|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-5-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry upload cd rom search barGo to the Tech-Forums Discussion Home PagePosted by: jad_dawg well i got this annoying search bar that wont go away and i no its sum sort of spyware , adware garbage, i ran ad aware didnt get rid of it, ill include a screen of what it is. Any advice? Posted by: Lobos Download Spybot - Search & Destroy from [url]http://security.kolla.de[/url] After installing, first press Online, and search for, put a check mark at, and install all updates. Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED then if its not gone then Please do this. Click here: [url]http://www.sherrylynn.us/HijackThis.exe[/url] to download Hijack This. Save it to it’s own folder (not temporary files or the desktop). Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise. Posted by: jad_dawg Logfile of HijackThis v1.97.7 Scan saved at 7:43:31 PM, on 4/13/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe D:\NSW\Norton Utilities\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe D:\NSW\SPEEDD~1\nopdb.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\windows\system32\winlogon.exe C:\windows\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\free manager\Defy once more.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\windows\System32\ctfmon.exe C:\windows\System32\rundll32.exe C:\windows\System32\spool\DRIVERS\W32X86\3\cnmsm4y .exe C:\Program Files\SysAI\SysAI.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\System32\rsvp.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\PROGRA~1\HEWLET~1\HPPREC~1\PRECIS~1\hppsapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\unzipped\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ca/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.mdg.ca[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {820545D4-1200-31E9-206E-E74401BE5CF2} - C:\PROGRA~1\THUNKG~1\NewCash.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: UploadCdrom - {F825940E-3120-3A0E-9848-8DAEAC05B176} - C:\PROGRA~1\THUNKG~1\NewCash.dll O4 - HKLM\..\Run: [1f3cb4a51eaac270bd4cab0fd85b737b] C:\Program Files\Internet Explorer\1f3cb4a51eaac270bd4cab0fd85b737b.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSNSysRestore] C:\windows\System32\pc32.exe bg O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [second funk] C:\PROGRA~1\free manager\Defy once more.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - Startup: BJ Status Monitor Canon i470D.lnk = C:\Documents and Settings\Jeff\cnmss Canon i470D (Local).exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: Copernic Agent (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab[/url] O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url] O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - [url]http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab[/url] O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - [url]http://www.warezoracle.com/xdownloader.exe[/url] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - [url]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url] O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - [url]http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1067795456187[/url] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab[/url] O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - [url]http://64.124.45.181/downloads/ccpm_0237.cab[/url] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url] O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - [url]http://www.easports.com/downloads/games/common/ieell.cab[/url] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - [url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[/url] O16 - DPF: {34F592DF-2FA8-4D36-83BA-8EAF679F7D00} (ucButton.UCObjBtn) - [url]http://www.mdg.ca/downloads/IObjButton.ocx[/url] O16 - DPF: {35F49483-7BB9-46A0-90EB-9278FE8771F7} (Project1.AddChild) - [url]http://www.rogershelp.com/help/content/trouble/oneclickfixes/addchild/addchild.cab[/url] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - [url]http://office.microsoft.com/officeupdate/content/opuc.cab[/url] O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe[/url] O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - [url]http://rd1.surfernetwork.com/surferplugin.ocx[/url] O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - [url]http://contentpurity.com/lvjo/ScanFile.CAB[/url] O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - [url]http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab[/url] O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/226c6e2db307cc482801/netzip/RdxIE601.cab[/url] O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - [url]http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab[/url] O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - [url]http://ftp.hp.com/pub/automatic/player/isetupML.cab[/url] O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - [url]http://download.divx.com/player/DivXPlayerInstaller.exe[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab[/url] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - [url]http://secure2.comned.com/signuptemplates/ActiveSecurity.cab[/url] O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - [url]http://activex.microsoft.com/controls/iexplorer/x86/iemenu.cab[/url] O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - [url]http://64.124.45.181/chaincast/proxy/CCMP.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab[/url] O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37642.6220717593[/url] O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - [url]http://dload.ipbill.com/del/loader.cab[/url] O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - [url]http://simcity.ea.com/play/classic/SimCityX.cab[/url] O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url] O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - [url]http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab[/url] O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?5,0,1730,0[/url] O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]http://www.symantec.com/techsupp/activedata/SymAData.dll[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - [url]http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab[/url] O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - [url]https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab[/url] O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [url]http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab[/url] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - [url]http://www2.incredimail.com/contents/setup/downloader/imloader.cab[/url] O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url]http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx[/url] O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - [url]http://download.rfwnad.com/cab/download.CAB[/url] O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url] O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab[/url] O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - [url]http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab[/url] Posted by: Lobos first put hjt into its own folder and unzip all its contentsinto the folder C:\Program Files\highjackthis reason it makes backup run hjt close put a check next to these . close all browsers and hit fixall browsers C:\PROGRA~1\free manager\Defy once more.exe C:\Program Files\SysAI\SysAI.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.mdg.ca[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {820545D4-1200-31E9-206E-E74401BE5CF2} - C:\PROGRA~1\THUNKG~1\NewCash.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: UploadCdrom - {F825940E-3120-3A0E-9848-8DAEAC05B176} - C:\PROGRA~1\THUNKG~1\NewCash.dll O4 - HKLM\..\Run: [1f3cb4a51eaac270bd4cab0fd85b737b] C:\Program Files\Internet Explorer\1f3cb4a51eaac270bd4cab0fd85b737b.exe O4 - HKLM\..\Run: [second funk] C:\PROGRA~1\free manager\Defy once more.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O4 - Startup: BJ Status Monitor Canon i470D.lnk = C:\Documents and Settings\Jeff\cnmss Canon i470D (Local).exe O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - [url]http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab[/url] O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - [url]http://www.warezoracle.com/xdownloader.exe[/url] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab[/url] O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - [url]http://64.124.45.181/downloads/ccpm_0237.cab[/url] O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - [url]http://download.rfwnad.com/cab/download.CAB[/url] reboot into safe mode and delete C:\PROGRA~1\free manager\Defy once more.exe C:\Program Files\SysAI\SysAI.exe then comback and post a fresh log please Posted by: mobo Repost another log as well Posted by: jad_dawg uhhhh... right after i ran spybot, it got fixed, sorry for not posting earlier, but thanks for the help anyways! Posted by: Lobos thats ok just good to hear you got it fixed Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |