Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

abcsearch [CLOSED]

Started by psv123456 , Jul 19 2005 02:12 PM

  • This topic is locked This topic is locked

#1
psv123456
Posted 19 July 2005 - 02:12 PM

psv123456

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

I'm having the following problem. When I use Google to find anything, then the results from the search are replaced with www.abcsearch.com which then redirects to encyclopedia.dictionary.com or somthing like that. Selecteing the link from google and cur/paste into IE does work without any problem. When I try to open a link "in New Window" then this new window just hangs.

I already tried

Ad-Aware AVG Virus, CWShredder,spybots,trendmicro, intermute. But still no luck.

Just got a message from AVG that it found a Trojan Horse Clicker.FR While opening file: C:\Windows\System\rdsndin.exe

Update 20-07-2005: All links get redirected to http://66.230.167.24...71201271968&r=1. Which redirect then to all sort of other search pages/results starware, abcsearch. I just can not find out where this is coming from. A bit of a shame that there are so many posts on this forum, it seems to tke forever getting my first reply.




Here is my hijackThis log.




Logfile of HijackThis v1.99.1
Scan saved at 22:21:17, on 19/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0413&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c=0413&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0413&s=search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presar...&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\SYSTEM\reminder.exe
O4 - HKCU\..\RunServices: [Reminder] C:\Program Files\Microsoft Money\SYSTEM\reminder.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {A6DCA047-3979-41C8-A5B6-57013B4EC57C} (Fetcher Class) - http://www.ob.gouda....ttpfetcher2.dll
O16 - DPF: {CC0FC8B5-F895-11D2-BCDC-00105A68DFF3} (CIDSETTER Class) - http://www.ob.gouda....ents/CIDSET.dll
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.83...hm::/update.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

Edited by psv123456, 20 July 2005 - 12:21 PM.

  • 0

Advertisements

#2
tampabelle
Posted 26 July 2005 - 10:06 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

If the problem has been resolved, please let us know.
  • 0

#3
psv123456
Posted 26 July 2005 - 11:30 AM

psv123456

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello, My system seems to be clean, however when I open a new window from Internet Explorer (using a link) then the new window just hangs.

Do you know how I could resolve this?
  • 0

#4
tampabelle
Posted 26 July 2005 - 11:36 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you post a fresh HJT log ??
  • 0

#5
psv123456
Posted 26 July 2005 - 11:41 AM

psv123456

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 19:42:11, on 26/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0413&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c=0413&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0413&s=search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presar...&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [HCLEAN32.EXE] C:\WINDOWS\SYSTEM\HCLEAN32.EXE
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\SYSTEM\reminder.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
  • 0

#6
tampabelle
Posted 26 July 2005 - 12:24 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

Your HJT log is clean. So we need to do a little bit of cleaning up.


1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp

2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Run CleanUp and delete all temp files including temporary internet files


Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#7
psv123456
Posted 29 July 2005 - 01:23 AM

psv123456

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi tampabella,

Was there any reason why I should use that scanner. It doesn't work. At the point of downloading my system just hangs. I've used other virusscanners and they didn't find any problem at all. I've got the feeling that one of the virusses that I removed damaged something.
  • 0

#8
tampabelle
Posted 29 July 2005 - 06:20 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi psv,


My signature has 4 online scans listed. Do an online scan at any one of them and then post back the scan report !!!
  • 0

#9
psv123456
Posted 29 July 2005 - 12:15 PM

psv123456

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi tampabella,

I tried them all, but I keep getting the same problem, just before they start scanning they open a new window. And those windwos just hang

psv
  • 0

#10
tampabelle
Posted 29 July 2005 - 01:28 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi psv,

I see that you have Opera running on your PC.

Have you installed the Opera browser ?? Are you having the same problem with Opera browser also ???
  • 0

#11
psv123456
Posted 29 July 2005 - 02:31 PM

psv123456

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yep, same problem, they don't seem to run on Opera either ( but it might be for a different reason!). To me it looks like these sites don't support Opera.
  • 0

#12
tampabelle
Posted 29 July 2005 - 02:34 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi psv,

yeah those online scans wont work on opera !!!

I was checking as to whether the issue that you have with IE also persists with Opera !!! i.e. browser freezing etc.
  • 0

#13
psv123456
Posted 30 July 2005 - 11:34 AM

psv123456

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Opera seems to work alrigth, except that I can not run online scans from Opera
  • 0

#14
tampabelle
Posted 30 July 2005 - 12:09 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi psv,


There are two things I want you to do -

1. Uninstall IE. Go to Add or Remove Programs in Control Panel. IE would not show with other programs but under Windows Components.

Please visit page at Microsoft - http://www.microsoft...p1/default.mspx and download and reinstall IE.

This will replace all the required files.


2. Please run an online scan at http://uk.trendmicro...call_launch.php


I have tried this online scan on Firefox and believe that this should work on Opera also !!!


Let me know how IE behaves after the reinstall and please post a copy of the scan report here in your next reply.
  • 0

#15
tampabelle
Posted 14 August 2005 - 10:28 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP