Jump to content


Photo

Please Help me remove mysearchnow passthrough


  • This topic is locked This topic is locked
4 replies to this topic

#1 harrika

harrika

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 July 2004 - 12:11 PM

Hello all. I am new to this and am wondering if anyone can help me out. I seem to be getting a blue search bar at the top and the bottom of my browser and cannot get rid of it. If anyone has any ideas on how this can be fixed that would be great.

Here is is HiJackThis log file.

Logfile of HijackThis v1.97.7
Scan saved at 12:40:14 PM, on 05/07/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\DRAWIN~1\real global.exe
C:\Program Files\Ares\Ares.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Kourtney\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.c...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.audcomp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://libproxy.mcma....ca/libprox.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {06586574-1B97-4C70-4799-12C081CC9C4B} - C:\WINDOWS\System32\eqmayqml.dll
O2 - BHO: (no name) - {07095EEE-6241-E33D-7F73-F24FDBC02997} - C:\PROGRA~1\CREATI~1\FRAGMEMO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {695DEA53-C128-2028-2DCE-7B0797EBD240} - C:\WINDOWS\System32\avkjaywz.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {A8EC0D41-1405-8CEA-287E-CA5616D2EE87} - C:\WINDOWS\System32\nqvmmztr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: each sign - {45789B80-7FE0-4403-4851-A745B8E67862} - C:\PROGRA~1\CREATI~1\FRAGMEMO.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [setup film] C:\PROGRA~1\DRAWIN~1\real global.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EZ Station.lnk = C:\WINDOWS\twain_32\IBMScanner\SxCenter.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.audcomp.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1067545213937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37863.795462963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51AC6CC7-9AA4-4AF7-80BE-A990DAB69D33}: NameServer = 206.47.244.52 206.47.244.15

Thanks in advance!

#2 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 05 July 2004 - 02:48 PM

Hi,
First thing to do is ...

Download Posted Image Ad-Aware

After installing Ad-Aware, and before running the program.

Update Ad-aware's Reference File:
Please update the reference file following the instructions Posted Image here

Required Step: Posted Image Reconfigure Ad-Aware for Full Scan

Note: do not run Ad-Aware yet, just install, update and reconfigure.


Posted Image Important! Create a folder via Windows Explorer for HijackThis, then move the file (HijackThis.exe) to that folder. This way any backups created are saved in a legit folder.

Next:

Reconfigure Windows Explorer to show Hidden Files: [required step]
Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

Start | Run (type) Services.msc

Scroll down to the WinTools for IE service
Highlight, right-click and select: Properties
Select "Service Status" option to "Stop"
Select: "Startup type" set it to "Disabled", click Apply, OK
Close the Services Editor.

Next:

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.c...B_PVER}&ar=home
O2 - BHO: (no name) - {06586574-1B97-4C70-4799-12C081CC9C4B} - C:\WINDOWS\System32\eqmayqml.dll
O2 - BHO: (no name) - {07095EEE-6241-E33D-7F73-F24FDBC02997} - C:\PROGRA~1\CREATI~1\FRAGMEMO.dll
O2 - BHO: (no name) - {695DEA53-C128-2028-2DCE-7B0797EBD240} - C:\WINDOWS\System32\avkjaywz.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {A8EC0D41-1405-8CEA-287E-CA5616D2EE87} - C:\WINDOWS\System32\nqvmmztr.dll
O3 - Toolbar: each sign - {45789B80-7FE0-4403-4851-A745B8E67862} - C:\PROGRA~1\CREATI~1\FRAGMEMO.dll
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [setup film] C:\PROGRA~1\DRAWIN~1\real global.exe


Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.

Start | Run (type) Regedit
Navigate to the following location:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Expand the "+Services" key (left pane)
Highlight the "WinTools" key, right-click and select: Delete, Ok the prompt. Close Regedit.

Open Windows Explorer locate and delete the following:

C:\PROGRAM FILES\DRAWIN~1\real global.exe <--this file
C:\WINDOWS\System32\eqmayqml.dll <--this file
C:\PROGRAM FILES\CREATI~1\FRAGMEMO.dll <--this file
C:\WINDOWS\System32\avkjaywz.dll <--this file
C:\WINDOWS\System32\nqvmmztr.dll <--this file
C:\Program Files\Common files\WinTools <--this folder

When locating a file via Start > Search make sure to select: "Advanced Options"

While still in Safe Mode run Ad-Aware and fix everything it finds.

Restart normally and update HijackThis. Download Posted Image HijackThis! 1.98

After the above, reboot, rescan with HijackThis and post a fresh log ...

Edited by WinHelp2002, 05 July 2004 - 03:12 PM.

Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#3 navin_22

navin_22

    Member

  • New Member
  • Pip
  • 3 posts

Posted 07 June 2005 - 12:59 PM

I HAVE THE SAME PROBLEM,THE VERY SAME ONE. AND I CAN'T FIND A SOLUTION, I HAVE TRIED YOUR SOLUTION, BUT I CAN'T SEEM TO FIND "WinTools for IE"

WHERE EXACTLY IS IT???

#4 jw50

jw50

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 18,969 posts

Posted 01 July 2005 - 09:45 PM

Hi,

We apologize for the forum being down recently, if you still need assistance please post a current HijackThis log.
Posted Image

#5 jw50

jw50

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 18,969 posts

Posted 30 July 2005 - 04:06 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button