Jump to content


Prosearch and lop

  • Please log in to reply
5 replies to this topic

#1 Pel



  • New Member
  • Pip
  • 3 posts

Posted 27 June 2004 - 07:23 AM

When opening internet explorer, i have a search 200 toolbar automatically open, also have a new Internet explorer icon (not an original), with www.lop.com on my desk top. Please help to remove these please.

Many thanks


Logfile of HijackThis v1.97.7
Scan saved at 13:13:48, on 27/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\HEARTW~1\flap shim.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\breeda\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com.../www.avast.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D2EDA8F1-3A37-9A51-4136-492974427ADC} - C:\PROGRA~1\birdfour\StyleSoftware.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BIND BALL TEAM - {DD9C4EC4-62CA-002E-179A-68EBC96F727A} - C:\PROGRA~1\birdfour\StyleSoftware.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DATAPEAK] C:\PROGRA~1\HEARTW~1\flap shim.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymen...ild/preload.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...dtc32_EN_XP.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1087797831031
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...e/ie/games4.cab

#2 NonSuch


    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 27 June 2004 - 08:46 PM


Please click here to download Spybot Search & Destroy v1.3 - Install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start." Make sure "Activate in-depth scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot when finished.

Next, perform an online virus scan at Trend Micro and an online Trojan scan at Sygate. (See links in my signature below). Allow each program to remove whatever it may find. NOTE: You may need to allow Sygate to have access through your firewall, or disable your firewall. If so, be sure you re-enable your firewall after the scan has completed. Reboot after each scan.

Scan with HJT and post a new log into this same thread, and we will work on the remaining issues in your log.

#3 Pel



  • New Member
  • Pip
  • 3 posts

Posted 28 June 2004 - 05:43 AM

Thanks fo your help, have run everything that you said but am coming up against this message in Sygate. As far as i am aware has removed firewall. Any idea?

You have blocked all of our probes! We still recommend running this test both with
and without Sygate Personal Firewall enabled... so turn it off and try the test again.

#4 NonSuch


    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 28 June 2004 - 05:55 AM


Since you're having problems with the online Trojan scan (be sure you re-enable your firewall) you can download a free trial of TrojanHunter here: http://www.misec.net/

Install the program, then manually update the definitions, and then perform a scan.

#5 Pel



  • New Member
  • Pip
  • 3 posts

Posted 28 June 2004 - 06:53 AM

Have done as you suggested, have Run scan and the following was found, they ask you to attach file and send to them, but the file cannot be found?

Any idea where to go from here? :scratchhead:

Found possible trojan file: C:\WINDOWS\Downloaded Program Files\220372__.exe/QZVs4ZQ.exe (Possible trojan downloader)

#6 NonSuch


    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 09 July 2004 - 02:20 PM

My apologies for not responding to your last post. I did not receive an e-mail notification of your reply.

If you are still in need of help, please post again.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button