Jump to content


Photo

Searchweb browser hijack help


  • Please log in to reply
10 replies to this topic

#1 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 30 May 2004 - 09:23 AM

I am pretty sure it was due to using MSN plus! even though I clicked to not have any of the adware and stuff download to my computer, so I uninstalled the program and a whole bunch of crap was still there. I ran Ad-aware and got rid of most of it and now the only problem I have is that the searchweb homepage keeps trying to hijack my browser, the only thing that prevents it is my Spyware Guard but evertime I restart my computer it happens again and again. What should I do?

#2 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 31 May 2004 - 06:37 AM

This websearch thing still tries to hijack my browser, no suggestions at all?

#3 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 01 June 2004 - 01:40 PM

Please could someone help me with this browser hijack on my computer.

#4 tanz76

tanz76

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 June 2004 - 01:39 AM

this is happening to me too, I would love some help

#5 Qb_Master

Qb_Master

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 02 June 2004 - 02:13 AM

Msn Messenger Plus contains spyware called Lop(Lop.com - C2 Media). This is very bad Spyware and should be dealt with immediately. download Spybot S&D Here. Once downloading, update and run the program.

Once done, please come back and post a Hijackthis logfile. HijackThis can be found Here.

#6 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 02 June 2004 - 05:31 PM

I did as you said but I think that I used Spybot S&D before I even brought up this problem to the forum, anyway I ran it again and then ran Hijack This, here is what I found:

Logfile of HijackThis v1.97.7
Scan saved at 6:27:29 PM, on 6/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\NS\LOCALS~1\Temp\sta30.exe
C:\Documents and Settings\NS\My Documents\My Received Files\Hijack This & CWS Shredder\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30539F47-9019-E77F-85DC-315AD4339EF6} - C:\PROGRA~1\ACTIVE~1\Bonelove.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\System32\sfg4ef2.dll
O2 - BHO: SafeGuard Popup Blocker - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - C:\Program Files\SafeGuard Popup Blocker Pro\SGPopupBlocker.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Bleh Ford Spam - {0E5C8093-D696-737F-3CA7-0345F3386A08} - C:\PROGRA~1\ACTIVE~1\Bonelove.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sixth sect] C:\PROGRA~1\ADMINU~1\bib flaw.exe
O4 - HKLM\..\Run: [SafeGuard Popup Blocker Updater (required)] regsvr32 /s C:\WINDOWS\System32\sfg4ef2.dll
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Popup Blocker Options (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...wdir702d140.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abet...T64106/thin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8098.8624421296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#7 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 02 June 2004 - 08:06 PM

The problem is getting more and more annoying, the seachbar and favorites folders that I deleted are coming back now, I can delete them but I'll wait for the reply to properly delete them.

#8 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 03 June 2004 - 08:15 PM

Could someone please assist me?

#9 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 05 June 2004 - 12:25 PM

Has everyone abandoned this request?

#10 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 05 June 2004 - 05:25 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

O2 - BHO: (no name) - {30539F47-9019-E77F-85DC-315AD4339EF6} - C:\PROGRA~1\ACTIVE~1\Bonelove.dll
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\System32\sfg4ef2.dll

O3 - Toolbar: Bleh Ford Spam - {0E5C8093-D696-737F-3CA7-0345F3386A08} - C:\PROGRA~1\ACTIVE~1\Bonelove.dll

O4 - HKLM\..\Run: [sixth sect] C:\PROGRA~1\ADMINU~1\bib flaw.exe

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abet...T64106/thin.cab

Reboot, and delete

folders
C:\Program Files\ACTIVE~1
C:\Program Files\ADMINU~1

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#11 demitrius

demitrius

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 06 June 2004 - 09:04 AM

Did everything you advised, here's the updated log:

Logfile of HijackThis v1.97.7
Scan saved at 10:00:40 AM, on 6/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\NS\My Documents\My Received Files\Hijack This & CWS Shredder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SafeGuard Popup Blocker - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - C:\Program Files\SafeGuard Popup Blocker Pro\SGPopupBlocker.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SafeGuard Popup Blocker Updater (required)] regsvr32 /s C:\WINDOWS\System32\sfg4ef2.dll
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Popup Blocker Options (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...wdir702d140.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8098.8624421296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button