1
Tech Clinic / CoolWebSearch / EffectiveBaneToolBar Removal Help
« on: April 27, 2005, 12:05:34 AM »
When I restart it doesn't hijack my IE homepage anymore. I think its fixed!! Woo! Thank you so much!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / CoolWebSearch / EffectiveBaneToolBar Removal Help
« on: April 26, 2005, 11:52:01 PM »
First SPSeHjFix Log:
(4/26/05 9:41:24 PM) SPSeHjFix started v1.1.2
(4/26/05 9:41:24 PM) OS: WinXP (5.1.2600)
(4/26/05 9:41:24 PM) Language: english
(4/26/05 9:41:24 PM) Win-Path: C:\WINDOWS
(4/26/05 9:41:24 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:41:24 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/26/05 9:41:25 PM) Disinfection started
(4/26/05 9:41:25 PM) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:41:25 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\fkfm.dll
(4/26/05 9:41:25 PM) Searchassistant Uninstaller - Keys Deleted
(4/26/05 9:41:25 PM) UBF: 9 - UBB: 2 - UBR: 2
(4/26/05 9:41:25 PM) FilterKey: HKCR\text/html (deleted)
(4/26/05 9:41:25 PM) FilterKey: HKCR\CLSID\{A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} (deleted)
(4/26/05 9:41:25 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/26/05 9:41:25 PM) FilterKey: HKCR\text/plain (deleted)
(4/26/05 9:41:25 PM) FilterKey: HKCR\CLSID\{A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} (error while deleting)
(4/26/05 9:41:25 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/26/05 9:41:25 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB47B01D-60E3-46FC-99D5-702979BEEA78} (deleted)
(4/26/05 9:41:25 PM) BHO-Key: HKCR\CLSID\{BB47B01D-60E3-46FC-99D5-702979BEEA78} (deleted)
(4/26/05 9:41:25 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(4/26/05 9:41:25 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:41:25 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/26/05 9:41:25 PM) Stealth-String not found
(4/26/05 9:41:25 PM) File added to delete: c:\windows\system32\fkfm.dll
(4/26/05 9:41:25 PM) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:41:25 PM) Reboot
(4/26/05 9:42:46 PM) SPSeHjFix started v1.1.2
(4/26/05 9:42:46 PM) OS: WinXP (5.1.2600)
(4/26/05 9:42:46 PM) Language: english
(4/26/05 9:42:46 PM) Win-Path: C:\WINDOWS
(4/26/05 9:42:46 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:42:46 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Second :
(4/26/05 9:43:39 PM) SPSeHjFix started v1.1.2
(4/26/05 9:43:39 PM) OS: WinXP (5.1.2600)
(4/26/05 9:43:39 PM) Language: english
(4/26/05 9:43:39 PM) Win-Path: C:\WINDOWS
(4/26/05 9:43:39 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:43:39 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/26/05 9:43:40 PM) Disinfection started
(4/26/05 9:43:40 PM) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:43:40 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\fkfm.dll
(4/26/05 9:43:40 PM) Searchassistant Uninstaller - Keys Deleted
(4/26/05 9:43:40 PM) UBF: 9 - UBB: 2 - UBR: 2
(4/26/05 9:43:40 PM) FilterKey: HKCR\text/html (deleted)
(4/26/05 9:43:40 PM) FilterKey: HKCR\CLSID\{4F106EA6-7A85-454E-AB88-DA570AA8F6A8} (deleted)
(4/26/05 9:43:40 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/26/05 9:43:40 PM) FilterKey: HKCR\text/plain (deleted)
(4/26/05 9:43:40 PM) FilterKey: HKCR\CLSID\{4F106EA6-7A85-454E-AB88-DA570AA8F6A8} (error while deleting)
(4/26/05 9:43:40 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/26/05 9:43:40 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEDC3469-F03B-4DDF-A631-7C1DE140F800} (deleted)
(4/26/05 9:43:40 PM) BHO-Key: HKCR\CLSID\{AEDC3469-F03B-4DDF-A631-7C1DE140F800} (deleted)
(4/26/05 9:43:40 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(4/26/05 9:43:40 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:43:40 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/26/05 9:43:40 PM) Stealth-String not found
(4/26/05 9:43:40 PM) File added to delete: c:\windows\system32\fkfm.dll
