re: Unwanted Search Page/Search Engine
Wednesday, July 9, 2003 at 3:30 pm
Windows XP Annoyances Discussion Forum
Posted by Raynald Lachance
(11 messages posted)
Hello Carol,
Thanks for your generous involvment. In response to your suggestion for softwares
that could fix my problem, here is a brief update.
I downloaded Ad-aware and SpyBot, as mentioned earlier and scanned the whole system.
Looks like I did something wrong. I can’t find the logs that Spy-Bot has supposedly
produced. Yet, below are some logs from Ad-aware, from the auto-quarantine section.
I also installed SpywareBlaster which does an excellent job. Finally, I downloaded
HiJackThis.
I managed to do something wrong there also. I can not acces the back-up or the log
files, except on the Ignorelist.
But, I can't copy and paste here for your review. The copy and paste works on the
Info box, but not in the Ignorelist. There is nothing showing in the Backups box.
Here is the type of stuff shown in that Ignorelist box, where the figures in brackets
are the number of appearances. The infamous 5%33%39% and its buddies sure is there:
R0 - Changed registry value (8)
R1 - Created registry value (17)
O1 - Hijack of auto.search.msn.com with Hosts file (4)
O2 - Enumeration of existing MSIE BHO's (4)
O3 - Enumeration of existing MSIE toolbars (2)
O4 - Enumeration of suspicious autoloading Registry entries (18)
O8 - Extra MSIE context menu items (7)
O16 - Download Program Files item (2)
O19 - User stylesheet hijack (1)
Thanks again for your help and advices.
Ray
Ad-aware log July 3rd, 2003 (1st)
ArchiveData(auto-quarantine- 03-07-2003 23-05-35.bckp)
EBATES MONEYMAKER
obj[0]=RegValue : Software\Microsoft\Internet Explorer\Extensions\CmdMapping
obj[18]=RegKey : Software\Microsoft\Internet Explorer\Extensions\{7F241C00-DAB6-11d5-AAA8-0001028DF1BC}
obj[19]=RegKey : Software\Microsoft\Internet Explorer\MenuExt\Ebates
obj[20]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebatesver2.xml
MYSEARCH
obj[1]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[30]=RegKey : CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
obj[31]=RegKey : Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
obj[32]=RegKey : Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}
obj[33]=RegKey : Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}
obj[34]=RegKey : Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}
obj[35]=RegKey : Software\MySearch
obj[36]=RegKey : Software\MySearch
obj[37]=RegKey : TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10}
obj[69]=File : c:\program files\mysearch\bar\1.bin\mysearchpluginproxy.class
obj[70]=File : c:\program files\mysearch\bar\1.bin\s42ns.exe
obj[71]=File : c:\program files\mysearch\bar\1.bin\s4bar.dll
obj[72]=File : c:\program files\mysearch\bar\s4bareq.exe
ALEXA
obj[2]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
DIALER
obj[3]=RegKey : IEAccess2.IEDial
obj[4]=RegKey : IEAccess2.IEDial.1
obj[5]=RegKey : Interface\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}
obj[6]=RegKey : Interface\{D24A1963-9951-4153-A340-6648759EB77D}
obj[7]=RegKey : Software\SiteIcons
obj[8]=RegKey : Software\SiteIcons
obj[9]=RegKey : Typelib\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}
obj[45]=RegKey : Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software
Publishing\Trust Database\0
obj[50]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp198\a0025733.dll
obj[57]=File : c:\windows\inf\nsupd9x.inf
obj[58]=File : c:\windows\lastgood\system32\nsupdate.dll
obj[59]=File : c:\windows\pcconfig.dat
DIALER-OFFLINE
obj[10]=RegKey : CLSID\{CEB29DA4-7AFA-4F24-B3CD-17351D590DF0}
obj[11]=RegKey : DialerOffline.COMDialer
obj[12]=RegKey : DialerOffline.COMDialer.1
obj[13]=RegKey : Interface\{1773B696-B019-4FC1-9EED-B1C7F925F56A}
obj[14]=RegKey : Interface\{20270406-63AD-4C7E-AE8D-BB632E508ACE}
obj[15]=RegKey : TypeLib\{A8882720-E26C-4073-8B8A-981D32882AF7}
DYFUCA
obj[16]=RegKey : SOFTWARE\Avenue Media
obj[17]=RegKey : Software\FCI
obj[60]=File : c:\windows\nem211.dll
E-GROUP
obj[21]=RegKey : CLSID\{946B0485-8F8C-4C35-A6E7-D2115E3B0B4F}
obj[22]=RegKey : DHTMLAccess.HTMLAccess
obj[23]=RegKey : DHTMLAccess.HTMLAccess.1
obj[24]=RegKey : Interface\{79733E69-6E1C-4682-BDF5-710D217A4125}
obj[25]=RegKey : Interface\{F513E3DA-5579-4981-8ABC-99E411893C3D}
obj[26]=RegKey : Software\egroup
obj[27]=RegKey : Typelib\{99FF4323-E68C-46DC-8F48-1F79A7005336}
obj[56]=File : c:\windows\system32\dhtmlaccess.dll
ISTBAR
obj[28]=RegKey : Software\IST
obj[29]=RegKey : Software\ISTbar
obj[49]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp173\a0024585.dll
obj[51]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp198\a0025777.dll
