Jump to content


Photo

Search200 and constant annoyances!


  • Please log in to reply
3 replies to this topic

#1 carb4741

carb4741

    Member

  • New Member
  • Pip
  • 2 posts

Posted 07 June 2004 - 10:35 PM

I am starting to get extremely aggravated :grrr: by these popup ads and my browsers being hijacked. I have run everything from Ad-aware, spybot, and hijack this. All programs are up to date, and I think I fix the problem, but boom, it appears on the next startup.

Here is my log from hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 11:31:37 PM, on 6/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\SpyStopper\spystopper.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\DIGStream\digstream.exe
C:\PROGRA~1\FRAGDUPE\Procthe.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
c:\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.spotresults.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.espn.com"); (C:\Documents and Settings\Joseph Carbone\Application Data\Mozilla\Profiles\default\rdqfu7c6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Joseph Carbone\Application Data\Mozilla\Profiles\default\rdqfu7c6.slt\prefs.js)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: BaseVcCdrom - {67E2DF0E-7B57-0EE6-8D9A-8869F341494B} - C:\PROGRA~1\USERBA~1\LIVECHIN.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [FaceGpl] C:\PROGRA~1\FRAGDUPE\Procthe.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Whistle (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8145.8112731481
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab

#2 carb4741

carb4741

    Member

  • New Member
  • Pip
  • 2 posts

Posted 08 June 2004 - 07:52 PM

*bump*

#3 steblein

steblein

    Member

  • New Member
  • Pip
  • 2 posts

Posted 09 July 2004 - 12:25 PM

I had this same Spyware - Wintools

HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

You should follow the instructions on this website, and you should see it go away.

http://www.pchell.co.../wintools.shtml

Thanks to the guy who shared this site with me - Tarl

#4 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 09 July 2004 - 01:33 PM

First,

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following, or variants of these, if they exist:

Windows Search
Win Tools
IEtools
IESearch
Windows Assistant
WindowsSA
Search Assistant
Windows Search Assistant

When uninstalling you wil prompted to insert a security code. Please do so and reboot when done.

If you do not see thsee two programs in your Add/Remove programs then download and run both of these uninstallers:

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

Then,

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.spotresults.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: BaseVcCdrom - {67E2DF0E-7B57-0EE6-8D9A-8869F341494B} - C:\PROGRA~1\USERBA~1\LIVECHIN.dll
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [FaceGpl] C:\PROGRA~1\FRAGDUPE\Procthe.exe



Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)
C:\PROGRAM FILES\COMMON~1\WinTools
C:\PROGRAM FILES\USERBA~1\
C:\PROGRAM FILES\FRAGDUPE\Procthe.exe

Reboot your computer to go back to normal mode and post a new log.

Edited by grinler, 09 July 2004 - 01:34 PM.

<b>Lawrence</b>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button