0

Hi my friend has a problem with a toolbar on iexplorer form mysearch.com, and he needs some help removing all that spyware, please help me

Logfile of HijackThis v1.97.7
Scan saved at 22:50:57, on 02-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\QuickTime\qttask.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programas\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programas\Common files\updmgr\updmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\Programas\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\GMT\GMT.exe
C:\Programas\Ficheiros comuns\CMEII\CMESys.exe
C:\PROGRA~1\PRECIS~1\PRECIS~1.EXE
C:\PROGRA~1\DATEMA~1\DATEMA~1.EXE
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\WinRAR\WinRAR.exe
C:\DOCUME~1\PEDROA~1\DEFINI~1\Temp\Rar$EX05.719\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kjurgtwpkgobutbedzaggg.net/lwawInzGxgEzZ8dlE/o1y0MDHTU0v/j7ZsXLu0ryi9A.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kqczmtxzqqqextvffxsdljke.com/lwawInzGxgEEzJfoothOpQZqibc33HmvAw/AFjZZXQFXOHrVTVQfMWOaiISq6ubG.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A6D0CB55-A5EE-F8D6-BFC7-47218D2DB4C6} - C:\PROGRA~1\SCRONL~1\skip loud.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Programas\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programas\Ficheiros comuns\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [oncepure] C:\PROGRA~1\FORKCD~1\eqtick.exe
O4 - HKLM\..\Run: [MpegFiveMultiStyle] C:\Documents and Settings\All Users\Application Data\readme dog mpeg five\Web Date.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Programas\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Programas\Ficheiros comuns\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programas\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.5868518519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

2
Contributors
3
Replies
4
Views
13 Years
Discussion Span
Last Post by crunchie
0

Hi. First of all you need to update hijackthis to version 1.98.1 Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. Remove 1.97 from the folder it is in & replace it with 1.98.1.

Could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done.

Uninstall messenger plus as it comes with LOP. It can be reinstalled without the sponsor.

Go here for the removal instructions for Gator products.

If Kazaa is still on your comp, please uninstall it from add/remove programs as it will continue to create problems. Then run Kazaabegone from here. to clear out the remnants.

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive). Reboot into safe mode following the instructions here & close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kjurgtwpkgobutbedzaggg.net/l...sXLu0ryi9A.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kqczmtxzqqqextvffxsdljke...OaiISq6ubG.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Programas\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programas\Ficheiros comuns\CMEII\CMESys.exe"
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Delete the following whilst still in safe mode;

C:\PROGRA~1\PERFEC~1-folder
C:\Programas\Common files\updmgr
C:\Programas\Ficheiros comuns\CMEII

Reboot normally after doing the above then post a fresh log please.

0

my friend did everything you said but the toolbar is still there
here's te log
Logfile of HijackThis v1.97.7
Scan saved at 19:04:56, on 03-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\PEDROA~1\DEFINI~1\Temp\Rar$EX00.594\HijackThis.exe
C:\Programas\MSN Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kjurgtwpkgobutbedzaggg.net/lwawInzGxgEzZ8dlE/o1y0MDHTU0v/j7ZsXLu0ryi9A.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.uasdmpbhuvidy.net/lwawInzGxgEEzJfoothOpQZqibc33HmvAw/AFjZZXQE5c2H88RPPXGOaiISq6ubG.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A6D0CB55-A5EE-F8D6-BFC7-47218D2DB4C6} - C:\PROGRA~1\SCRONL~1\skip loud.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Programas\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programas\Ficheiros comuns\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [oncepure] C:\PROGRA~1\FORKCD~1\eqtick.exe
O4 - HKLM\..\Run: [MpegFiveMultiStyle] C:\Documents and Settings\All Users\Application Data\readme dog mpeg five\Web Date.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Date Manager.lnk = C:\Programas\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Programas\Ficheiros comuns\GMT\GMT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.5868518519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

Sorry, but it doesn't look like your friend did anything. Didn't even update hijackthis! Tell friend that unless the instructions are followed, I cannot help :) .
P2P networking needs to be uninstalled from add remove programs too.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.