Searching for"Twain Tech"Timberlanko's method

Forums: Computers
Email this Topic • Print this Page

Iam unsuccessfully trying to fix a heretofor hijack which sets my homepage to an undesirable porn site- when I try to type in a new page the computer goes to a heretofor search page.Have tried various things and am now trying to follow Timberlandko's directions. Unsuccessfully looked for"Twain Tech" using Add/Remove process,and tried typing regsvr32 c:\windows\twaintec.dll which gave me an error message: Load Library("c:\windows\twaintec.dll"failed
Get Last Error returns 0x00000485
I do not know what to do now.
My current HJT log reads:
Logfile of HijackThis v1.98.2
Scan saved at 5:51:20 PM, on 10/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SVCHST.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [HPSCANMonitor] C:\WINDOWS\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [hpppt]
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=14&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=14&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=14&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=14&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=14&q=
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab

I have tried using HJT to fix the first 4lines, and all lines starting 016 but the problem remains. Please!! can anyone help??

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,221 • Replies: 4

No top replies

Howdy:

First of all, you are infected with a virus and you have to get rid of it first.. Go HERE for the removal instructions..

Once that is done, run a scan with HJT and check the following (if still there).. then run the "fix" option..

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O4 - HKLM\..\Run: [hpppt]

O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i (VIRUS)

O9 - Extra button: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {19FF1880-12B1-11D9-BA72-444553540000} - (no file) (HKCU)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=14&q=

O13 - WWW Prefix: http://www.heretofind.com/show.php?id=14&q=

O13 - Home Prefix: http://www.heretofind.com/show.php?id=14&q=

O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=14&q=

O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=14&q=

Murray

0 Replies

Dear murray,thanks for help.When I click on "here" computer hangs and does not go to adress.

0 Replies

WORM_ROBOT.JM??
Dear Murray: have printed pages from TREND MICRO andam following procedures described here. Is that the page I was directed to?Sorry but I am a Klutz with this stuff.

0 Replies

That was the page.. follow those directions to get of the virus, then follow the remainder of what I told you to do..

Murray

0 Replies

Searching for"Twain Tech"Timberlanko's method

Related Topics

Quick Links

My Account

able2know