Member Avatar for Foxxy

Is there ANY hope i could get rid of some spyware without formating?
To be specific i got Gator, Onflow and possibly a couple more im not aware of. How do i get rid of them?

However, the most annoying is SmartSearch. Ive tried everything i know, and it doesnt wanna go away!
Everytime i open IExplorer, it automatically loads, everytime i try to remove the URL it finds its way back in there.
Ive tried the following Spyware killers:

**SpyBot S&D
**AdAware
**HiJack This
**CW Shredder
**AVG
**Bazooka
**Panda
**manually tried to remove it from regedit without any succes
So far, the problem is still here. Has anyone elese had this problem? If so, how did you remove it? Some help on this matter would be great

PS>> I'm a bit of a computer idiot at times, so if you need any information please be specific

  • 3 Contributors
  • 3 Replies
  • 220 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 3 Replies

Member Avatar for deonnanicole

You say you used HijackThis...did you delete anything? The first step could be for you to post your hijackthis log so one of the experts can take a look at it and get an idea of exactly what you have on your computer. Then they can advise you as to what you should do to fix it. So post a log with the latest version of hijackthis, which is 1.98.2 and take it from there. :)

Member Avatar for Foxxy

I forgot. Here's the log:

Scan saved at 10:32:57 AM, on 9/14/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Fmctrl.EXE
C:\Program Files\Winamp\winampa.exe
C:\program files\onflow\uninstall onflow.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
D:\mIRC\mirc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.165.158.100:80
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [XPIcons] C:\Program Files\Camtech\XP Icons\XPIcons.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\tsadbot.exe"
O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccess
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download using ReGet - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download All by Re&Get - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1022_EN.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINNT\System32\msxword.dll
O20 - AppInit_DLLs: wbsys.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll

Member Avatar for crunchie

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.
You missed the very top line of the log that gives the version of hijackthis.
W2K needs to have SP4 installed too. Please go here & install the necessary packs.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O1 - Hosts: 213.159.117.235 auto.search.msn.com

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccess

O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binari...UTH_1022_EN.cab
-Electronic-Group Dialer
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
-Electronic-Group Dialer
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
-7AdPower Dialer

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Run a search for p2esocks_1022.dll & delete it. Instant access too.

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.

Reboot normally after doing the above then post a fresh log please.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.