• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Mack

CWS.Seachx and Restore Points Question

5 posts in this topic

I've looked at a number of posts on getting rid of CWS.searchw on different forums and found one that says you have to delete ALL your Windows XP "Restore Points" first before going through the removal process. Is this true? I kow you have to get rid of Retore Points with certain viruses but didn't know CWS.seachx was one of them. I'd like to know, because I didn't delete my retore points before trying to get rid of CWS.searchw and may still have it on my computer. Thanks, Mack

Share this post


Link to post
Share on other sites

It will be necessary to delete all restore points, as they may well also be infested. However, it would be better not to do this until the infection is cleaned out.

 

The removal process is tricky, and if something goes wrong, having a restore point to go back to could be a lifesaver. Wait until the infection is cleaned out and then remove the old restore points.

Share this post


Link to post
Share on other sites

Thanks for the reply Dave. I have Reflected, Repented, and Rebooted but order has not returned. LOL! I think I still have the SearchX problem on my computer and was wondering if you can refer me to a post or site that has a decent, step by step, explaination on how to get of it. Thanks for your help. Mack

Share this post


Link to post
Share on other sites

CWShredder should remove it.

 

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Thanks for looking at this for me. Here is the log from Highjackthis. I also ran the most current CWShredder but am a little confused at the results. When I ran the "Scan Only" I got some info that looked like I had some problems but when I ran the "Fix" option, it said my computer was clean. Here is what the Scan Only Report said:

 

CWShredder v1.59.1 scan only report

 

Windows XP [5.01.26CO SP1]

Winodws dir: C:\WINDOWS

Windows system dir: C:\WINDOWS\System32

AppData folder; C:\Documents and Settings\Mickeal\Application Data

Username: Mickeal

 

Found Hosts file: C:\WINDOWS\System32\drivers\ect\hosts [586 bytes,R]

Shell Registry value: H,LM\.Winlogon [userlnit] C:\WINDOWS\system32\userinit.exe,

Found Win.ini file: C:\WINDOWS\wini.ini[1273 bytes,A]

Found system.ini file: c:\WINDOWS\system.ini [227bytes,A]

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:50:49 PM, on 6/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\SYSTEM32\GEARSEC.EXE

C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe

C:\WINDOWS\System32\loadfp.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\WINDOWS\System32\atiptaxx.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

C:\Program Files\Added\washer\washer.exe

C:\Program Files\ATI Multimedia\main\launchpd.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Added\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Messenger\msmsgs.exe

C:\AAA\HijackThis.exe

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

 

Files\Yahoo!\common\ycomp5_2_3_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

 

C:\PROGRA~1\Added\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

 

SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

 

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\common\ycomp5_2_3_0.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

 

Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI

O4 - HKLM\..\Run: [HPCDTray] "C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe"

O4 - HKLM\..\Run: [FP Loader] loadfp.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

 

-osboot

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP

 

InSight\IPMon32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton

 

Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~3\QDCSFS.exe

 

/startup

O4 - HKLM\..\RunServices: [RegisterDropHandler]

 

C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

O4 - HKCU\..\Run: [iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

O4 - HKCU\..\Run: [Washer] C:\Program Files\Added\washer\\washer.exe /0

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATIRmtWndr] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Added\Spybot - Search &

 

Destroy\TeaTimer.exe

O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON

 

SMART PANEL for Scanner\ESPMAIN.EXE

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk =

 

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: ATI TV (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -

 

http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) -

 

http://www.imagestation.com/common/classes...ab?ver=1,1,0,30

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

 

http://v4.windowsupdate.microsoft.com/CAB/...7868.3888078704

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -

 

http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -

 

http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

 

https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

 

http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -

 

https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B50C7EFC-6490-43A7-B1AA-4D11E9705529}:

 

NameServer = 206.13.28.12,206.13.31.12

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0