[upload cd rom search bar] -
upload cd rom search bar
Discuss upload cd rom search bar
Posted by: jad_dawg
well i got this annoying search bar that wont go away and i no its sum sort of spyware , adware garbage, i ran ad aware didnt get rid of it, ill include a screen of what it is. Any advice?
Posted by: Lobos
Download Spybot - Search & Destroy from [url]http://security.kolla.de[/url]
After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED
then if its not gone
then
Please do this. Click here: [url]http://www.sherrylynn.us/HijackThis.exe[/url] to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.
DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
Posted by: jad_dawg
Logfile of HijackThis v1.97.7
Scan saved at 7:43:31 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
D:\NSW\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
D:\NSW\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system32\winlogon.exe
C:\windows\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\free manager\Defy once more.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\windows\System32\ctfmon.exe
C:\windows\System32\rundll32.exe
C:\windows\System32\spool\DRIVERS\W32X86\3\cnmsm4y
.exe
C:\Program Files\SysAI\SysAI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\rsvp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\HEWLET~1\HPPREC~1\PRECIS~1\hppsapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ca/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.mdg.ca[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {820545D4-1200-31E9-206E-E74401BE5CF2} - C:\PROGRA~1\THUNKG~1\NewCash.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UploadCdrom - {F825940E-3120-3A0E-9848-8DAEAC05B176} - C:\PROGRA~1\THUNKG~1\NewCash.dll
O4 - HKLM\..\Run: [1f3cb4a51eaac270bd4cab0fd85b737b] C:\Program Files\Internet Explorer\1f3cb4a51eaac270bd4cab0fd85b737b.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSNSysRestore] C:\windows\System32\pc32.exe bg
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [second funk] C:\PROGRA~1\free manager\Defy once more.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: BJ Status Monitor Canon i470D.lnk = C:\Documents and Settings\Jeff\cnmss Canon i470D (Local).exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab[/url]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - [url]http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab[/url]
O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - [url]http://www.warezoracle.com/xdownloader.exe[/url]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - [url]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url]
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - [url]http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1067795456187[/url]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab[/url]
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - [url]http://64.124.45.181/downloads/ccpm_0237.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - [url]http://www.easports.com/downloads/games/common/ieell.cab[/url]
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - [url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[/url]
O16 - DPF: {34F592DF-2FA8-4D36-83BA-8EAF679F7D00} (ucButton.UCObjBtn) - [url]http://www.mdg.ca/downloads/IObjButton.ocx[/url]
O16 - DPF: {35F49483-7BB9-46A0-90EB-9278FE8771F7} (Project1.AddChild) - [url]http://www.rogershelp.com/help/content/trouble/oneclickfixes/addchild/addchild.cab[/url]
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - [url]http://office.microsoft.com/officeupdate/content/opuc.cab[/url]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - [url]http://rd1.surfernetwork.com/surferplugin.ocx[/url]
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - [url]http://contentpurity.com/lvjo/ScanFile.CAB[/url]
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - [url]http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/226c6e2db307cc482801/netzip/RdxIE601.cab[/url]
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - [url]http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab[/url]
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - [url]http://ftp.hp.com/pub/automatic/player/isetupML.cab[/url]
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - [url]http://download.divx.com/player/DivXPlayerInstaller.exe[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab[/url]
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - [url]http://secure2.comned.com/signuptemplates/ActiveSecurity.cab[/url]
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - [url]http://activex.microsoft.com/controls/iexplorer/x86/iemenu.cab[/url]
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - [url]http://64.124.45.181/chaincast/proxy/CCMP.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab[/url]
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37642.6220717593[/url]
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - [url]http://dload.ipbill.com/del/loader.cab[/url]
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - [url]http://simcity.ea.com/play/classic/SimCityX.cab[/url]
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - [url]http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab[/url]
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?5,0,1730,0[/url]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]http://www.symantec.com/techsupp/activedata/SymAData.dll[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - [url]http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab[/url]
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - [url]https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [url]http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab[/url]
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - [url]http://www2.incredimail.com/contents/setup/downloader/imloader.cab[/url]
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx[/url]
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - [url]http://download.rfwnad.com/cab/download.CAB[/url]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab[/url]
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - [url]http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab[/url]
Posted by: Lobos
first put hjt into its own folder and unzip all its contentsinto the folder
C:\Program Files\highjackthis
reason it makes backup
run hjt close put a check next to these . close all browsers and hit fixall browsers
C:\PROGRA~1\free manager\Defy once more.exe
C:\Program Files\SysAI\SysAI.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.mdg.ca[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {820545D4-1200-31E9-206E-E74401BE5CF2} - C:\PROGRA~1\THUNKG~1\NewCash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: UploadCdrom - {F825940E-3120-3A0E-9848-8DAEAC05B176} - C:\PROGRA~1\THUNKG~1\NewCash.dll
O4 - HKLM\..\Run: [1f3cb4a51eaac270bd4cab0fd85b737b] C:\Program Files\Internet Explorer\1f3cb4a51eaac270bd4cab0fd85b737b.exe
O4 - HKLM\..\Run: [second funk] C:\PROGRA~1\free manager\Defy once more.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess
O4 - Startup: BJ Status Monitor Canon i470D.lnk = C:\Documents and Settings\Jeff\cnmss Canon i470D (Local).exe
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - [url]http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab[/url]
O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - [url]http://www.warezoracle.com/xdownloader.exe[/url]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab[/url]
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - [url]http://64.124.45.181/downloads/ccpm_0237.cab[/url]
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - [url]http://download.rfwnad.com/cab/download.CAB[/url]
reboot into safe mode and delete
C:\PROGRA~1\free manager\Defy once more.exe
C:\Program Files\SysAI\SysAI.exe
then comback and post a fresh log please
Posted by: mobo
Repost another log as well
Posted by: jad_dawg
uhhhh... right after i ran spybot, it got fixed, sorry for not posting earlier, but thanks for the help anyways!
Posted by: Lobos
thats ok just good to hear you got it fixed