Jump to content


Photo

searchweb2.com


  • Please log in to reply
1 reply to this topic

#1 alasdairherdman

alasdairherdman

    Member

  • New Member
  • Pip
  • 1 posts

Posted 27 July 2004 - 04:08 PM

Hi - I have a problem with spyware on my pc - I have run both spybot and ad aware and deleted all I find, as well as going through the tutorial on hijackthis on the site. Every time I reboot - or sometimes before I do, the problems detected spybot and ad aware return, the popups come, the home page is redirected to:

http://searchweb2.co...ver=6.0&ar=home

and a toolbar from searchweb2 comes up. Also in the installed programs directory in control panel , a new programme was installed that looked like a windows update but was corrupted. I have managed to remove this with advanced uninstaller but my problems persist.



My log from HijackThis

Logfile of HijackThis v1.97.7
Scan saved at 21:46:40, on 27/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Adam\LOCALS~1\Temp\Rar$EX00.424\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.co...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybermoor.org:8080
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [dead tray] C:\PROGRA~1\encintra\burntick.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...38103.199212963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

If you can be of any help to me I would be most grateful.

Alasdair

#2 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 27 July 2004 - 04:26 PM

Hello Alasdairherdman and welcome to the forums. Please print out my instructions for reference during the fix.

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Move HijackThis.exe into this folder. When you run HijackThis from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Your version of Hijack This is outdated, please download version 1.98.0 from either of the following links:
http://www.majorgeek...wnload3155.html
or
http://downloads.sub.../hijackthis.zip

Next open Hijack This and check the boxes next to the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.co...B_PVER}&ar=home
O4 - HKLM\..\Run: [dead tray] C:\PROGRA~1\encintra\burntick.exe

Make sure all browsers and windows (including this one) are closed and hit "Fix Checked."

Next, reboot your computer into Safe Mode and delete the following files/folders. Be sure to Show hidden files/folders.

Delete:

C:\PROGRA~1\encintra\burntick.exe <- this file

Reboot your computer and post a new Hijack This log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button