Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

yoursearcher.com


  • Please log in to reply

#1
bodeston

bodeston

    New Member

  • Member
  • Pip
  • 4 posts
my homepage keeps getting set to yoursearcher.com and in my favorites i cant get rid of 4 links that go to porn sites and i dont know how they got there(younger brother prob. <_< ) please any help would be great! i have tried ad aware and hijack this but i cant get rid of this stuff.
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
bodeston

bodeston

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.96.2
Scan saved at 10:56:47 AM, on 8/31/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe
C:\WINDOWS\System32\wcwkhe.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\SYSTEM32\msconfig32.exe
C:\WINDOWS\SYSTEM32\ezadzpz.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjbburn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\WINDOWS\repair\asap.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bodeston\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phish.com...ndex_flash.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [asap] C:\WINDOWS\repair\asap.exe
O4 - HKLM\..\Run: [bfljtgkndkza] C:\WINDOWS\System32\wcwkhe.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] MSCONFIG32.EXE
O4 - HKLM\..\Run: [Winsock2 driver] EZADZPZ.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: cube.exe
O4 - Global Startup: TFTP1712
O4 - Global Startup: webdav.exe
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Wow that's an old version of Hijack This! Please download the latest version (1.98.2) and post a fresh log.

Download Hijack This here: -> http://www.geekstogo...n=download&id=3

You'll also need to apply all the Windows Critical updates, or we're just wasting our time: http://www.windowsupdate.com
  • 0

#5
bodeston

bodeston

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.98.2
Scan saved at 8:35:57 AM, on 9/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe
C:\WINDOWS\repair\asap.exe
C:\WINDOWS\System32\wcwkhe.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\EZADZPZ.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\SYSTEM32\msconfig32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phish.com...ndex_flash.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [asap] C:\WINDOWS\repair\asap.exe
O4 - HKLM\..\Run: [bfljtgkndkza] C:\WINDOWS\System32\wcwkhe.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Winsock2 driver] EZADZPZ.EXE
O4 - HKLM\..\Run: [*asap] C:\WINDOWS\repair\asap.exe
O4 - HKLM\..\Run: [MSConfig] MSCONFIG32.EXE
O4 - HKLM\..\RunOnce: [*asap] C:\WINDOWS\repair\asap.exe rerun
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] EZADZPZ.EXE
O4 - HKCU\..\RunOnce: [MSConfig] MSCONFIG32.EXE
O4 - Global Startup: cube.exe
O4 - Global Startup: TFTP1712
O4 - Global Startup: webdav.exe
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  • 0

#6
bodeston

bodeston

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hello????
  • 0

#7
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure. Please move Hijack This to a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu). Be sure you're able to view hidden files, and remove the following:

C:\Documents and Settgins\bodeston\Local Settings\Temp\pasa.dat
C:\WINDOWS\System32\wcwkhe.exe
C:\WINDOWS\System32\EZADZPZ.EXE
C:\WINDOWS\System32\MSCONFIG32.EXE
C:\WINDOWS\System32\cube.exe
C:\WINDOWS\System32\TFTP1712
C:\WINDOWS\System32\webdav.exe
C:\WINDOWS\System32\winlgn.exe
C:\WINDOWS\repair\asap.exe

Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phish.com...ndex_flash.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\bodeston\LOCALS~1\Temp\pasa.dat
O4 - HKLM\..\Run: [asap] C:\WINDOWS\repair\asap.exe
O4 - HKLM\..\Run: [bfljtgkndkza] C:\WINDOWS\System32\wcwkhe.exe
O4 - HKLM\..\Run: [Winsock2 driver] EZADZPZ.EXE
O4 - HKLM\..\Run: [*asap] C:\WINDOWS\repair\asap.exe
O4 - HKLM\..\Run: [MSConfig] MSCONFIG32.EXE
O4 - HKLM\..\RunOnce: [*asap] C:\WINDOWS\repair\asap.exe rerun
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] EZADZPZ.EXE
O4 - HKCU\..\RunOnce: [MSConfig] MSCONFIG32.EXE
O4 - Global Startup: cube.exe
O4 - Global Startup: TFTP1712
O4 - Global Startup: webdav.exe
O4 - Global Startup: winlgn.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

If you do not want the musicmatch tray icon, fix this one too:
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP