Can someone urgently please help me, I'm being informed from my noron anti virus that I have a virus called Bloodhound.Exploit.6 in my pc, and norton can't remove it, with this virus I can't open my con trol panel, please CJC, help me, please.

Refer to http://forums.afterdawn.com/thread_view.cfm/126759

CJC

CJC I'VE DOWNLOADED THE UPDATE YOU'VE TOLD ME, I RAN THE AD-AWARE SE PERSONAL, I'VE RAN ALSO THE SPYBOT SEARCH AND DESTROY, BUT THE PROBLEM REMAINS THAT
a: in the front page of my internet I have a different page and toolbar which I don't like because there is some adult stuff in it that I do not wish to leave on my pc.
b: Whenever I press the controlpanel icon nothing happens, also with my computer icon, my documents etc.
What else can I do please.

Try running HiJackThis, just go to www.download.com and search for Hijackthis and then post the log.

CJC

Hi again my personal computer LIFE SAVER...thanks, cause at least now I can see again all my pc services as the control panel, my documents etc, but I do have a small thing I would like to settle.
CJC, why I cannot re-install again my internet provider home page, whenever I go to the internet settings and change again to my home page, a site called www.search-control.com/main.php?id=11261&said=302 keeps on appearing as my home page, and also I use to have the yahoo toolbar everytime I enter the internet, now I have to right click and select the toolbar, can you please tell me how to settle once and for all these two small problems...Thanks

Post your log of HiJack This here

CJC

Sorry mate, but I cannot understand you, when I listen to your computer language, sometimes I cannot understand, what does it mean to post my highjack this log?

Quote:

---

CJC (Member) 17. November 2004 @ 08:11
Try running HiJackThis, just go to www.download.com and search for Hijackthis and then post the log.

CJC

---

Go to http://www.download.com/HijackThis/3000-8022_4-10307556.html?tag=lst-0-1

Download it, then Click Scan
Click Save log, then copy and paste the log into here

CJC

CJC, I have made what you asked me, and I did a scan from highjackthis, but when I came to save the log, a dialog box from norton antivirus promted me that "Northon Antivirus has detected and removed a virus from your computer. Virus name : MHTMLRedir.Exploit, Virus removed automatically, so nothing came to save as a log file.
Please note that the front page in question is this (written in highjackthis) RO - HKCU\Software\Microsoft\Internet Explorer\Main, StartPage=http://www.search-control.com/search.cgi?id=302, Please note that there is another one exactly like this but instead of HKCU is HKLM.

dEAR FRIEND, ARE YOU STILL GOING TO TRY TO HELP ME PLEASE?...vince

cjc IT'S TRUE THAT IT HAS BEEN A HECTIC DAY FOR YOU FROM THE PART OF ME, BUT PLEASE i NEED YOU TO TELL ME HOW TO GET RID OF THE START PAGE THAT HAS NOTHING TO DO WITH MY HOME PAGE PROVIDED BY MY INTERNET SERVICE PROVIDER, EVERYTIME I DELETE IT FROM THE INTERNET SETTINGS AND RETYPE MY HOME PAGE AND RESTART MY PC, THE PAGE KEEPS COMING BACK.

download avg6 free version from www.grisoft.com, update it & run it, it is an antivirus program. also do an online scan with www.antivirus.com

Dear friends, I beg you please try to help me. I'm keeping on getting the same frustating home page on my internet explorer instead of my internet service provider home page. I've tried everything you could imagine, changing internet settings, and restart the pc, scanning my pc for viruses, but the anti virus software is detecting nothing, spyware software, highjack this, av- aware se personal...nothing is working, a particular page is keeping on taking my internet service provider's home page place. Please tell me what can I do, please, because I'm sick and I can't worry too much, my hearth is very stressed, please my friends.

Have you gone to Google & selected it to be your home page? Then just do not use your internet explorer link. I realise this is not a 100% solution, but it may stop your head exploding from all of the stress.

I tried also but everytime I change the homepage, the other page returns, it doesn't want to be deleted in any way.Why?

goto www.ccleaner.com download ccleaner & run it & see what happens

Im entitled to sleep arnt i ?

