|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
December 31st, 2004, 08:28 AM
|
|||
|
|||
|
searchweb2 removal
Hello....
Could some one please help me beat this thing. Like so many others I have the Searchweb2 issue. I have removed the messenger plus programme and will insure that when my family reload it - it is without the sponsor feature. Also I have run spybot and ad-aware Thanks in advance for any assistance you may offer Part 1 astext was too long Tony..... Here is my logfile. Logfile of HijackThis v1.99.0 Scan saved at 14:21:00, on 31/12/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\DOCUME~1\Craig\MYDOCU~1\NOKIAP~1\TRAYAP~1.EXE C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Documents and Settings\Craig\My Documents\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\program files\microsoft office\WCESCOMM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Craig\My Documents\bin\iPodService.exe C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe C:\Program Files\FinePixViewer\QuickDCF.exe c:\program files\microsoft office\WCESMgr.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Outlook Express\MSIMN.EXE C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Documents and Settings\Tony\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rzmljvapfppewmplvcntiqkw.net//juAYtqbQ_ROxnOGvFq/DB3QNyS96lMmiYYNaaZQaJ4.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 R3 - URLSearchHook: (no name) - {B49B521E-69DB-48A3-A69D-7423A5AFBC77} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7684B107-E4B9-E106-2C58-6BBF2FC147C3} - C:\DOCUME~1\Val\APPLIC~1\GPLBEEP\clockbalm.exe (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [eq trust itch beep] C:\Documents and Settings\All Users\Application Data\Wavecakeeqtrust\CDROM16.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\DOCUME~1\Craig\MYDOCU~1\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Craig\My Documents\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MapiLoudTimeMulti] C:\Documents and Settings\All Users\Application Data\safe pop mapi loud\DvdGrim.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE" O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft office\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft office\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft office\INetRepl.dll O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll O9 - Extra button: MP3download - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\MP3download (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://download.windowsupdate.com rest of log file on next thread......
|
|
#2
December 31st, 2004, 08:32 AM
|
|||
|
|||
|
searchweb2 removal partII
Part 11 as logfile was too long
Hello.... Could some one please help me beat this thing. Like so many others I have the Searchweb2 issue. I have removed the messenger plus programme and will insure that when my family reload it - it is without the sponsor feature. Also I have run spybot and ad-aware Thanks in advance for any assistance you may offer Tony..... O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093101153500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/btmailcontrol013.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3uk.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D6BF323-1CDB-4CC9-9D8B-9B1EB0E7E832}: NameServer = 194.74.65.68 194.72.9.38 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Documents and Settings\Craig\My Documents\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
|
|
#3
December 31st, 2004, 09:49 AM
|
||||
|
||||
|
Threads merged
|
|
#4
January 2nd, 2005, 05:08 PM
|
|||
|
|||
|
Hi Tony
I believe I can help you, all it takes is 3 steps  Step 1: Make sure all files and folders are visible. To do this go to: My Computer Tools Folder Options View and put on "Show hidden files and folders", also uncheck, "Hide extensions for known file types" and "Hide protected operating system files" Click Apply and exit Step 2: Reboot in Safe Mode. To do this, rapidly press F8 as it is loading Step 3: Look for and delete the following file C:\Documents and Settings\All Users\Application Data\safe pop mapi loud\DvdGrim.exe Empty your recycle bin, reboot and the SearchWeb2 toolbar should be gone!! JuanCarlos
|
|
#5
January 3rd, 2005, 09:24 AM
|
|||
|
|||
|
Thanks JuanCarlos,
This world needs helpfull people like you, and the others from this forum, to help the good fight. Unfortunately I won't be trying your advice this time as I learnt from another thread about a website that downloaded a program to fix this issue. Which worked! http://www.able2know.com/go/?a2kjump=http://www.thespykiller.co.uk/files/lopremover.exe If this reoccurs then I wll certainly try your sugestion. Happy new year and once again thanks. Tony Quote:
|
|
#6
January 6th, 2005, 04:28 PM
|
|||
|
|||
|
Hi TONYP,
If you would like to post a final log for review, I'd be happy to look at it. Neither one of the fixes posted completely removes all infected files! Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#7