(4/26/05 9:43:40 PM) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:43:40 PM) Reboot
(4/26/05 9:45:04 PM) SPSeHjFix started v1.1.2
(4/26/05 9:45:04 PM) OS: WinXP (5.1.2600)
(4/26/05 9:45:04 PM) Language: english
(4/26/05 9:45:04 PM) Win-Path: C:\WINDOWS
(4/26/05 9:45:04 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:45:04 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/26/05 9:45:34 PM) Disinfection started
(4/26/05 9:45:34 PM) Bad-Dll(IEP): (not found)
(4/26/05 9:45:34 PM) Bad-Dll(IEP) in BHO: (not found)
(4/26/05 9:45:34 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:45:34 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:45:34 PM) Bad IE-pages: (none)
(4/26/05 9:45:34 PM) Stealth-String not found
(4/26/05 9:45:34 PM) Not infected->END
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:49:11 PM, on 4/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
I ran SPSeHjFix, and then restarted, it then, before anything else, came up again, but I didn't want to lsoe the log. So I clicked close, rather than disinfect again. Got the log file, re ran it and then when it came up again, I clicked disinfect and thats when it did nothing and I closed it and got the 2nd log file. CWS found nothing. Thank you Thank you Thank you.
Storm
(4/26/05 9:41:24 PM) SPSeHjFix started v1.1.2
(4/26/05 9:41:24 PM) OS: WinXP (5.1.2600)
(4/26/05 9:41:24 PM) Language: english
(4/26/05 9:41:24 PM) Win-Path: C:\WINDOWS
(4/26/05 9:41:24 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:41:24 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/26/05 9:41:25 PM) Disinfection started
(4/26/05 9:41:25 PM) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:41:25 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\fkfm.dll
(4/26/05 9:41:25 PM) Searchassistant Uninstaller - Keys Deleted
(4/26/05 9:41:25 PM) UBF: 9 - UBB: 2 - UBR: 2
(4/26/05 9:41:25 PM) FilterKey: HKCR\text/html (deleted)
(4/26/05 9:41:25 PM) FilterKey: HKCR\CLSID\{A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} (deleted)
(4/26/05 9:41:25 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/26/05 9:41:25 PM) FilterKey: HKCR\text/plain (deleted)
(4/26/05 9:41:25 PM) FilterKey: HKCR\CLSID\{A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} (error while deleting)
(4/26/05 9:41:25 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/26/05 9:41:25 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB47B01D-60E3-46FC-99D5-702979BEEA78} (deleted)
(4/26/05 9:41:25 PM) BHO-Key: HKCR\CLSID\{BB47B01D-60E3-46FC-99D5-702979BEEA78} (deleted)
(4/26/05 9:41:25 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(4/26/05 9:41:25 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:41:25 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/26/05 9:41:25 PM) Stealth-String not found
(4/26/05 9:41:25 PM) File added to delete: c:\windows\system32\fkfm.dll
(4/26/05 9:41:25 PM) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:41:25 PM) Reboot
(4/26/05 9:42:46 PM) SPSeHjFix started v1.1.2
(4/26/05 9:42:46 PM) OS: WinXP (5.1.2600)
(4/26/05 9:42:46 PM) Language: english
(4/26/05 9:42:46 PM) Win-Path: C:\WINDOWS
(4/26/05 9:42:46 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:42:46 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Second :
(4/26/05 9:43:39 PM) SPSeHjFix started v1.1.2
(4/26/05 9:43:39 PM) OS: WinXP (5.1.2600)
(4/26/05 9:43:39 PM) Language: english
(4/26/05 9:43:39 PM) Win-Path: C:\WINDOWS
(4/26/05 9:43:39 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:43:39 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/26/05 9:43:40 PM) Disinfection started
(4/26/05 9:43:40 PM) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:43:40 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\fkfm.dll
(4/26/05 9:43:40 PM) Searchassistant Uninstaller - Keys Deleted
(4/26/05 9:43:40 PM) UBF: 9 - UBB: 2 - UBR: 2
(4/26/05 9:43:40 PM) FilterKey: HKCR\text/html (deleted)
