Hijacked by 103.nowfind.biz

Good Morning, I am several ticked off! I have been trying to clean this darn thing out for 2 days. I have run Hoster, Hijack this, AdAware, Spybot, Norton Antivirus to clean this bugger but it will not go away. Can you help? Thanks

Scott

 

All customers of MajorGeeks.com Spyware Specific thread must read the following articles prior to requesting help.
1. How to: Spyware, Trojan And Virus Removal
2. HiJack This 1.99.1 Tutorial and LOG File Posting Guidelines

You may have a preliminary analysis of your HiJack This 1.99.1 log performed by the Help 2 Go Detective.



NOTE: You have received this post for failing to follow Spyware Specific guidelines.

 

Here is my log file from Hijack this


Edit by chaslang: Inline log attached. Please do not post logs inline.

 

Print these instructions out.

Close all browsers (including this one) and applications prior to proceeding.
Open HiJack This 1.99.1 and perform a system scan.

Place a check mark by the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url=
O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url=

Select Fix Checked

Perform a new scan and attach your log with your next post.

Please do not post anymore inline logs.

 

A more complete set of disinfection steps may be found in the following thread
103.nowfind.biz Hijack


Please post back with your success or list of failures you encounter.

 

I did as you asked and it seems clean, but when I reboot, it comes back. Here is my new scan log before reboot:


Edit by chaslang: Inline log deleted

 

bigwheel,

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Next,

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Your log is clean, reboot and post one last HJT log AFTER doing the above.

Also, be sure the log is from Normal Mode.

 

Did you read my previous post?

 

Yes, I did read the previous post and did as you asked. I also did as bj has suggested and that still did not work. The log file has not changed