Results 1 to 11 of 11

Thread: hijacked search engines

  1. #1
    kendallpkkid
    Guest

    hijacked search engines

    this is a hijack this log can you please tell me what shouldn't be here

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
    C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
    C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\ENIGMA POPUP STOP\ENIGMAPOPUPSTOP.EXE
    C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\ENIGMAFIREWALL\ENIGMAFIREWALL.EXE
    C:\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cnn.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [Enigma Firewall] C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
    O4 - HKLM\..\Run: [XFILTER] C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\ENIGMAFIREWALL\ESPFSDK.DLL
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
    O4 - HKCU\..\Run: [AIM] C:\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
    O4 - Startup: NkVwMon.exe.lnk.disabled
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\espfspi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\espfspi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\espfspi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\espfspi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\espfspi.dll
    O12 - Plugin for .wmv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
    O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O12 - Plugin for .UVR: C:\PROGRA~1\INTERN~1\Plugins\NPUPano.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...864.6590740741
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/124d245f...p/RdxIE601.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

  2. #2
    P/T Pagan God thepieman's Avatar
    Join Date
    Nov 2003
    Location
    Brooklyn , New York
    Posts
    13,400
    Before you do anything uninstall that spyhunter program you have installed. Its garbage.


    EnigmaFireWall, made by the same company that makes SpyHunter, a spyware removal program that uses questionable/misleading business practices , http://www.enigmasoftware.com/products.shtml
    SG Pimp Name : *Treacherous P. Shizzle*
    *
    The fight for our way of life needs to be fought on our own soil, for our own people and because of our own interests.
    *
    Hey, If Me & My Buddies Were Making Billions of Dollars I'd Tell Ya What Ya Wanted To Hear Too!

  3. #3
    P/T Pagan God thepieman's Avatar
    Join Date
    Nov 2003
    Location
    Brooklyn , New York
    Posts
    13,400
    Quote Originally Posted by kendallpkkid
    this is a hijack this log can you please tell me what shouldn't be here

    CC:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE


    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/124d245f...p/RdxIE601.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    Take those out.

    Pie
    SG Pimp Name : *Treacherous P. Shizzle*
    *
    The fight for our way of life needs to be fought on our own soil, for our own people and because of our own interests.
    *
    Hey, If Me & My Buddies Were Making Billions of Dollars I'd Tell Ya What Ya Wanted To Hear Too!

  4. #4
    kendallpkkid
    Guest
    thanks I will do that

  5. #5
    kendallpkkid
    Guest
    The real problem with my computer is that when I go on ie and go to a search engine, I get fake responces like this

    Kodak: Compare Prices
    Compare prices at 40,000 Stores. Find the Best Deals at BizRate.com!

    Kodak At Dealtime
    Compare Prices from 1,000s of stores - Find the Best Deals HERE!

    Kodak - Best Total Prices At NexTag.com
    Find the Best Total Prices including tax and shipping costs at customer-rated online stores.

    Can you help me fix this I have tried everything

    This problem occured way before I had spyhunter or anyother software of that sort

  6. #6
    SCSI Dude Faust's Avatar
    Join Date
    Apr 2000
    Location
    Huntington Beach, CA
    Posts
    8,712
    do this. look for a folder on your system called "hosts". location could vary depending on OS, but more then likely, its in C:\WINNT\system32\drivers/etc, or something similar.

    open it using notepad (right-click file, select "open with").

    my guess is it;s loaded with redirects for the search engine you use (as well as probably every other major search engine/domain).

    delete everything except 127.0.0.1 localhost (the first entry) and save.

    if my gut feeling is correct, your problem will be solved (regarding the search engine redirects anyways). this was a pretty big problem for awhile.
    "Today is a black day in the history of mankind."

    - Leo Szilard

  7. #7
    Elite Member Norm's Avatar
    Join Date
    Mar 2001
    Posts
    14,160
    Also, in IE properties>advanced uncheck "Enable 3rd party browser extentions"
    You want that disabled. By default it is enabled.
    Disabling it will force IE to clean itself up and start fresh again.
    It will also remove any "good" extentions like eg: Google toolbar.

  8. #8
    kendallpkkid
    Guest

    Talking

    thanx for the help I will do that

  9. #9
    kendallpkkid
    Guest
    bad news I tried both of your Ideas and neither worked.

    Faust I didnt have any redirects do you have anyother Ideas.

  10. #10
    SG Enthusiast Jstyr's Avatar
    Join Date
    Nov 2001
    Location
    The Swamp
    Posts
    2,822
    Browse to your Program Files/MySearch (or MYwebSearch) and delete everything in it including the folder itself.

    You may need to delete those unknown files in the Winsock LSP. That looks suspicious to me.

    Make sure you download the LSP fix before removing these entries. You may need to run it to rebuild the winsock.

    Have you run Ad-AwareSE and Spybot S & D?
    spec-
    Rig #1- AMD XP 2400+, A-Bit KR7A/266, Gainward Geforce3 ti200 64mb Golden Sample, 1GB Crucial DDR, 40 gig WD HDD (7200), XP PRO, Vantec Stealth 420 PSU, Soundblaster Live 5.1
    Rig #2- P4 2.4c, Abit IC7 800 FSB /w onboard sound, Radeon 9700 Pro 128, 1 Gig Corsair 3200 XMS, Dual (SATA) 36GB WD Raptor's in RAID 0, XP Pro, Antec Truepower 400
    Rig #3-AMD Barton 2500+, Albatron KX600 (via), 1 gig Corsair 3200, Radeon 9600 Pro 128, Seagate 80 gig HD, Antec Truepower 400

  11. #11
    kendallpkkid
    Guest
    yes

Similar Threads

  1. Search engine hijacked!
    By summerbreezer in forum Network Security
    Replies: 6
    Last Post: 08-22-04, 10:10 PM
  2. Can't use any search engines
    By Cameron203 in forum Software Forum
    Replies: 8
    Last Post: 09-24-03, 10:52 AM
  3. search engines
    By Mr_Patata in forum Software Forum
    Replies: 2
    Last Post: 08-12-03, 12:26 PM
  4. 1400 Search Engines Worldwide,Startup Disk's
    By minir in forum General Discussion Board
    Replies: 0
    Last Post: 12-10-01, 01:58 AM
  5. Search Engine Hijacked !!
    By Sandovaal in forum Network Security
    Replies: 4
    Last Post: 07-03-01, 02:24 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •