Searchweb2 totaly ruined my comp

OK first thing is first, I am a computer noob so go easy on me. Here's my story, hope you guys can help me

One day i turned on my computer and noticed there were newly added shortcuts on my desktop, i tried to delete them but it did nothing, i went online and my startup page was this weirdo searchweb2 crap. so i changed it to google. The internet was going so slow so i decided to scan the computer with ad-aware, spybot and norton, a few errors were detected but it did not remove the searchweb stuff. so i decided to restart my computer to see if it did any good, at first the desktop icons were gone, but soon after they appeared again and they kept coming increasing in number, the same set of icons were spawning every couple of seconds and soon covered the whole desktop, so i tried scanning again, a few minutes passed and my computer just restarted by itself. Now i cant get into windows, i tried going into safe mode but it just keeps restarting. everything i do it just keeps restarting, i chose the 'disable auto restart thingy' and a blue screen went up and said 'Session3_initialization_failed" crap. and it told me to go into safe mode and delete any newly installed software, but i can't get into windows! so i'm stuck in a loop. pls pls pls help me, is there anything i can do or do i need sum specialist to fix it?
I'm posting this on my sloow mac so pls pls hurry.

Thanks for your time.

Sounds bad dude, personally I think that the Spyware has completely taken over your computer. Your right, you'll need someone who knows what they're doing, the only thing I can think of is to have your computer reformatted (install Windows/Mac software on it again)

Nooooooooooooooooooooooooooooooooooooooo!

ok thanks dude, what do u think i can do to prevent this from happening again, cuz it kinda happened to me twice already, and fixing it cost money.

Wait!! Download HijackThis from:

http://www.spychecker.com/program/hijackthis.html

Run it! It will identify all processes on your computer, if you can copy and paste its log file into the forums then I could help you with searchweb2 (Ive removed it successfully myself)

In the meantime, make sure your not connected to the internet unless its necessary, it will stop the spyware "calling home" and various 3rd parties wont be able to take control of your PC.

Anyway, if I can, I will help. If not then you'll have to start again and reformat your PC. Send a log ASAP!!

JuanCarlos

Hi spermbank-tycoo,

I see no need to reformat your computer. If you haven't reformatted, please post a HijackThis log.

Please download HijackThis. Make sure you install HijackThis to a permanent folder such as C:\HJT as it creates backups of what we will fix. Run the program, click the button at the top "Do a system scan and save a logfile". Save the log to a convenient place such as C:\HJT Notepad will open, copy and paste the entire log into your post. Do not fix anything yet, most of what's in the log is needed!

http://www.majorgeeks.com/download3155.html

Tom

yeah actually it's spermbank-tycoon ( too long for da thingy n i didn't notice )

Well thanks for trying to help but i showed this guy (Pro to da max) and he said that my comp was f***** u know... dunno what he did but he saved mmost of my files when reformatting or wateva, he said he split the drives? well he got my computer up n running and i am ever so greatful to him and i downloaded hijack this n this is what it said...

Logfile of HijackThis v1.99.0
Scan saved at 11:37:36 PM, on 1/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\temp\SAHPAC~1.EXE
C:\temp\SAHPAC~1.EXE
C:\temp\SAHPAC~1.EXE
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dikbud\Desktop\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AS01_Netgear] C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.1\THGuard.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104725733577
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I'm no pro, but svchost looks a bit sketchy... what is it?

Hey, so ur computers all ok then?

svc host is alrite, its perfectly legitimate but theres a virus going round called scv host so Id watch out for it

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

If you have any questions before starting the fix, please don't hesitate to ask!

Please go to Start > Control Panel > Add/Remove programs and remove:

DeskAd Service

Next...

Logoff your internet connection. Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

Do you have any idea what this is? If not, please browse to the file, right-click the file > select properties, is there a version tab? If so, what information is displayed?

C:\WINDOWS\system32\WISPTIS.EXE

Next...

Boot into Safe Mode. Restart your computer, start tapping F8 when your computer first starts booting, select Safe Mode.

Make sure your computer is configured to show all files and folders.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.
Uncheck hide extensions for known file types.
Uncheck the Hide Protected Operating System Files option.
Click Yes to confirm.
Click OK.

Search for and delete the following files:

C:\temp\SAHPAC~1.EXE
C:\temp\SAHPAC~1.EXE
C:\temp\SAHPAC~1.EXE

Search for and delete the following folder:

C:\Program Files\DeskAd Service < delete the entire DeskAd Service folder

Next....

Go to Start > Run > type "cleanmgr" (without the quotes). > Select the drive to clean up (usually C ) > Place a checkmark next to the following:

Temporary Internet Files
Recycle Bin
Temporary Files

Then click OK.

Reboot normally.

Please post a fresh HijackThis log.

Tom