wulliec
asked on
help me remove mywebsearch (VERY URGENT)
Hello Folks,
I have been infected by that damned mywebsearch thingy and i dont have a clue how to remove it.
I have ran ad-aware, spybot and mcafee antivirus which were all up to date and i still have it.
When i ran spybot it gave me an error saying that it clould not scan c\ windows\ winini as it was in use by another programme.
I dont have any reference to mywebsearch or funwebs or any other strange programme in my add\remove programmes.
Please help as my mcafee is warning that something is trying to change my homepage but luckily i have it locked via spybot.
I also have the ugly mysearch toolbar in my browser window but i dont have the option to remove it.
I have been infected by that damned mywebsearch thingy and i dont have a clue how to remove it.
I have ran ad-aware, spybot and mcafee antivirus which were all up to date and i still have it.
When i ran spybot it gave me an error saying that it clould not scan c\ windows\ winini as it was in use by another programme.
I dont have any reference to mywebsearch or funwebs or any other strange programme in my add\remove programmes.
Please help as my mcafee is warning that something is trying to change my homepage but luckily i have it locked via spybot.
I also have the ugly mysearch toolbar in my browser window but i dont have the option to remove it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Be sure to boot in Safe mode when you run hijackthis and also boot in safe mode the first time after using hijackthis to remove the offending entries. That will give you the best chance to remove them.
Also check your startup folder to ensure it doesn't get re-infected from that source.
Also check your startup folder to ensure it doesn't get re-infected from that source.
>> Be sure to boot in Safe mode when you run hijackthis
nopes its not ideal actually, in safmeode no extra processes are running and starting so hijackthis cannot track them :)
we shud run the removal tools in safemode coz it can selete the exe files, and shud run hijackthis in normal mode coz it delete their registries and IE's corrupted addons :)
nopes its not ideal actually, in safmeode no extra processes are running and starting so hijackthis cannot track them :)
we shud run the removal tools in safemode coz it can selete the exe files, and shud run hijackthis in normal mode coz it delete their registries and IE's corrupted addons :)
ASKER
When I ran spybot i got this report
Error during check!: Cabrotor (Datei C:\WINDOWS\win.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-130000 3180-35629 83710-4194 836640-100 5\Software \Microsoft \Windows\C urrentVers ion\Intern et Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-10-26 Includes\Dialer.sbi
2004-10-26 Includes\Hijackers.sbi
2004-10-07 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-10-26 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-10-26 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-10-26 Includes\Trojans.sbi
Ad aware found nothing
Stinger found nothing
cwShredder found nothing
I also had an application named obhxkiyd in my temp folder which i removed while in safe mode (i could not remove this in normal mode)
This is a copy of my hijack log
Logfile of HijackThis v1.98.2
Scan saved at 03:26:35, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\PROGRA~1\McAfee.com\PER SON~1\MPFS ERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~ 1\MSKSrvr. exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\ltmsg. exe
C:\PROGRA~1\McAfee.com\Age nt\MCAGENT .EXE
C:\PROGRA~1\McAfee\SPAMKI~ 1\MskAgent .exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\system32\wdfmgr .exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e xe
C:\Program Files\Java\j2re1.4.2_06\bi n\jusched. exe
C:\Program Files\MouseWare\system\em_ exec.exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfA gent.exe
C:\WINDOWS\system32\svchos t.exe
c:\progra~1\intern~1\iexpl ore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\system32\wuaucl t.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hi jackthis\H ijackThis. exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.kzluedciwennpim.uk/8kyd_TF9dEpLwLJG9nM4XHrLtBmaXdOwqPqQwmjPHtZd94qOSRCM8Q9DE_gL1rDI.html
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-0 0b0d0c6b81 4} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Age nt\MCAGENT .EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Age nt\McUpdat e.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~ 1\MskAgent .exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~ 1\MSKDetct .exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e xe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bi n\jusched. exe
O4 - HKCU\..\Run: [ShowName] C:\DOCUME~1\Wullie\APPLIC~ 1\BOWSDE~1 \cdrom bike.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\WINDOWS\system32\Msjava .dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\WINDOWS\system32\Msjava .dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-0 0b0d0c6b81 4} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Error during check!: Cabrotor (Datei C:\WINDOWS\win.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Softwa
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-130000
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Softwa
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Softwa
--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-10-26 Includes\Dialer.sbi
2004-10-26 Includes\Hijackers.sbi
2004-10-07 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-10-26 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-10-26 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-10-26 Includes\Trojans.sbi
Ad aware found nothing
Stinger found nothing
cwShredder found nothing
I also had an application named obhxkiyd in my temp folder which i removed while in safe mode (i could not remove this in normal mode)
This is a copy of my hijack log
Logfile of HijackThis v1.98.2
Scan saved at 03:26:35, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\McAfee.com\PER
C:\PROGRA~1\McAfee\SPAMKI~
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\ltmsg.
