HERE4SEARCH.COM [HijackThis log, help needed]

I tried Hijackthis and this is my log report...any help?

Logfile of HijackThis v1.99.0
Scan saved at 9:35:44 PM, on 1/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cleanmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\GSPN110\DESKTOP\WINZIP\winzip32.exe
C:\Documents and Settings\GSPN110\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{421EFC20-716B-4736-BD70-02D7AB2AF641}: NameServer = 151.198.0.38 151.197.0.38
O20 - AppInit_DLLs: iru53syp8cijcu.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{421EFC20-716B-4736-BD70-02D7AB2AF641}: NameServer = 151.198.0.38 151.197.0.38
O20 - AppInit_DLLs: iru53syp8cijcu.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

can you recommend something...

 

Yes, I can recommend something. Unzip HJT and run it from it's own folder. It works better this way. Running it inside Winzip is not a good idea.

 

Markp62...

thanks so much for your suggestion, unfortunately, I ran hjt from its own folder and it still has not worked, this seems to be a bigger problem than i thought, everytime i open up my ie browser, that website comes out with pop ups? here is the new log, any other suggestions? or help on recommending?

Logfile of HijackThis v1.99.0
Scan saved at 8:00:40 AM, on 1/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cleanmgr.exe
C:\Documents and Settings\GSPN110\Local Settings\Temp\HijackThis.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\Expertcity\GoToMyPC\g2mainh.exe
C:\Program Files\Expertcity\GoToMyPC\g2host.exe
C:\Program Files\Expertcity\GoToMyPC\g2printh.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GSPN110\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O20 - AppInit_DLLs: df3w2l3yumfdvh.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

 

That is an extremely short HJT log, I feel there is something else that is preventing it from completing it's job. For instance, your 04's, which are your startups, and if you ever went to Windows Update, it's ActiveX control (016 -DPF in HJT) is missing.
I can see only three items to remove. The first one is your bad homepage.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O20 - AppInit_DLLs: df3w2l3yumfdvh.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

Have you used Spybot or Ad-Aware?

 

hello again..

thanks once again for your prompt response, i have used a spyware called spy checker and it still is of no good use.

 

Go to the Quicklinks page, listed in my signature.
Get Spybot and Ad-Aware, and install them, both are free and are the best. Update them both before doing a scan.
Use Ad-Aware with a Custom Full Scan.
When using spybot, let it remove everything already checked off.
Then post a new log.

 

thank you so much... i 'm not sure if this worked...but here is the log...everything appears to be ok...

Logfile of HijackThis v1.99.0
Scan saved at 4:23:54 PM, on 1/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\GSPN110\Desktop\HijackThis.exe
C:\Documents and Settings\GSPN110\Desktop\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

does it all seem to be ok?? thanks so much for your help..look forward to your response..

 

Your logs, oddly, are getting smaller (and don't show us the things we expect to see) and I wonder if you are copying/pasting the entire log properly. Once you scan and save the log, click edit on the toolbar and choose select all. Then click edit again and choose copy. Open a reply window here and paste.

On another note, I don't see any anti-virus software running. I recommend you go to the quicklinks again and download one and install, then update and scan your computer. AVG is free and used by many folks here.

 

You've definitely have something else here. Your log looks like nothing is running, other than some basic windows processes, and these are too few.

Download the swap.zip
http://forums.skads.org/index.php?a...type=post&id=59
Close all browsers, even folders and unessesary programs that show in the taskbar
Unzip the files inside swap.zip open the folder run swap.bat
Wait for it to complete its job, Dont be alarmed it will restart your PC,

When Back post a new Hijackthis log and the c:\log.txt