Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help remobe search2web


  • Please log in to reply

#1
slimonly007

slimonly007

    New Member

  • Member
  • Pip
  • 4 posts
Hey.. im new here... my computer is having problems removing search2web.. i've used about all adware spyware progs eg. Spysweeper, ad-aware, sybot search n destroy. But still search 2 web doesnt go out..

i read one of the forums... where the guy sent his hijackthis lof file .. well herez mine . please tell me what to remove to remove search2web...

Logfile of HijackThis v1.99.0
Scan saved at 10:05:51 AM, on 1/1/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\drivers\CDAC11BA.EXE
D:\WINNT\system32\ZoneLabs\isafe.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Pwrchute\ups.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\S3tray2.exe
D:\WINNT\loadqm.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\FlashGet\flashget.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fqfoxxpqiujyu...99GVJt/a86.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A76547B-8A22-D926-AA47-F93874290A38} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {FB22B378-99EA-4B27-617B-2781A0CB5C78} - D:\DOCUME~1\ADMINI~1\APPLIC~1\ISOAMO~1\real dvd.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Regs Team Bold Kind] D:\Documents and Settings\All Users\Application Data\ClockFragRegsTeam\GREYELSE.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [morefilm] D:\DOCUME~1\ADMINI~1\APPLIC~1\SIZEMF~1\SaveGrid.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WallMaster Pro.lnk = D:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F7DA2BE-1746-4A05-89D9-78EFB08EE0F5}: NameServer = 80.247.146.244,80.247.146.245
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F7DA2BE-1746-4A05-89D9-78EFB08EE0F5}: NameServer = 80.247.146.244,80.247.146.245
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F7DA2BE-1746-4A05-89D9-78EFB08EE0F5}: NameServer = 80.247.146.244,80.247.146.245
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe - Computer Associates International, Inc. - D:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: UPS - APC PowerChute plus - APC - D:\Program Files\Pwrchute\ups.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
slimonly007

slimonly007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for not saying this earlier but i also have icons on the desktop that i cant delete, i think they are also of search2web.. icons are, bingo, poker, etc

Please help... thnx.
  • 0

#3
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fqfoxxpqiujyu...99GVJt/a86.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5A76547B-8A22-D926-AA47-F93874290A38} - (no file)
O2 - BHO: (no name) - {FB22B378-99EA-4B27-617B-2781A0CB5C78} - D:\DOCUME~1\ADMINI~1\APPLIC~1\ISOAMO~1\real dvd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Regs Team Bold Kind] D:\Documents and Settings\All Users\Application Data\ClockFragRegsTeam\GREYELSE.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [morefilm] D:\DOCUME~1\ADMINI~1\APPLIC~1\SIZEMF~1\SaveGrid.exe
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
D:\DOCUMENTS AND SETTINGS\ADMINI~1\APPLICATION DATA\ISOAMO... <- this folder (name abbreviated)
D:\Program Files\Messenger Plus! 3 <- this folder
D:\Documents and Settings\All Users\Application Data\ClockFragRegsTeam <- this folder
D:\DOCUMENTS AND SETTINGS\ADMINI~1\APPLICATION DATA\SIZEMF... <- this folder (name abbreviated)

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#4
slimonly007

slimonly007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks Alot !! :tazz: My computer is fine till now.. i havent seen the toolbars or icons .... so i guess msn messenger plus shouldnot be downloaded ? right ? :S
  • 0

#5
slimonly007

slimonly007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok.. sorry for the quick reply... The icons r back.. and there is no way i can delete them.. i cant right click on or even drag them to the bin...

This is my HJ log now... please tell me what i should do

Logfile of HijackThis v1.99.0
Scan saved at 12:00:58 PM, on 1/1/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\drivers\CDAC11BA.EXE
D:\WINNT\system32\ZoneLabs\isafe.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Pwrchute\ups.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\S3tray2.exe
D:\WINNT\loadqm.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe
d:\progra~1\intern~1\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pydymvwhj...99GVJt/a86.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: WallMaster Pro.lnk = D:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F7DA2BE-1746-4A05-89D9-78EFB08EE0F5}: NameServer = 80.247.146.244,80.247.146.245
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F7DA2BE-1746-4A05-89D9-78EFB08EE0F5}: NameServer = 80.247.146.244,80.247.146.245
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F7DA2BE-1746-4A05-89D9-78EFB08EE0F5}: NameServer = 80.247.146.244,80.247.146.245
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe - Computer Associates International, Inc. - D:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: UPS - APC PowerChute plus - APC - D:\Program Files\Pwrchute\ups.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP