Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » The dreaded blue searchbar

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

The dreaded blue searchbar

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 01-09-2005, 04:40 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 11
m223453 Is a beginner here at D-A-L
The dreaded blue searchbar
I am currently the owner of an unwanted blue tool/searchbar whenever I open IE. Can't rid the PC of it even with Adaware, spybot. So here is a log I made earlier, if some kind person can peruse it I would be very grateful.

Logfile of HijackThis v1.99.1
Scan saved at 16:29:53, on 01/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.ex e
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Craig\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zdicwgqmdmlaogallhfzks.biz/oClHELUfWRPhEXWR6dDaEnY5XvS3LnQ8YhLBV_pXRiZWzWWiQM rFqJkvFW91C_8p.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: zyxdotrcytbhemfcwjlb - {99ccfe22-9dc6-4759-99f3-90fad22fbc2a} - C:\DOCUME~1\Craig\APPLIC~1\vcklriqtr.dll (file missing)
O2 - BHO: (no name) - {A398B486-60F8-2170-B2CF-3A25A42F913E} - C:\DOCUME~1\Craig\APPLIC~1\SoftAmok\Mathfor.exe (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [m.exe] C:\documents and settings\craig\local settings\temp\m.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GPBgR.exe] C:\documents and settings\craig\local settings\temp\GPBgR.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [scrbmk] "C:\WINDOWS\scrbmk.exe"
O4 - HKLM\..\Run: [RegsAcidGrimBash] C:\Documents and Settings\All Users\Application Data\pollbarbregsacid\default bleh.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\pcsync2.exe
O4 - HKCU\..\Run: [Partvga] C:\DOCUME~1\Craig\APPLIC~1\BROWSE~1\Film first dupe.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\New Folder\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Windows Update.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-09-2005, 07:02 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: The dreaded blue searchbar
Hi and welcome,

I'm over here from another forum to help out some.

You have a lot going on within your computer.

I see you have been useing MessengerPlus 3 and because of that you have a LOP infection, so let's tackle that first.

Go into add/remove program and remove:(IF FOUND)

MessengerPlus 3

If it was removed reboot your computer and do these scans please as you have a worm or two prowling around your computer also.


Lets see what some virus scans can uncover and we will go from there.

Get the stinger here:
http://vil.nai.com/vil/stinger/

Download it to another computer if need be, and bring it to the affected computer on floppy disk.

It will kill the top 53 virus files if any are found there

then,

Internet Explorer required
Run these two online virus scanners (Panda Activescan) following these instructions below:
http://www.pandasoftware.com/product..._principal.htm


Internet Explorer required
Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html

If you have Firefox BitDefender will not work on Firefox, either switch to IE or go to the link below to do HouseCall online scanner:

Internet Explorer required
http://housecall-beta.trendmicro.com/en/start_corp.asp


http://fr.trendmicro-europe.com/cons...all_launch.php
(Java runtime enviroment needed) housecall for FireFox

These scans will take more than an hour to complete, so make sure you have time to let them run thru. Save the Panda scan log and the BitDefender log and post them back here please with a new Hijackthis log.

Thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 02-09-2005, 09:45 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 11
m223453 Is a beginner here at D-A-L
Re: The dreaded blue searchbar
Hello Neal

Thanks a lot for the advice, just got in from a 14hr shift, so I will have a go at this lot 2morrow. I haven't got access to another computer online, so is it ok to download to this computer? I already have Trend micro internet security, so wiil use their housecall.
Once again, many thanks.

Craig
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 03-09-2005, 03:25 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 11
m223453 Is a beginner here at D-A-L
Re: The dreaded blue searchbar
Neal

Hello again. I have done as you asked, and here's the results.

