Search-to-find .....been hijacked

First off due to the nature of this spyware/hijacker I've come to understand that it's pretty specific to the individual pc it has hijacked.......am I right? well that being the case I have ran and logged with HijackThis but before I corrupt any files I thought I best ask for assistance.I have read a few of the other posts concerning this same matter and that is why I figured that it's removal is specific to the pc that was hijacked. So........I got hijacked by the "Search-To-Find" anoyance (though I gotta say whomever developed it is pretty smart,just devious) anyways I'd like to rid my pc of it without killing anything important so heres my log if anyone can helpme out here I'd appreciate it.


[log removed. ALL LOGS MUST BE UPLOADED AS A TXT FILE ]

 

Download:

HSRemove
About Buster
Ad-Aware
Spy-Bot: Search and Destroy
HiJackThis

and do the following:
install ad-aware and spy-bot. Update the programs but do not run them.
Make sure you have an updated antivirus installed (AVAST is recommended if you do not)

once updated, reboot into safe mode and run HSRemove followed by About Blaster
then run Ad-Aware followed by Spy-Bot S&D. Then Scan using your AV and Then run HijackThis and copy your log to a text file.

Reboot normally and upload your logfile to a post here for us to look at.
DO NOT POST YOUR LOG DIRECTLY TO A POST. it must be uploaded as a text document file.

 

yeah, I could have done that, but I learned something new today..

 

I'm back and forth today cause I'm painting the house <-----yuk ...Anyways Sorry bout posting a log I know better now I will do as suggested Kodo Question I run AVG currently is Avast better? also in your oppinion what is the best anti virus proggie (I don't mind the cost) (this pc I'm on is my bro in laws) mine is not connected on-line yet but when it is I want the best prog avalible cause I use it for music video rendering (my hobby) I'd hate to loose any files on my pc.I also run Bazooka and Pop This on this pc I already had Ad-aware and spyware DR should I get rid of some of these?
Thanks for the responses peeps.........EDR

 

Hello again, Major A....... http://www.kephyr.com/spywarescanner/index.html?source=appvisit this is Bazookz scanner it is a pretty cool tool if it finds a threat it tells you how to get rid of it step by step instructions via regedit.. I'm not too sure that it blocks anything but it finds stuff real well. Thanks for all the help anyone who has been kind enough to give their advise to me. (guess I'll be busy tonight getting rid of a bug) btw the auto buster deal tells me to fix random stuff from the HijackThis prog in except R1 R0 's before running it? Whats that all about?

 

Well I ran HSR,About Blaster,Ad-Aware,Spy-Bot,and Avast in safemode and all of which found something.........theres still apop up present and Search-to-Find is still here too I attached the Hijack this log.....what now?I,m confused....

 

I don't see your HJT log.. if you can't figure out how to upload a file, just post the text and one of the mods will copy it to a text file for you...this time..

 

ooops it wasnt in the right format....here it is

 

you're infected with a Trojan called TROJAN AGENT.AE

you have to get rid of that first.. but in order to do this, you must NOT be connected the internet and should be in safe mode. HSRemove should take care of it but if it doesn't you may need to run another application that seems to work called a2 (A-squared).
http://www.majorgeeks.com/download.php?det=4281

the attached file is what you should remove in HiJackThis.

 

woops.. didn't think I copied that..

 

The list of anti spyware progs I mentioned is what I ran in Safe mode so I guess it didnt do it right? Well then I'll download A2 and give it a try in safe mode then remove the stuff on the attached list with Hijackthis..........Is this correct?

 

yes. That Trojan is a nasty one for sure. I worked on a machine the other day and had to run HSremove in safemode several times before it was terminated and then ran an AV to clean up any leftovers. Apparently A-Squared is a good program to use for this Trojan.

 

OK I ran HSR again and the a2 in safe mode heres the new log

 

I just thought i would add this in:

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - (no file)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - (no file)

You might want to delete those since theres nothing there.

 

I just thought i would add this in:

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - (no file)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - (no file)

You might want to delete those since theres nothing there.

Oh and didn't someone here at MG say that messenger plus had spyware in it?

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

 

Thanks for the added advise........Q. should I be in Safe mode to do the list with Hijack this? and also did that last try get rid of the Trogen.AE? So just so I'm real clear the list Kodo posted minus the one line and plus the 3 lines NeoNem added are the things I should check in Hijack this?

 

Another Question.....If I come online before going through the Hijack this list and repairing ....does that mean I need to go back through the "cleaning " process again? or can I just go into safe mode and do the hijack list?

 

And another......I notice on the list to check in Hijackthis .......R1 Hklm with Coopernik 2000 pro ........ this is a bought program I installed (it's an awsome search engine.....is it spyware? cause it never gave me a problem? and also the acid planet ...it's my preference for home page........

 

Grrrrrrrrrrrrrrrrrrrrrrrrrrrr! I went into safe mode ran All of the progies again then did the hijack this list and I still have the search-to-find...... I just don't get it.....lol I posted the new log file after I did the list.......every few minutes my homepage is trying to be jacked to by some //res.(random).dll(blah blah htlm) ?

 

this time I ran the CWprogram and just about all the others came up clean but lo and behold it's till there? LOL I'm going nutz!!! btw I did turn off the sys restore and the NSS as suggested in the tutorial....the sys restore though is now back on...but I did it before I went online

 

when I have hijack fix stuff do I need to be in safe mode or not?

 

ok ....I killed the iepl.exe and the appov32.exe the other wasn,t there and the only one I found that I can delete is the imapi.exe

 

I fixed the 4 things with hijack but I'm waiting for a reply on the other

 

the iepl.exe and the appov32.exe are the only ones showing in the process explorer prog....and the imapi.exe is the only one I can find in the winows/system32 folder

 

I killed the 2 processes I found but did not delete anything in the sys32 folder

 

HS remove and About buster didnt give me and log options.......but
-- Scan 1 --------
About:Buster Version 1.31
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 1.31
Attempted Clean Of Temp folder.
Pages Reset... Done!




HSR 12 items removed

 

Hmmmm tryed it .... seems it's here to stay, it's my bro-in-laws pc and I'm going back to Montana tomoro and I am finishing the painting of his house today so I'm back and forth.If you can help that would be cool (1-on-1) I'll check back between coats.

 

Ummmmmm well before I got to your new response ...I ran an on-line scan and found 3 things...Troj Stillen.a,CHM PSYME.Y and JS INOR.M I coulnt delete them cause they were in use so I turned off the dsl connection at the switch, turned off the sys-restore, disabled Network Security Service and went into safe mode. This system is updated too. I used the "CrapCleaner" then scaned with norton and again with the cleaner.I next ran HSR twice, About Blaster twice, Adaware and the plugin, Spybot, and the CWshredder. This round the progies all found stuff. I am running HSR v2.39,HiJackThis v1.98,About Blaster v1.31, Adaware 6.0.1.181 with PLVX 1.1 I attached the following 3 logs....Adaware, HiJack This and the processes

 

At the moment I'm not experiencing any hijacks.....do you think it's gone??

 

I must have sent the last reply just as you did......same time......Um no I think it's gone...so would now be a good time to turn on the sys restore?

 

here's the latest hijack log ... I don't see anything bad, do you?

 

ummmm spy bot keeps finding DSO EXPLOIT and some msc tracking cookies