January 6th, 2005, 05:48 PM
|
|||
|
|||
|
Removing lop.com, coolwebsearch, searchweb2
To get rid of Lop.com, coolwebsearch, searchweb2 spyware there is only one thing that has worked for me without fail every time. I contacted the spyware company myself demanding they give me a fix so they had me download their removal tool which does work. The tricky thing is for whatever reason it only works one time then you have to download it again. If you try it more than once it will erroneously say it has uninstalled it, only to creep up on you about an hour later. There is some sort of timestamp which kills thier own removal tool. So go here http://lop.com/new_uninstall.exe and download it (I know its scary). That always works for me, if not this is what "they" suggest:
-------------------------------------------------------------------------------------------------- In the 'Add / Remove Programs' list, look for one of the following: 'Search Plugin', 'Window Search', or 'Window Searching' from the menu to run the uninstaller. If you've tried the above steps and the uninstall is still unsuccessful, try disabling your anti-virus software, Ad-aware, Sophos, and other programs of that nature. Re-download the uninstaller, then run it. Ad-aware et al seem to interfere with the uninstall process. If disabling that software allows you to run our uninstaller successfully, please tell us or email the software company in question and tell them they need to fix their software. - Additionally a separate new uninstall program may be downloaded here: http://lop.com/new_uninstall.exe This is a new universal uninstaller and will remove any components, such as the toolbar. If none of these suggestions solve the problem, try reinstalling the LOP software, then running the uninstall again. Lucy Lewis, Lop.com Customer Service ---------------------------------------------------------------------------------------------------
|
|
#8
January 8th, 2005, 12:59 PM
|
|||
|
|||
|
Log file as requested by Tom
Thanks Tom, Here it is in two parts due to size limit..... Tony P
Logfile of HijackThis v1.99.0 Scan saved at 18:56:02, on 08/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\DOCUME~1\Craig\MYDOCU~1\NOKIAP~1\TRAYAP~1.EXE C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\QuickTime\qttask.exe C:\Documents and Settings\Craig\My Documents\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Craig\My Documents\bin\iPodService.exe C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\Documents and Settings\Tony\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 R3 - URLSearchHook: (no name) - {B49B521E-69DB-48A3-A69D-7423A5AFBC77} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7684B107-E4B9-E106-2C58-6BBF2FC147C3} - C:\DOCUME~1\Val\APPLIC~1\GPLBEEP\clockbalm.exe (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
|
|
#9
January 8th, 2005, 01:00 PM
|
|||
|
|||
|
Logfile as requested by Tom
Other half Tom.............
Tony P O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [eq trust itch beep] C:\Documents and Settings\All Users\Application Data\Wavecakeeqtrust\CDROM16.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\DOCUME~1\Craig\MYDOCU~1\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Craig\My Documents\iTunesHelper.exe O4 - HKLM\..\Run: [MapiLoudTimeMulti] C:\Documents and Settings\All Users\Application Data\safe pop mapi loud\file loud.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE" O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft office\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft office\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft office\INetRepl.dll O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll O9 - Extra button: MP3download - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\MP3download (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093101153500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/btmailcontrol013.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3uk.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D6BF323-1CDB-4CC9-9D8B-9B1EB0E7E832}: NameServer = 194.74.65.68 194.72.9.38 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Documents and Settings\Craig\My Documents\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE Quote:
|
|
#10
January 8th, 2005, 01:03 PM
|
|||
|
|||
|
Many thanks for your advice. I will look into this.
regards Tony Quote:
|
|
#11
January 8th, 2005, 01:08 PM
|
|||
|
|||
|
The file is still there, but I think this is something to do with HijackThis
Run HijackThis again and look for and check this file: C:\Documents and Settings\All Users\Application Data\Wavecakeeqtrust\CDROM16.exe Then click "Fix Checked", scan again and the file should be gone for good Well done on removing it, I hadnt realised that lop.com give an uninstaller (but is it really worth trusting the people who've already downloaded spyware once before?) JuanCarlos
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
