Forum Home
Press F1

Thread ID: 55368	2005-03-09 02:34:00	Proud to Spy	tony_young480 (4942)	Press F1

Post ID	Timestamp	Content	User
332096	2005-03-09 02:34:00	The stupid AZE Searchbar infected my computer, but thats not half of it. When I went to MSN.com, I got the search engine. When I search, it comes up with unrelated results. When I used Google, the same thing happened. Any Help?	tony_young480 (4942)
332097	2005-03-09 02:49:00	Can u go to any site?? If not get this . merijn . org/files/hijackthis . zip" target="_blank">www . merijn . org From here . . spywareinfo . com/~merijn/downloads . html" target="_blank">www . spywareinfo . com I would post the site, BUT its one of these id ones from a Dell forum . So, I'll post what it says here Download, then unzip to "C:\HJT 1 . Click "Scan" 2 . Click "Save log" Notepad will pop-up with a copy of your system long, then: 1 . "Edit \| Select all" 2 . "Edit \| Copy" Next, let's "Reply" back to this post, then: 1 . Right-click on the message body . 2 . Select "Paste" Then just "Post" the message, and we'll analyze your log shortly, then post back any recommendation(s) . If these files are found Run HiJackThis and click "Scan", then check(tick) the following, if present: O2 - BHO: (no name) - {6F5F5719-01D2-4F61-AC0A-179CA851A910} - (no file) O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch . ocx O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\ . . \Run: [AlcxMonitor] ALCXMNTR . EXE O4 - HKLM\ . . \Run: [farmmext] C:\WINDOWS\farmmext . exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present . . . (Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this . ) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - . errorguard . com/installation/Install . cab" target="_blank">www . errorguard . com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - . real . com/0836c1a16bac19ee1602/netzip/RdxIE601 . cab" target="_blank">software-dl . real . com O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - Now, with all windows closed except HiJackThis, click "Fix checked" . Then Locate and delete the following item(s), if present . Make sure your able to view system and hidden files/ folders: files . . . C:\WINDOWS\farmmext . exe C:\WINDOWS\system32\azesearch . ocx Search for . . . ALCXMNTR . EXE . . . using "Start \| Search . . . " . - Note that some of these file(s) may or may not be present . If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode" .	Speedy Gonzales (78)
332098	2005-03-09 03:15:00	Sorry i've done that (azesearch.ocx deleted, can't find farmmext.exe) and ALCXMTR.EXE or what ever it's called can't be found. IS THERE ANOTHER WAY NOT INVOLVING HIJACKTHIS?	tony_young480 (4942)
332099	2005-03-09 03:18:00	Actually, here's my log: Logfile of HijackThis v1.99.1 Scan saved at 16:12:16, on 2005-3-9 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\InterVideo\DVD5R\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trillian\trillian.exe C:\Documents and Settings\Young\Local Settings\Temp\hijackthis[1].zip 的临时目录 1\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O1 - Hosts: 66.199.231.174 www.google.com O1 - Hosts: 66.199.231.174 google.com O1 - Hosts: 66.199.231.174 www.google.co.uk O1 - Hosts: 66.199.231.174 google.co.uk O1 - Hosts: 66.199.231.174 www.google.ca O1 - Hosts: 66.199.231.174 google.ca O1 - Hosts: 66.199.231.174 www.google.es O1 - Hosts: 66.199.231.174 google.es O1 - Hosts: 66.199.231.174 www.google.de O1 - Hosts: 66.199.231.174 google.de O1 - Hosts: 66.199.231.174 www.google.fr O1 - Hosts: 66.199.231.174 google.fr O1 - Hosts: 66.199.231.174 www.google.com.au O1 - Hosts: 66.199.231.174 google.com.au O1 - Hosts: 66.199.231.173 www.yahoo.com O1 - Hosts: 66.199.231.173 yahoo.com O1 - Hosts: 66.199.231.172 www.msn.com O1 - Hosts: 66.199.231.172 msn.com O1 - Hosts: 66.199.231.172 search.msn.com O1 - Hosts: 66.199.231.171 astalavista.com O1 - Hosts: 66.199.231.171 www.astalavista.com O1 - Hosts: 66.199.231.171 astalavista.box.sk O1 - Hosts: 66.199.231.171 www.astalavista.box.sk O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-cn\msntb.dll O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\azesearch.ocx (file missing) O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-cn\msntb.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O3 - Toolbar: AZESearch toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\azesearch.ocx (file missing) O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe" O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [yzwjot] C:\WINDOWS\yzwjot.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - bar.mywebsearch.com O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://by18fd.bay18.hotmail.msn.com O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - www.drivershq.com O16 - DPF: {098A3F72-3110-4004-B954-2F9DC44934B4} (AddSHCARoot Control) - www.sheca.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by18fd.bay18.hotmail.msn.com O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - appdirectory.messenger.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - toolbar.azesearch.com O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - runonce.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{BE1CD2EF-731C-4CBE-BC33-457E4AD1B535}: NameServer = 202.27.184.3,202.27.184.5 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe	tony_young480 (4942)
332100	2005-03-09 03:22:00	Anyway, I've been to Dell already.	tony_young480 (4942)
332101	2005-03-09 03:28:00	Your HOSTS file is full of search site redirects to 66.199 etc. Sort that first and you may be able to find help.	PaulD (232)
332102	2005-03-09 03:37:00	thanks everyone!	tony_young480 (4942)
332103	2005-03-09 03:52:00	These have to be removed as well C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O1 - Hosts: 66.199.231.174 www.google.com O1 - Hosts: 66.199.231.174 google.com O1 - Hosts: 66.199.231.174 www.google.co.uk O1 - Hosts: 66.199.231.174 google.co.uk O1 - Hosts: 66.199.231.174 www.google.ca O1 - Hosts: 66.199.231.174 google.ca O1 - Hosts: 66.199.231.174 www.google.es O1 - Hosts: 66.199.231.174 google.es O1 - Hosts: 66.199.231.174 www.google.de O1 - Hosts: 66.199.231.174 google.de O1 - Hosts: 66.199.231.174 www.google.fr O1 - Hosts: 66.199.231.174 google.fr O1 - Hosts: 66.199.231.174 www.google.com.au O1 - Hosts: 66.199.231.174 google.com.au O1 - Hosts: 66.199.231.173 www.yahoo.com O1 - Hosts: 66.199.231.173 yahoo.com O1 - Hosts: 66.199.231.172 www.msn.com O1 - Hosts: 66.199.231.172 msn.com O1 - Hosts: 66.199.231.172 search.msn.com O1 - Hosts: 66.199.231.171 astalavista.com O1 - Hosts: 66.199.231.171 www.astalavista.com O1 - Hosts: 66.199.231.171 astalavista.box.sk O1 - Hosts: 66.199.231.171 www.astalavista.box.sk O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\azesearch.ocx (file missing) O3 - Toolbar: AZESearch toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\azesearch.ocx (file missing) O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [yzwjot] C:\WINDOWS\yzwjot.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - bar.mywebsearch.com	Speedy Gonzales (78)
1