Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Getting rid of search2000


  • Please log in to reply

#1
rthornii

rthornii

    Member

  • Member
  • PipPip
  • 14 posts
Can someone help me out by getting rid of this annoyance
Heres my hijackthis log file





Logfile of HijackThis v1.98.2
Scan saved at 6:54:53 PM, on 1/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\Rodger\LOCALS~1\Temp\bundle.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\System32\eoacwmi.exe
C:\Program Files\Winamp\winampa.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rodger\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qddjwylqg...siNLA03hfY.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.sayyphytp...Y3fPZS6hHYQ.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.gonnasear...arch.php?ref=sb
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.gonnasear...arch.php?ref=sb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.196.132.106 :8080
O1 - Hosts: 206.230.228.10 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {B98AA232-BCA0-B817-F601-9FBAD417A42A} - C:\DOCUME~1\Rodger\APPLIC~1\COMPCL~1\Blue 32.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Rodger\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\System32\ezsb.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Rodger\dp-b23011805.exe
O4 - HKLM\..\Run: [saSyncMgr] rundll32.exe sasync.dll,SyncWait app=SearchAnt wait=10
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [9joh2y58.exe] C:\WINDOWS\9joh2y58.exe /dk
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\tktnnbmd.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\ocyapvg.exe
O4 - HKLM\..\Run: [mrdjxctpzyd] C:\WINDOWS\System32\eoacwmi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [SpyBan] "C:\Program Files\SpyBan\SpyBan.exe" /s
O4 - HKCU\..\Run: [9joh2y58.exe] C:\WINDOWS\9joh2y58.exe /dk
O4 - HKCU\..\Run: [start tons] C:\DOCUME~1\Rodger\APPLIC~1\MPEGHO~1\Stop flaw.exe
O4 - HKCU\..\Run: [Advanced Privacy Protector] C:\Documents and Settings\Rodger\app.exe
O4 - Startup: 9joh2y58.lnk = C:\WINDOWS\9joh2y58.exe
O4 - Global Startup: 9joh2y58.lnk = C:\WINDOWS\9joh2y58.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll



Thank You :tazz:
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi rthornii

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Your log is not complete please post a full log


Thank You

kc :tazz:
  • 0

#3
rthornii

rthornii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks, will do
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
A few thing you should do before you upgrade.

Under Add/remove Software uninstall
- ShopAtHome
- WebRebates
- SpyBan

Download CWShredder from http://www.intermute...r_download.html
Use the Fix button.

Download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of inetadpt.dll and aplsp.dll but nothing else, and move them to the "Remove" pane.
Then click Finish.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qddjwylqg...siNLA03hfY.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.sayyphytp...Y3fPZS6hHYQ.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.gonnasear...arch.php?ref=sb
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.gonnasear...arch.php?ref=sb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s

O1 - Hosts: 206.230.228.10 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {B98AA232-BCA0-B817-F601-9FBAD417A42A} - C:\DOCUME~1\Rodger\APPLIC~1\COMPCL~1\Blue 32.exe

O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Rodger\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\System32\ezsb.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Rodger\dp-b23011805.exe
O4 - HKLM\..\Run: [saSyncMgr] rundll32.exe sasync.dll,SyncWait app=SearchAnt wait=10

O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [9joh2y58.exe] C:\WINDOWS\9joh2y58.exe /dk
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\tktnnbmd.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\ocyapvg.exe
O4 - HKLM\..\Run: [mrdjxctpzyd] C:\WINDOWS\System32\eoacwmi.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKCU\..\Run: [SpyBan] "C:\Program Files\SpyBan\SpyBan.exe" /s
O4 - HKCU\..\Run: [9joh2y58.exe] C:\WINDOWS\9joh2y58.exe /dk
O4 - HKCU\..\Run: [start tons] C:\DOCUME~1\Rodger\APPLIC~1\MPEGHO~1\Stop flaw.exe
O4 - HKCU\..\Run: [Advanced Privacy Protector] C:\Documents and Settings\Rodger\app.exe
O4 - Startup: 9joh2y58.lnk = C:\WINDOWS\9joh2y58.exe
O4 - Global Startup: 9joh2y58.lnk = C:\WINDOWS\9joh2y58.exe

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll

Download Ad-aware from: http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

Regards,

Pieter
  • 0

#5
rthornii

rthornii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks a million

:tazz:
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Glad we could help. :tazz:

Once you updated, visit my site (link in my signature) to read up on some tips to stay safe from spyware.

Regards,

Pieter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP