Need help removing spyware

Hi, I have been having trouble removing search2web spyware on my computer. I've tried using spybot S & D and adaware SE to no avail.

Here is my hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 8:39:38 PM, on 12/30/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zaiflwldqxufcnzqespgo.net/MSV2XOEIheoXkeCz6XfSb9Bt1OAMjogiUfjs6XHtgUFAATxoxgz7n3Y5I/bwAf/e.php
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [forddrvblahabout] C:\Documents and Settings\All Users\Application Data\kind online ford drv\UserBuild.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Third One] C:\DOCUME~1\Nancy\APPLIC~1\JUMPPU~1\UP GLUE REAL.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Please help! Thanks in advance!

Hi

Sorry I cant help with the toolbar (I have it myself and Im trying to find assisstance in getting rid of it too) but I have tried a few methods to stop any more searchweb2 components being downloaded.

First thing I did was remove all my Internet files and set the amount of space to store them to 0mb. To do this, go to Control Panel>Internet Options>Temporary Internet Files>Settings and move the slider all the way to 0mb (if possible)

Next, you have downloaded Messenger Plus 3! This isnt an addon from Microsoft and contains the IOP infection so Id delete this right away!!

Also, you dont have a firewall (although Im told Norton does have a firewall so forgive me if this is the case) I recommend ZoneAlarm from www.zonelabs.com. It is free to install and very user friendly. It does block some tracking cookies and lets you know when programs are connecting to the internet without your say so.

I hope this is a start, and good luck finding a solution to the toolbar!!!!

Don't know too much about this one , but have you looked in add/remove to see if it can be deleted from there.
I usually get rid of stuff via Norton + manual deletion.
Could try find files and note location of the .exe (must be a.exe i would have thought) clear temp internet, then re boot in safe mode and delete the exe.
I have got rid of loads of stuff on various pc's like this without the need for hijack this and spybot etc
Also with temp internet check through hidden files in IE5 Content folders as some of this crap gets left i nthere and returns to haunt you
You may also need to remove entries from the registry

Hello Nancy,

First do u have setup windows XP service pack 2 ?

If no, u better do it because when u will have sp 2, there's a firewall and some security stuff.

I'll advise u to setupm spysweeper, it's spy remover that maybe can help. if have any q feel free to email me


[IMG]C:\Documents and Settings\T a o u f i k\Desktop\gmail[/IMG]

Hi, me again!

I think I can help with the SW2 toolbar, Ive just successfully removed it myself!

Ok, first make sure ALL files and folders are accessible. Do this by going into:

My Computer
Tools
Folder Options
View

and put "Show hidden files and folders" on, also uncheck the "Hide extensions for known file types" and "Hide protected operating system files"

Next, reboot your computer in Safe Mode, to do this press F8 rapidly as it is loading.

Go on your account and into My Computer and search for and delete the following:

C:\Program Files\Messenger Plus! 3\MsgPlus.exe
"C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
C:\Documents and Settings\All Users\Application Data\kind online ford drv\UserBuild.exe

Empty the recycle bin, reboot (in normal mode) and run Spybot and Norton and allow them to "clean up".

Hope this has helped!! Tell me how it went

JuanCarlos

Sori, but about Windows SP2 I wouldn't download it!! The firewall is notoriously ineffective and doesn't fully protect all ports. Sorry tofie but it has to be said!!!

I don't suggest setting your Temporary Internet File Cache to 0mb!

Quoting winhelp2002:

By default Internet Explorer allocates 10% of your drive. This was fine years ago but today with the size of these new drives, 10% is just too large and increases the chances for corruption.

* Click the Settings button, adjust the TIF size to 50 mb, click OK

http://mvps.org/winhelp2002/delcache.htm

Tom

Hi nancypants,

Please post a fresh HijackThis log.

Tom