunOnce: [ntft.exe] C:\WINDOWS\system32\ntft.exe
O4 - HKLM\..\RunOnce: [winei.exe] C:\WINDOWS\system32\winei.exe
O4 - HKLM\..\RunOnce: [ipdm.exe] C:\WINDOWS\system32\ipdm.exe
O4 - HKLM\..\RunOnce: [appwd32.exe] C:\WINDOWS\system32\appwd32.exe
O4 - HKLM\..\RunOnce: [mfckd32.exe] C:\WINDOWS\system32\mfckd32.exe
O4 - HKLM\..\RunOnce: [ievl32.exe] C:\WINDOWS\system32\ievl32.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button