That Warning you got from NAV hasnt got anything to do with the log.

Could you try scanning again, then pasting the log. It will help in trying to fix your problem.

CJC

Ok

Try just removing the lines that are like:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = URL
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Name

Like those where URL will be differnt, just tick the boxes, click Fix Selected, restart Your Computer. Now your homepage should be set to about:blank. Go in and change it to what you want and restart your computer just to make sure. Does the other page come back or ur proper page?

CJC

OK, its 3am where I am, & I have just had a thought. I would clear out your cookie folder, de-frag & disk clean up. this may get rid of what you have. When you run disk clean up I would delete all temp internet files. Give that a whirl & let us know how you get on.
By the way, please don't type in caps. That's shouting, people do not like being shouted at!!!!
Kind regards,
Pulsar

Pulsar first of all this is for you my friend. Please note that I did'nt know that by typing in caps means shouting, sorry pulsar, I assure you that I'm not that kind of person, this is a genuine person your helping. Please note that the problem is still going on, and I've tried several spyware software, antiviruses, disk cleanup and defregmentation, nothing is working, the same page is returning. Please note that when I go to internet settings and return my home page there and press apply, my home page returns, but only for three consecutive openings. After the third opening of my internet service the page www.search-control.com/main.php?id=11261&said=302 returns. There's also some material in it that I do not whish for it to be on my pc, cause I'm not that kind of person. Even some ads are opening, this is not normal, ads about smileys cursors,etc. If these are spyware, why with all those spyware software I've tried, nothing worked. Regards Vince from Malta.

CJC Sorry my friend I did'nt want to bother you at 3 am, I surely don't know from where are you, and your time zone. I live in Malta and the time here was only 9 pm. Sorry for any inconvenience. Please note that the problem is still going on, and I've tried several spyware software, antiviruses, disk cleanup and defregmentation, nothing is working, the same page is returning. Please note that when I go to internet settings and return my home page there and press apply, my home page returns, but only for three consecutive openings. After the third opening of my internet service the page www.search-control.com/main.php?id=11261&said=302 returns. There's also some material in it that I do not whish for it to be on my pc, cause I'm not that kind of person. Even some ads are opening, this is not normal, ads about smileys cursors,etc. If these are spyware, why with all those spyware software I've tried, nothing worked. Regards Vince from Malta.

I managed to save the log of my problem, here it is please see:
Logfile of HijackThis v1.98.2
Scan saved at 12:26:09 AM, on 11/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\RunDll32.exe
C:\hpgs2wnd.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xu\msnappau.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MSI\Media Center Deluxe II\WinIRXHelper.exe
C:\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/search.cgi?id=302
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/search.cgi?id=302
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Search Toolbar - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-xu\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D4820} - C:\WINDOWS\System32\spm4820.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-xu\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\hpgs2wnd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xu\msnappau.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: WinIRXHelper.lnk = C:\Program Files\MSI\Media Center Deluxe II\WinIRXHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096909659343
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

that is the saved log file

Sorry it took so long, alot of stuff i havnt seen in HiJack This logs before.
Put a tick in the following then click Remove.

C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/search.cgi?id=302
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-control.com/search.cgi?id=302
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: Search Toolbar - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D4820} - C:\WINDOWS\System32\spm4820.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Ok, Select all those and Delete.

And go into Add/Remove Programs, in control panel, and remove new.net
Restart your comptuer, set the homepage, restart again and hopefully it should still be there.



CJC

Ok Vince, no worries about the shouting!. I've just woken up & am bleary eyed, but have had an idea. Sounds to me like adawre etc will not recognise the bogus file.
Try this, click on Start, go into search, search C drive for a file called "search-control". This should find your bogus file, if not, do an advanced search (search in hidden files etc). This will almost definitely find the file. When you find it destroy it! (ie delete!)
When you have it in you recycle bin, delete bin files, then De-frag & disc clean up. If that does not do it, I am lost for words, unless the file is under a different name!
Hope this helps,
Kind regards,
Pulsar