obj[54]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp207\a0026255.exe
OTHER
obj[38]=RegKey : Software\ETraffic
obj[39]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ETraffic
PURITYSCAN
obj[40]=RegKey : Software\PurityScan
TIB BROWSER
obj[41]=RegKey : Software\WebSiteViewer
obj[73]=File : c:\program files\websiteviewer\109154.ban
XXX-TOOLBAR
obj[42]=RegKey : CLSID\{3789CBF0-C4CA-4e98-B93B-22ACF0587FBA}
obj[43]=RegKey : CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
obj[44]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
WINDOWS
obj[46]=RegData : Software\Microsoft\MediaPlayer\Player\Settings
TOPMOXIE
obj[47]=Folder : C:\Program Files\topMoxie\com\ETraffic
obj[48]=Folder : C:\Program Files\topMoxie
obj[68]=File : c:\program files\topmoxie\javarun.exe
BARGAINBUDDY
obj[52]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp198\a0025784.dll
obj[53]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp198\a0025862.exe
RAPIDBLASTER
obj[55]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp207\a0026256.exe
TRACKING COOKIE
obj[61]=File : c:\documents and settings\raynald\cookies\raynald@z1.adserver[1].txt
obj[62]=File : c:\documents and settings\raynald\cookies\raynald@servedby.advertising[2].txt
obj[63]=File : c:\documents and settings\raynald\cookies\raynald@advertising[1].txt
obj[64]=File : c:\documents and settings\raynald\cookies\raynald@bfast[2].txt
obj[65]=File : c:\documents and settings\raynald\cookies\raynald@doubleclick[2].txt
obj[66]=File : c:\documents and settings\raynald\cookies\raynald@targetnet[2].txt
obj[67]=File : c:\documents and settings\raynald\cookies\raynald@counter.hitslink[1].txt
Ad-aware log July 3rd, 2003 (2nd)
ArchiveData(auto-quarantine- 03-07-2003 21-44-10.bckp)
DIALER
obj[0]=RegKey : CLSID\{1D2DCA0D-B30F-40AD-9690-087105F214EC}
Ad-aware log July 3rd, 2003 (3rd)
ArchiveData(auto-quarantine- 03-07-2003 23-16-00.bckp)
TOPMOXIE
obj[0]=Folder : C:\Program Files\topMoxie
DIALER
obj[1]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp207\a0026285.dll
DYFUCA
obj[2]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp207\a0026286.dll
MYSEARCH
obj[3]=File : c:\system volume information\_restore{90364106-233d-4b9d-a994-de6a5705a07d}\rp207\a0026289.exe
Ad-aware log July 3rd, 2003 (4th)
ArchiveData(auto-quarantine- 03-07-2003 23-30-24.bckp)
TOPMOXIE
obj[0]=Folder : C:\Program Files\topMoxie
Ad-aware log July 3rd, 2003 (5th)
ArchiveData(auto-quarantine- 03-07-2003 23-30-29.bckp)
TOPMOXIE
obj[0]=Folder : C:\Program Files\topMoxie
Ad-aware log July 4th, 2003
ArchiveData(auto-quarantine- 04-07-2003 00-11-17.bckp)
TRACKING COOKIE
obj[0]=File : c:\documents and settings\raynald\local settings\temp\cookies\raynald@doubleclick[1].txt
obj[1]=File : c:\documents and settings\raynald\local settings\temp\cookies\raynald@atdmt[2].txt
obj[2]=File : c:\documents and settings\raynald\local settings\temp\cookies\raynald@hitbox[2].txt
OTHER
obj[3]=File : c:\documents and settings\raynald\local settings\temp\cookies\raynald@cgi-bin[1].txt
On Saturday, July 5, 2003 at 2:48 pm, Carol wrote:
>
>Raynald,
>
>No, you don't need to contact the Spybot creator. As I said in another post, Spybot
>removes all the spybot junk, but it doesn't always restore the search features.
That's
>why they suggest running Spybot first to remove as much spyware as possible, otherwise
>the 'HT' log will be very lengthy, with unnecessary junk to go through. It's nothing
>wrong with Spybot, and it can only do so much.
>
>There are usually just a few items to fix, and Hijack This does it automatically,
>once we look through it and choose which items to fix. I've gone through a lot of
>these log files for people. You'll see what I mean, so just follow these instructions.
>Download Hijack This:
>http://www.tomcoyote.org/hjt/
>
>Hijack This
>
>Unzip 'HT' into a new folder. Then double click the .Exe file to run it. Choose
Scan.
>It will display a list. Most of the things you see listed are necessary or required
>entries, so don't fix anything yet. Although, you may recognize which ones to fix.
>
>The Scan button will turn into Save Log. Choose Save Log. Choose Edit then Select
>all, then copy and paste the contents in a post. I'll look it over for you and advise
>you on what to choose to have fixed.
>
>Be sure to choose this option before posting: "Check this box to preserve your spacing,
>or leave it unchecked to have your text wrapped automatically."
>
>
>
>
|
All messages in this thread [show all]
 |  | | |  | re: Unwanted Search Page/Search Engine (Raynald Lachance: Wed, Jul 9, 2003, 3:30 pm) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
