Mysearchnow The Aftermath.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

AraVitz

Thread Starter
Joined
Sep 13, 2003
Messages
3
Recently I acquired Mysearchnow spyware and TaskBar.

As I have been using Spybot SD and Norton AV and since I keep them up to date I just couldn't understand how it happend.

Yet I set out to erradicate this unwanted *#^$&# from my pc.
As I proceded everything seemed to go well. Now 2 hours later I removed everything from my pc as far as I can tell.

I used Spybot, I used Norton, I used Hijack this (to some extent) I used Administrative Tools to clean my Registry, I even did some manual.

however, I am no genius and ever since I had mysearch on my pc I got some other problems. I can't get on some sites any more.

I can't get on www.astalavista.com. I don't get a 404, but I am redirected and then I get an error msg. I just have the feeling this has to do with some spyware or virus. because I didn't change any settings and I use to be perfectly able to open that site. Besides I have this problem with other sites to. Sometimes I get the error.. sometimes I am still redirected to www.mysearchnow.com.. This pisses me off.
Since TonyKlein and all you others out here helped so many allready, I was hoping you could help me to, or give me a push in the right direction!!

To start I'll post my Hijack this log, I'm sure I missed something there.

Logfile of HijackThis v1.97.2
Scan saved at 18:30:02, on 13-9-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\DRIVER~1\DRIVES~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\1043\wfxmsrvr.exe
C:\PROGRA~1\MICROS~2\Office\1043\OLFMOD32.EXE
D:\Drivers and Updates\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {15f1b4c9-38d7-48ad-81d7-a46fe7fc23cc} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37678.8562384259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J25317.tjar.com
O17 - HKLM\Software\..\Telephony: DomainName = J25317.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9378A6-55C2-43DE-AF14-5F6EAED364B6}: Domain = J25317.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7F25BEE-3D8E-458C-A03F-59741915617E}: Domain = J25317.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD14F39D-F432-4F85-97A1-8B08C067CA48}: Domain = J25317.tjar.com



Besides I allready used CWRshredder, from www.tomcoyote....

Thanxz allready.

Aragorn Meulendijks

the netherlands.
 
Joined
Nov 10, 2002
Messages
1,344
Fix with HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {15f1b4c9-38d7-48ad-81d7-a46fe7fc23cc} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J25317.tjar.com
O17 - HKLM\Software\..\Telephony: DomainName = J25317.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9378A6-55C2-43DE-AF14-5F6EAED364B6}: Domain = J25317.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7F25BEE-3D8E-458C-A03F-59741915617E}: Domain = J25317.tjar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD14F39D-F432-4F85-97A1-8B08C067CA48}: Domain = J25317.tjar.com
 

AraVitz

Thread Starter
Joined
Sep 13, 2003
Messages
3
besides How do you know which ones are wrong?
I don't want to keep harrassing you guys!!
What do I look for??
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top