1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mysearchnow The Aftermath.

Discussion in 'Virus & Other Malware Removal' started by AraVitz, Sep 13, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. AraVitz

    AraVitz Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    3
    Recently I acquired Mysearchnow spyware and TaskBar.

    As I have been using Spybot SD and Norton AV and since I keep them up to date I just couldn't understand how it happend.

    Yet I set out to erradicate this unwanted *#^$&# from my pc.
    As I proceded everything seemed to go well. Now 2 hours later I removed everything from my pc as far as I can tell.

    I used Spybot, I used Norton, I used Hijack this (to some extent) I used Administrative Tools to clean my Registry, I even did some manual.

    however, I am no genius and ever since I had mysearch on my pc I got some other problems. I can't get on some sites any more.

    I can't get on www.astalavista.com. I don't get a 404, but I am redirected and then I get an error msg. I just have the feeling this has to do with some spyware or virus. because I didn't change any settings and I use to be perfectly able to open that site. Besides I have this problem with other sites to. Sometimes I get the error.. sometimes I am still redirected to www.mysearchnow.com.. This pisses me off.
    Since TonyKlein and all you others out here helped so many allready, I was hoping you could help me to, or give me a push in the right direction!!

    To start I'll post my Hijack this log, I'm sure I missed something there.

    Logfile of HijackThis v1.97.2
    Scan saved at 18:30:02, on 13-9-2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\DRIVER~1\DRIVES~1.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\1043\wfxmsrvr.exe
    C:\PROGRA~1\MICROS~2\Office\1043\OLFMOD32.EXE
    D:\Drivers and Updates\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {15f1b4c9-38d7-48ad-81d7-a46fe7fc23cc} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37678.8562384259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J25317.tjar.com
    O17 - HKLM\Software\..\Telephony: DomainName = J25317.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9378A6-55C2-43DE-AF14-5F6EAED364B6}: Domain = J25317.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A7F25BEE-3D8E-458C-A03F-59741915617E}: Domain = J25317.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FD14F39D-F432-4F85-97A1-8B08C067CA48}: Domain = J25317.tjar.com



    Besides I allready used CWRshredder, from www.tomcoyote....

    Thanxz allready.

    Aragorn Meulendijks

    the netherlands.
     
  2. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
    Fix with HijackThis:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {15f1b4c9-38d7-48ad-81d7-a46fe7fc23cc} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = J25317.tjar.com
    O17 - HKLM\Software\..\Telephony: DomainName = J25317.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9378A6-55C2-43DE-AF14-5F6EAED364B6}: Domain = J25317.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A7F25BEE-3D8E-458C-A03F-59741915617E}: Domain = J25317.tjar.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FD14F39D-F432-4F85-97A1-8B08C067CA48}: Domain = J25317.tjar.com
     
  3. AraVitz

    AraVitz Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    3
    Thanxz a million
     
  4. AraVitz

    AraVitz Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    3
    besides How do you know which ones are wrong?
    I don't want to keep harrassing you guys!!
    What do I look for??
     
  5. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164502

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice