Jump to content


searchweb2 dramas

  • Please log in to reply
3 replies to this topic

#1 siebel



  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 07:38 AM

Hello, I'm hoping someone can help me, because I'm at my wits end.

I have Ad-aware 6.0 and Spybot Search & Destroy 1.2 installed, and whilst they will remove lots of bits and pieces, apon rebooting, my homepage is returned to
http://searchweb2.co...p://about:blank. I run HijackThis, fix any associated problems, and apon reboot... you guessed it. It's back! If anyone can help me out, I'd greatly appreciate it.


Here is the Log File from HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 10:32:34 PM, on 12/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\TRAYCO~1\Title Grid Bend.exe
C:\Program Files\KaZaA Lite\kazaalite.kpp
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.co...p://about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\KaZaA Lite\kpp.exe" "C:\Program Files\KaZaA Lite\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [Ace Dumb] C:\PROGRA~1\TRAYCO~1\Title Grid Bend.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [window.exe] C:\WINDOWS\System32\window.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ent.asp?model=8
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://oldglory.nine...sCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7673.0370601852
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{543DF351-CA9B-4055-A2D7-A2EDD3845EE8}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{543DF351-CA9B-4055-A2D7-A2EDD3845EE8}: NameServer =,

#2 siebel



  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 10:25 PM


#3 jedavies



  • New Member
  • Pip
  • 1 posts

Posted 13 June 2004 - 11:31 AM

I had the same problem on my computer with searchweb2.com hijacking my browser home page was finally able to solve it.

I noticed in the Task Manager that there was always an odd process running that I'd never noticed before named "01 TYPE BUILD".

Then I checked the registry and found under:
(i.e. Windows automated startup processes)

there was an entry as follows:
bluecomp "C:\PROGRA~1\STOPBE~1\01 TYPE BUILD.exe"

Everthing else in that part of the registry looked like valid startup processes except this one.

I deleted the bluecomp entry from the registry and also deleted the following folder from my hard drive:
C:\Program Files\Stop Bend\
(this folder contained the program 01 TYPE BUILD.exe")

Then I went into the IE Internet options, reset the home page to what I wanted and it now sticks through logoffs and reboots - searchweb2.com is no longer hijacking my browser.

I did web searches and I didn't find any pages anywhere that mention "Stop Bend" or "TYPE BUILD.exe", is this something new?

Hope this helps some of you!

#4 siebel



  • New Member
  • Pip
  • 3 posts

Posted 13 June 2004 - 07:53 PM

Thanks for the advice, but I cannot find anyting like that. Anyone else who has some advice, I would be most grateful

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!