styleclininc & idgsearch

Home » Windows & System Security » HiJack This Logs » styleclininc & idgsearch

Rate Topic

Display Mode

Topic Options

Author

Message

aka steven

Posted 12/13/2003 3:03 AM

New Member

Group: Forum Members
Last Login: 12/13/2003 2:59 AM
Posts: 1, Visits: 1

Hi,

i'm not at all familiar with computers and didn't know about this forum till today! A styleclickinc.com link drives me mad!!! I recently had an igdsearch frontpage bug that has allready been mentioned elsewhere! Some forums suggest that windowsmedia player is the source of all evil (bill gates burn in hell!!!) Spy sweeper, Spybot, ad-aware and spywareblaster did not help!!!

Juanmauricio (from earlier letters) gave instructions on how to solve this. Unfortunately i didn't get it...

I'd be very thankful for any piece of advice

Nuffrespect,

Steven

Post #7281

Bulldog

Posted 12/13/2003 3:03 AM

Senior Forum Advisor

Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5

Hi Steven, welcome.

Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Cheers

Post #61490

ajsnow626

Posted 12/13/2003 3:03 AM

New Member

Group: Forum Members
Last Login: 2/17/2005 9:07 AM
Posts: 6, Visits: 1

Hey, these are the results i get from hijack this, I selected the stuff that looked like it wasn't supposed to be on my computer but the igdsearch stuff keeps coming back, im also getting this thing called tonex00191 on my computer that won't go away...please get back to me it's making me mad and i really dont want to have to format my hard drive every time i have these pop-ups and worms.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/

O1 - Hosts: 69.56.223.196 t.rack.cc

O1 - Hosts: 69.56.223.196 www.alfa-search.com

O1 - Hosts: 69.56.223.196 webcoolsearch.com

O1 - Hosts: 69.56.223.196 in.webcounter.cc

O1 - Hosts: 69.56.223.196 i-lookup.com

O1 - Hosts: 69.56.223.196 www.hand-book.com

O1 - Hosts: 69.56.223.196 www.maxxxhosters.com

O1 - Hosts: 69.56.223.196 allneedsearch.com

O1 - Hosts: 69.56.223.196 nativehardcore.com

O1 - Hosts: 69.56.223.196 teen-biz.com

O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net

O1 - Hosts: 69.56.223.196 best.royalsearch.net

O1 - Hosts: 69.56.223.196 default-homepage-network.com

O1 - Hosts: 69.56.223.196 xwebsearch.biz

O1 - Hosts: 69.56.223.196 www.rightfinder.net

O1 - Hosts: 69.56.223.196 www.search-1.net

O1 - Hosts: 69.56.223.196 www.searchv.com

O1 - Hosts: 69.56.223.196 www.websearch.com

O1 - Hosts: 69.56.223.196 mysearchnow.com

O1 - Hosts: 69.56.223.196 www.therealsearch.com

O1 - Hosts: 69.56.223.196 www.find-itnow.com

O1 - Hosts: 69.56.223.196 find.microgirls.com

O1 - Hosts: 69.56.223.196 super-spider.com

O1 - Hosts: 69.56.223.196 www.searching-the-net.com

O1 - Hosts: 69.56.223.196 www.firstbookmark.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\AARONS~1\APPLIC~1\MICROS~1\Office\Excel10.dll

O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00191\svchost.exe -remove

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O10 - Hijacked Internet access by New.Net

O15 - Trusted Zone: *.teensguru.com

O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Post #61491

Bulldog

Posted 12/13/2003 3:03 AM

Senior Forum Advisor

Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5

Hi ajsnow626, welcome.

Unfortunately the top part of your log is missing. It contains a header that identifies the version number of HJT, Windows and IE.
Then the second part that is missing is the running processes that are listed just below the header. Like so:
................................................................
Logfile of HijackThis v1.97.7
Scan saved at 9:08:59 PM, on 12/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
................................................................

This info is fairly important.

Please do this...

Run CWShredder now: http://www.merijn.org/files/cwshredder.zip
Unzip, hit-> next and have it fix all problems.
Reboot when done.

Then go to Add/Remove programs in the control panel and remove NewDotNet (domains)
Reboot.

Next..
Download Spybot - Search & Destroy
http://tomcoyote.org/SPYBOT/index1.html
Now press Settings, and Settings again.
Go to the Webupdate section, and check "Display also available beta versions".
Now press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.
Reboot.

Finally..
Show us a complete, fresh, HJT log.

Cheers

Post #61492

ajsnow626

Posted 12/13/2003 3:03 AM

New Member

Group: Forum Members
Last Login: 2/17/2005 9:07 AM
Posts: 6, Visits: 1

Hello, i did all that you asked and i cleared up a lot of gator and gain stuff but still can not get rid of this igdsearch stuff, it also leaves two icons on my desktop, and there is that tonex00191 thing i can't get rid of. here is my scan...

Logfile of HijackThis v1.97.7

Scan saved at 8:37:36 AM, on 12/23/2003

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AIM95\aim.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Aaron Snow\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/