[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

help me remove mywebsearch (VERY URGENT)

Posted on 2004-10-26
14
Medium Priority
?
4,302 Views
Last Modified: 2010-04-11
Hello Folks,

I have been infected by that damned mywebsearch thingy and i dont have a clue how to remove it.
I have ran ad-aware, spybot and mcafee antivirus which were all up to date and i still have it.
When i ran spybot it gave me an error saying that it clould not scan c\ windows\ winini as it was in use by another programme.
I dont have any reference to mywebsearch or funwebs or any other strange programme in my add\remove programmes.
Please help as my mcafee is warning that something is trying to change my homepage but luckily i have it locked via spybot.
I also have the ugly mysearch toolbar in my browser window but i dont have the option to remove it.
0
Comment
Question by:wulliec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
14 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12417502
Hello wulliec =)

Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger ==> http://vil.nai.com/vil/stinger
========================================================

Then Run all of them one by one in safemode and delete everything they detect.
Then delete the temporary internet files and history of IE
and run Disk Cleanup on ur hard drive to delete those temp and junk files.
Restart back in Normal Mode to check for the problems now ??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12417514
Remember to turn off ur System Restore before cleaning the system if its WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
And if after cleaning the system, u still get the problem, then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 17

Expert Comment

by:RDAdams
ID: 12417680
Be sure to boot in Safe mode when you run hijackthis and also boot in safe mode the first time after using hijackthis to remove the offending entries.  That will give you the best chance to remove them.

Also check your startup folder to ensure it doesn't get re-infected from that source.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12417723
>> Be sure to boot in Safe mode when you run hijackthis

nopes its not ideal actually, in safmeode no extra processes are running and starting so hijackthis cannot track them :)
we shud run the removal tools in safemode coz it can selete the exe files, and shud run hijackthis in normal mode coz it delete their registries and IE's corrupted addons :)
0
 

Author Comment

by:wulliec
ID: 12417795
When I ran spybot i got this report

Error during check!: Cabrotor (Datei C:\WINDOWS\win.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()
 

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-21-1300003180-3562983710-4194836640-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-08-11 Includes\Cookies.sbi
2004-10-26 Includes\Dialer.sbi
2004-10-26 Includes\Hijackers.sbi
2004-10-07 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-10-26 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-10-26 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-10-26 Includes\Trojans.sbi

Ad aware found nothing
Stinger found nothing
cwShredder found nothing

I also had an application named obhxkiyd in my temp folder which i removed while in safe mode (i could not remove this in normal mode)

This is a copy of my hijack log

Logfile of HijackThis v1.98.2
Scan saved at 03:26:35, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MouseWare\system\em_exec.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kzluedciwennpim.uk/8kyd_TF9dEpLwLJG9nM4XHrLtBmaXdOwqPqQwmjPHtZd94qOSRCM8Q9DE_gL1rDI.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [ShowName] C:\DOCUME~1\Wullie\APPLIC~1\BOWSDE~1\cdrom bike.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

0
 

Author Comment

by:wulliec
ID: 12418136
Sorry for the confusion i posted the hijack log before fixing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kzluedciwennpim.uk/8kyd_TF9dEpLwLJG9nM4XHrLtBmaXdOwqPqQwmjPHtZd94qOSRCM8Q9DE_gL1rDI.html

and

O4 - HKCU\..\Run: [ShowName] C:\DOCUME~1\Wullie\APPLIC~1\BOWSDE~1\cdrom bike.exe


This is the log after i fixed the two entries in safe mode.

Logfile of HijackThis v1.98.2
Scan saved at 04:09:18, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\ltmsg.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab


Is there anything else i need to fix?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12418198
abt Spybot Error... this is the latest Bug in Spybot, read here >> http://forums.net-integration.net/index.php?showtopic=23997&st=0&#entry110939

and abt log file.... it looks fine to me..... are u still having problems ??
0
 

Author Comment

by:wulliec
ID: 12418314
Hello SheharyaarSaahil ,

Thanks for all your help and the prompt and professional manner with which it was delivered,
I appear to be bug free :-)
I think the suggestions you gave me resolved the problem but i also ran tune-up utilities in safe mode which removed some shortcuts and files from my temp internet file which did not show up on any of the scans,
I am very gratefull to you as i was about to throw the pc out the window.
Please accept with my gratitude the 500 points and the highest grading i can give.

Wulliec  (:-)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12418333
excellent.... beautiful news i have heard early morning today :)
so happy that i cud save the pc from going into the garbage box ;-)
and thanx for those kinds words and fine grade.... Cheers ^_^
0
 

Author Comment

by:wulliec
ID: 12418556
Hello,
Its back i have the same problem again

Logfile of HijackThis v1.98.2
Scan saved at 05:43:34, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MouseWare\system\em_exec.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cxwsfpttppxrfia.net/8kyd_TF9dEpLwLJG9nM4XHrLtBmaXdOwqPqQwmjPHta9xh43b/lxhw9DE_gL1rDI.jpg
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12418595
hmmmmmm ok when u run this version of CWShredder in safemode, does it come with anything >> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

and im sure the system restore is already turned off :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12418652
if u will not listen me after a while plzz dont think that i have ran away or abondening the qustion,,,,, i have to go out for some work.... i will be available after around 5-6 hours.... plzz post back abt ur problem and progress... and i will definately look at it when will come back..... hope u will dont mind !! =\
0
 

Author Comment

by:wulliec
ID: 12419656
I tried all the suggestions again and it appeared to be away then i found a manual removal method

Remove lop.com step 1: Open the Application Data folder. This can be found inside the Windows folder on Windows 95/98/Me; on Windows 2000 and XP it is inside your user folder in 'Documents and Settings', but it's hidden, so go to Tools->Folder Options->View and turn on 'Show hidden files and folders' to see it. In Windows NT 4.0 it is in the user folder inside 'WinNTProfiles'.
The filenames of lop files can vary for each different installation, but usually under Windows there should not be any files inside Application Data (only folders), so it's generally easy to pick out the culprits.


You should also delete the following entries if you have them and they are not just blank:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion\r TelephonyDomainName

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesVxD\r MSTCPDomain

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpip\r ParametersDomain

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpip\r ParametersInterfaces{...check all interfaces...}Domain



This will remove the Lop.com program from your computer. Congratulations, you have successfully removed Lop.com from your computer by following our lop remover and lop.com removal and uninstalling guide.

and hopefully that has removed the problem but you never know.
i will keep you informed :-(
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12422636
>> i will keep you informed
sure im back.... and logged in for the next 12 hours :)
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question