Options
mysearchnow - A nasty blue searchbar
Hi everyone!
I get a nasty little blue seachbar att the bottom om the screen
i had tried adaware and search and destroy........it returns !!
i even tried to get rid of it via hijackthis in safemode
it returns.....please help me out
i got the hijack this log for you
Thanks
/smurf
here it goes:
Logfile of HijackThis v1.97.7
Scan saved at 16:44:41, on 2004-06-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Avast4\ashDisp.exe
C:\Program\Avast4\ashmaisv.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\CDROMD~1\debugreadme.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Avast4\aswUpdSv.exe
C:\Program\Avast4\ashServ.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Total Commander\TOTALCMD.EXE
C:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.se/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\Program\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\Program\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Joy htm] C:\Program\CDROMD~1\debugreadme.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: partybingo.com (HKLM)
O9 - Extra 'Tools' menuitem: partybingo.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38076.5263425926
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
I get a nasty little blue seachbar att the bottom om the screen
i had tried adaware and search and destroy........it returns !!
i even tried to get rid of it via hijackthis in safemode
it returns.....please help me out
i got the hijack this log for you
Thanks
/smurf
here it goes:
Logfile of HijackThis v1.97.7
Scan saved at 16:44:41, on 2004-06-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Avast4\ashDisp.exe
C:\Program\Avast4\ashmaisv.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\CDROMD~1\debugreadme.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Avast4\aswUpdSv.exe
C:\Program\Avast4\ashServ.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Total Commander\TOTALCMD.EXE
C:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.se/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\Program\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\Program\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Joy htm] C:\Program\CDROMD~1\debugreadme.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: partybingo.com (HKLM)
O9 - Extra 'Tools' menuitem: partybingo.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38076.5263425926
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
0
Comments
Reboot in SAFE MODE, and fix:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/.../www.google.se/
O4 - HKLM\..\Run: [Joy htm] C:\Program\CDROMD~1\debugreadme.exe
(That's your re-installer.)
Then find the file C:\Program\CDROMD~1\debugreadme.exe (look for a folder whose name starts with CDROMD. Delete that file and folder.
Reboot normally, you should be clean. Let us know.
Dexter...
I will do it now
Thanks......i will let u know
I finally got rid of it
It worked
/Smurf
Dexter...
See u around
/Smurf