(4/26/05 9:43:40 PM) FilterKey: HKCR\CLSID\{4F106EA6-7A85-454E-AB88-DA570AA8F6A8} (deleted)
(4/26/05 9:43:40 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/26/05 9:43:40 PM) FilterKey: HKCR\text/plain (deleted)
(4/26/05 9:43:40 PM) FilterKey: HKCR\CLSID\{4F106EA6-7A85-454E-AB88-DA570AA8F6A8} (error while deleting)
(4/26/05 9:43:40 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/26/05 9:43:40 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEDC3469-F03B-4DDF-A631-7C1DE140F800} (deleted)
(4/26/05 9:43:40 PM) BHO-Key: HKCR\CLSID\{AEDC3469-F03B-4DDF-A631-7C1DE140F800} (deleted)
(4/26/05 9:43:40 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(4/26/05 9:43:40 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:43:40 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/26/05 9:43:40 PM) Stealth-String not found
(4/26/05 9:43:40 PM) File added to delete: c:\windows\system32\fkfm.dll
(4/26/05 9:43:40 PM) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll
(4/26/05 9:43:40 PM) Reboot
(4/26/05 9:45:04 PM) SPSeHjFix started v1.1.2
(4/26/05 9:45:04 PM) OS: WinXP (5.1.2600)
(4/26/05 9:45:04 PM) Language: english
(4/26/05 9:45:04 PM) Win-Path: C:\WINDOWS
(4/26/05 9:45:04 PM) System-Path: C:\WINDOWS\System32
(4/26/05 9:45:04 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/26/05 9:45:34 PM) Disinfection started
(4/26/05 9:45:34 PM) Bad-Dll(IEP): (not found)
(4/26/05 9:45:34 PM) Bad-Dll(IEP) in BHO: (not found)
(4/26/05 9:45:34 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:45:34 PM) UBF: 7 - UBB: 1 - UBR: 1
(4/26/05 9:45:34 PM) Bad IE-pages: (none)
(4/26/05 9:45:34 PM) Stealth-String not found
(4/26/05 9:45:34 PM) Not infected->END
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:49:11 PM, on 4/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
I ran SPSeHjFix, and then restarted, it then, before anything else, came up again, but I didn't want to lsoe the log. So I clicked close, rather than disinfect again. Got the log file, re ran it and then when it came up again, I clicked disinfect and thats when it did nothing and I closed it and got the 2nd log file. CWS found nothing. Thank you Thank you Thank you.
Storm
3
Tech Clinic / CoolWebSearch / EffectiveBaneToolBar Removal Help
« on: April 26, 2005, 07:15:23 PM »
EDIT: EffectiveBandToolBar !! Sorry for typo, and can not edit. 
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'
\' />
These are the 2 things that show up in Spybot, and can't seem to get rid of them. I've read the process in another thread here, but didn't know if that would also apply to my system. Hijackthis log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 5:09:09 PM, on 4/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BB47B01D-60E3-46FC-99D5-702979BEEA78} - C:\WINDOWS\System32\fkfm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O18 - Filter: text/html - {A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} - C:\WINDOWS\System32\fkfm.dll
O18 - Filter: text/plain - {A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} - C:\WINDOWS\System32\fkfm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Thank you for any and help to get this removed from my system.
Storm
\' />These are the 2 things that show up in Spybot, and can't seem to get rid of them. I've read the process in another thread here, but didn't know if that would also apply to my system. Hijackthis log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 5:09:09 PM, on 4/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BB47B01D-60E3-46FC-99D5-702979BEEA78} - C:\WINDOWS\System32\fkfm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O18 - Filter: text/html - {A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} - C:\WINDOWS\System32\fkfm.dll
O18 - Filter: text/plain - {A124AEEE-A31D-4EAA-ACDC-B2F98D6DCFFE} - C:\WINDOWS\System32\fkfm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Thank you for any and help to get this removed from my system.
Storm
Pages: [1]