C:\PROGRA~1\McAfee.com\Age
C:\PROGRA~1\McAfee\SPAMKI~
C:\PROGRA~1\mcafee.com\vso
c:\progra~1\mcafee.com\vso
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\PROGRA~1\McAfee.com\PER
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Logitech\QCDriver\LV
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\system32\wdfmgr
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
C:\Program Files\Java\j2re1.4.2_06\bi
C:\Program Files\MouseWare\system\em_
C:\PROGRA~1\McAfee.com\PER
C:\WINDOWS\system32\svchos
c:\progra~1\intern~1\iexpl
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hi
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Age
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PER
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bi
O4 - HKCU\..\Run: [ShowName] C:\DOCUME~1\Wullie\APPLIC~
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Mic
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
ASKER
Sorry for the confusion i posted the hijack log before fixing
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.kzluedciwennpim.uk/8kyd_TF9dEpLwLJG9nM4XHrLtBmaXdOwqPqQwmjPHtZd94qOSRCM8Q9DE_gL1rDI.html
and
O4 - HKCU\..\Run: [ShowName] C:\DOCUME~1\Wullie\APPLIC~ 1\BOWSDE~1 \cdrom bike.exe
This is the log after i fixed the two entries in safe mode.
Logfile of HijackThis v1.98.2
Scan saved at 04:09:18, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\PROGRA~1\McAfee.com\PER SON~1\MPFS ERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~ 1\MSKSrvr. exe
C:\WINDOWS\system32\ltmsg. exe
C:\PROGRA~1\McAfee.com\Age nt\MCAGENT .EXE
C:\PROGRA~1\McAfee\SPAMKI~ 1\MskAgent .exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e xe
C:\Program Files\Java\j2re1.4.2_06\bi n\jusched. exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\MouseWare\system\em_ exec.exe
C:\WINDOWS\system32\wdfmgr .exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfA gent.exe
C:\WINDOWS\system32\svchos t.exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\system32\wuaucl t.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hi jackthis\H ijackThis. exe
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-0 0b0d0c6b81 4} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Age nt\MCAGENT .EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Age nt\McUpdat e.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~ 1\MskAgent .exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~ 1\MSKDetct .exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e xe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bi n\jusched. exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Age nt\McRegWi z.exe /autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\WINDOWS\system32\Msjava .dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\WINDOWS\system32\Msjava .dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-0 0b0d0c6b81 4} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Is there anything else i need to fix?
R1 - HKCU\Software\Microsoft\In
and
O4 - HKCU\..\Run: [ShowName] C:\DOCUME~1\Wullie\APPLIC~
This is the log after i fixed the two entries in safe mode.
Logfile of HijackThis v1.98.2
Scan saved at 04:09:18, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\McAfee.com\PER
C:\PROGRA~1\McAfee\SPAMKI~
C:\WINDOWS\system32\ltmsg.
C:\PROGRA~1\McAfee.com\Age
C:\PROGRA~1\McAfee\SPAMKI~
C:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\McAfee.com\PER
c:\progra~1\mcafee.com\vso
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LV
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
C:\Program Files\Java\j2re1.4.2_06\bi
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\System32\svchos
C:\Program Files\MouseWare\system\em_
C:\WINDOWS\system32\wdfmgr
C:\PROGRA~1\McAfee.com\PER
C:\WINDOWS\system32\svchos
c:\PROGRA~1\mcafee.com\vso
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hi
R0 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Age
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PER
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bi
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Age
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Mic
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
Is there anything else i need to fix?
abt Spybot Error... this is the latest Bug in Spybot, read here >> http://forums.net-integration.net/index.php?showtopic=23997&st=0&#entry110939
and abt log file.... it looks fine to me..... are u still having problems ??
and abt log file.... it looks fine to me..... are u still having problems ??
ASKER
Hello SheharyaarSaahil ,
Thanks for all your help and the prompt and professional manner with which it was delivered,
I appear to be bug free :-)
I think the suggestions you gave me resolved the problem but i also ran tune-up utilities in safe mode which removed some shortcuts and files from my temp internet file which did not show up on any of the scans,
I am very gratefull to you as i was about to throw the pc out the window.
Please accept with my gratitude the 500 points and the highest grading i can give.
Wulliec (:-)
Thanks for all your help and the prompt and professional manner with which it was delivered,
I appear to be bug free :-)
I think the suggestions you gave me resolved the problem but i also ran tune-up utilities in safe mode which removed some shortcuts and files from my temp internet file which did not show up on any of the scans,
I am very gratefull to you as i was about to throw the pc out the window.
Please accept with my gratitude the 500 points and the highest grading i can give.
