0

Please help me remove prosearch toolbar..it just won't go away...Let me know what to do from here. Logfile of HijackThis v1.97.7
Scan saved at 9:14:03 PM, on 9/24/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSEC.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\Wcgopsvc.exe
C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\ICQ\ICQ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ra\LOCALS~1\Temp\Rar$EX04.423\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wzcqwszhfo.net/d97GsPEUbZUMGaE2IljiXSShi/FcmnO0m05_0e49uMZyT3IgEtxpLBh5tlOe69Wt.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {5BD0BF1B-BE82-74FD-1312-E04D40F899A4} - C:\PROGRA~1\SCRSTY~1\32less.exe
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod-1.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\W
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [b13] "C:\y.exe "
O4 - HKLM\..\Run: [HotVideo_yu] c:\program files\dialers\hotvideo_yu\hotvideo_yu.exe /noconnect
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\Documents and Settings\ra\My Documents\cwm_tray.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [blehclock] C:\PROGRA~1\REGSTI~1\flagheart.exe
O4 - HKLM\..\Run: [intra save way drive] C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: eBay - Homepage (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.accessoveloce.com/wde/dMi_363.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://map.beoland.com/ActiveCtrl/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7082CA9-1DB0-44CF-A559-4DB587028935}: NameServer = 212.200.80.1 212.62.52.64

2
Contributors
3
Replies
4
Views
13 Years
Discussion Span
Last Post by crunchie
0

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.

Move it to a permanent folder. Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Uninstall Mywebsearch from add\remove programs.

Get service pack 4 for W2K. Update to Internet Explorer 6 & install service pack.

Download & instal Adaware from here
& update it before scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Always try to unload Modules before deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot

Download & instal Spybot S&D from here. Update it before scanning.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

Post a log from the new version of hijackthis, making certain that all instances of Internet Explorer are closed.

0

Thanks!!!There's one problem I simply can't uninstal "my web search". here's my new log :


Logfile of HijackThis v1.98.2
Scan saved at 10:09:32 PM, on 9/26/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSEC.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\Wcgopsvc.exe
C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINNT\explorer.exe
C:\HIJACK\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kypdzkynxmjjmffohbip.info/d97GsPEUbZUMGaE2IljiXSShi/FcmnO0m05_0e49uMZkaUd0j/T1dhh5tlOe69Wt.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {5BD0BF1B-BE82-74FD-1312-E04D40F899A4} - C:\PROGRA~1\SCRSTY~1\32less.exe
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod-1.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\W
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [b13] "C:\y.exe "
O4 - HKLM\..\Run: [HotVideo_yu] c:\program files\dialers\hotvideo_yu\hotvideo_yu.exe /noconnect
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\Documents and Settings\ra\My Documents\cwm_tray.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [blehclock] C:\PROGRA~1\REGSTI~1\flagheart.exe
O4 - HKLM\..\Run: [intra save way drive] C:\Documents and Settings\All Users\Application Data\Safe less intra save\Frag axis.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\LAVASOFT\AD-AWA~2\AD-AWARE.EXE" "+b1"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.accessoveloce.com/wde/dMi_363.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://map.beoland.com/ActiveCtrl/mgaxctrl.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

0

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://members.rogers.com/rjmac/new_uninstall.exe

Go here to TrendMicro for an on-line scan & set it to autoclean for you.

Try this scan at Panda as well.

Adaware is waiting for the reboot to :).

Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.