Wulliec (:-)
excellent.... beautiful news i have heard early morning today :)
so happy that i cud save the pc from going into the garbage box ;-)
and thanx for those kinds words and fine grade.... Cheers ^_^
so happy that i cud save the pc from going into the garbage box ;-)
and thanx for those kinds words and fine grade.... Cheers ^_^
ASKER
Hello,
Its back i have the same problem again
Logfile of HijackThis v1.98.2
Scan saved at 05:43:34, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\PROGRA~1\McAfee.com\PER SON~1\MPFS ERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~ 1\MSKSrvr. exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\ltmsg. exe
C:\WINDOWS\system32\wdfmgr .exe
C:\WINDOWS\system32\svchos t.exe
C:\PROGRA~1\McAfee.com\Age nt\MCAGENT .EXE
C:\PROGRA~1\McAfee\SPAMKI~ 1\MskAgent .exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e xe
C:\Program Files\Java\j2re1.4.2_06\bi n\jusched. exe
C:\PROGRA~1\McAfee.com\PER SON~1\MpfA gent.exe
C:\Program Files\MouseWare\system\em_ exec.exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\system32\wuaucl t.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hi jackthis\H ijackThis. exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://cxwsfpttppxrfia.net/8kyd_TF9dEpLwLJG9nM4XHrLtBmaXdOwqPqQwmjPHta9xh43b/lxhw9DE_gL1rDI.jpg
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-0 0b0d0c6b81 4} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Age nt\MCAGENT .EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\mcupdat e.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~ 1\MskAgent .exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~ 1\MSKDetct .exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV COMS.EXE
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e xe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bi n\jusched. exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Age nt\McRegWi z.exe /autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\WINDOWS\system32\Msjava .dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\WINDOWS\system32\Msjava .dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-0 0b0d0c6b81 4} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Its back i have the same problem again
Logfile of HijackThis v1.98.2
Scan saved at 05:43:34, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\McAfee.com\PER
C:\PROGRA~1\McAfee\SPAMKI~
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\ltmsg.
C:\WINDOWS\system32\wdfmgr
C:\WINDOWS\system32\svchos
C:\PROGRA~1\McAfee.com\Age
C:\PROGRA~1\McAfee\SPAMKI~
C:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\McAfee.com\PER
c:\progra~1\mcafee.com\vso
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LV
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
C:\Program Files\Java\j2re1.4.2_06\bi
C:\PROGRA~1\McAfee.com\PER
C:\Program Files\MouseWare\system\em_
c:\PROGRA~1\mcafee.com\vso
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wullie\Desktop\hi
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PER
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LV
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.e
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bi
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Age
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Mic
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
hmmmmmm ok when u run this version of CWShredder in safemode, does it come with anything >> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
and im sure the system restore is already turned off :)
and im sure the system restore is already turned off :)
if u will not listen me after a while plzz dont think that i have ran away or abondening the qustion,,,,, i have to go out for some work.... i will be available after around 5-6 hours.... plzz post back abt ur problem and progress... and i will definately look at it when will come back..... hope u will dont mind !! =\
ASKER
I tried all the suggestions again and it appeared to be away then i found a manual removal method
Remove lop.com step 1: Open the Application Data folder. This can be found inside the Windows folder on Windows 95/98/Me; on Windows 2000 and XP it is inside your user folder in 'Documents and Settings', but it's hidden, so go to Tools->Folder Options->View and turn on 'Show hidden files and folders' to see it. In Windows NT 4.0 it is in the user folder inside 'WinNTProfiles'.
The filenames of lop files can vary for each different installation, but usually under Windows there should not be any files inside Application Data (only folders), so it's generally easy to pick out the culprits.
You should also delete the following entries if you have them and they are not just blank:
HKEY_LOCAL_MACHINESoftware MicrosoftW indowsCurr entVersion \r TelephonyDomainName
HKEY_LOCAL_MACHINESystemCu rrentContr olSetServi cesVxD\r MSTCPDomain
HKEY_LOCAL_MACHINESystemCu rrentContr olSetServi cesTcpip\r ParametersDomain
HKEY_LOCAL_MACHINESystemCu rrentContr olSetServi cesTcpip\r ParametersInterfaces{...ch eck all interfaces...}Domain
This will remove the Lop.com program from your computer. Congratulations, you have successfully removed Lop.com from your computer by following our lop remover and lop.com removal and uninstalling guide.
and hopefully that has removed the problem but you never know.
i will keep you informed :-(
Remove lop.com step 1: Open the Application Data folder. This can be found inside the Windows folder on Windows 95/98/Me; on Windows 2000 and XP it is inside your user folder in 'Documents and Settings', but it's hidden, so go to Tools->Folder Options->View and turn on 'Show hidden files and folders' to see it. In Windows NT 4.0 it is in the user folder inside 'WinNTProfiles'.
The filenames of lop files can vary for each different installation, but usually under Windows there should not be any files inside Application Data (only folders), so it's generally easy to pick out the culprits.
You should also delete the following entries if you have them and they are not just blank:
HKEY_LOCAL_MACHINESoftware
HKEY_LOCAL_MACHINESystemCu
HKEY_LOCAL_MACHINESystemCu
HKEY_LOCAL_MACHINESystemCu
This will remove the Lop.com program from your computer. Congratulations, you have successfully removed Lop.com from your computer by following our lop remover and lop.com removal and uninstalling guide.
and hopefully that has removed the problem but you never know.
i will keep you informed :-(
>> i will keep you informed
sure im back.... and logged in for the next 12 hours :)
sure im back.... and logged in for the next 12 hours :)
And if after cleaning the system, u still get the problem, then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe
Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!
HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php
CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)