Logfile of HijackThis v1.99.1
Scan saved at 15:16:27, on 03/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.ex e
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Craig\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fmkypsnaxsjnlqfrxcwatermw...oHBwbhB5N.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: zyxdotrcytbhemfcwjlb - {99ccfe22-9dc6-4759-99f3-90fad22fbc2a} - C:\DOCUME~1\Craig\APPLIC~1\vcklriqtr.dll (file missing)
O2 - BHO: (no name) - {A398B486-60F8-2170-B2CF-3A25A42F913E} - C:\DOCUME~1\Craig\APPLIC~1\SoftAmok\Mathfor.exe (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [m.exe] C:\documents and settings\craig\local settings\temp\m.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GPBgR.exe] C:\documents and settings\craig\local settings\temp\GPBgR.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\pcsync2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\New Folder\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodat...datePortal.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


Incident Status Location

Virus:Trj/Downloader.ENA Disinfected Operating system
Adware:adware/statblaster No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WildApp.inf
Adware:adware/topspyware No disinfected C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp
Adware:adware/navhelper No disinfected C:\WINDOWS\nxstinst.exe
Spyware:spyware/searchcentrix No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Windows AdTools\WinAdTools.txt
Adware:Adware/WUpd No disinfected C:\Program Files\Windows AdTools\WinRatchet.txt
Adware:Adware/WUpd No disinfected C:\Program Files\Windows AdTools\WinWrench.dll
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc17.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc18.exe
Virus:Trj/Downloader.CUP Disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc21.tmp
Virus:Trj/Downloader.CUP Disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc22.tmp
Virus:Trj/Downloader.CUP Disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc23.tmp
Virus:Trj/Downloader.CUP Disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc24.tmp
Virus:Trj/Downloader.CUP Disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc25.tmp
Virus:Trj/Downloader.CUP Disinfected C:\RECYCLER\S-1-5-21-515967899-1547161642-839522115-1003\Dc26.tmp
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\BridgeX.inf
Adware:Adware Program No disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Adware:Adware/NavHelper No disinfected C:\WINDOWS\nxstinst.exe
Adware:Adware/NavHelper No disinfected C:\WINDOWS\remover.dll
I will have to put BitDefender Scan results on another reply.

Is MSN messenger7 a threat to the system, as my daughter always uses it.

Craig
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 03-09-2005, 03:26 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 11
m223453 Is a beginner here at D-A-L
Re: The dreaded blue searchbar
Neal

The BitDefender report

C:\Program Files\Windows AdTools\WinWrench.dll


Detected with: Adware.Winad.A

C:\Program Files\Windows AdTools\WinWrench.dll


Disinfection failed

C:\Program Files\Windows AdTools\WinWrench.dll


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP240\A0275293.exe


Infected with: Trojan.Downloader.Swizzor.DF

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP240\A0275293.exe


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP240\A0275293.exe


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP243\A0278915.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP243\A0278915.exe


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP243\A0278915.exe


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281485.exe


Infected with: Trojan.Downloader.Swizzor.DF

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281485.exe


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281485.exe


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281487.exe


Infected with: Trojan.Downloader.Swizzor.DH

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281487.exe


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281487.exe


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281537.exe


Infected with: Trojan.Lopad.C

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281537.exe


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281537.exe


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281597.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281597.exe


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281597.exe


Deleted

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281606.dll


Detected with: Adware.Winad.A

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281606.dll


Disinfection failed

C:\System Volume Information\_restore{9686B02B-9FA6-4431-B1CB-C6AC7F37E6A2}\RP247\A0281606.d

Thanks again
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 03-09-2005, 08:20 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: The dreaded blue searchbar
Hey there,

If Messenger7 is from Microsoft it should be fine.

Make sure you can see hidden files.
In Windows XP
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
After you're cleaned, please "rehide" them again.

Download CCleaner from here:
http://www.majorgeeks.com/download4191.html
or here:
http://www.filehippo.com/download_ccleaner.html

Please don't run the tool yet
Install it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

1.Uncheck "Cookies" under "Internet Explorer".

2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Now run the CCleaner tool useing only the windows tab please.

While still in safe mode go after all the NO DISINFECTS in the Panda scan log you can find and delete them, CCleaner should get rid of some of them for you. If you can't find one just skip it and move on to the next one please.

Examples: C:\WINDOWS\DOWNLOADED PROGRAM FILES\WildApp.inf < delete this file

C:\WINDOWS\nxstinst.exe < file

C:\Program Files\Windows AdTools < folder

Reboot normal mode and post a new HJT log please.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 04-09-2005, 02:20 AM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 11
m223453 Is a beginner here at D-A-L
Re: The dreaded blue searchbar
Hi Neal

Thanks for getting back. Used Ccleaner, but after analyze, when I clicked on Run Cleaner, it crashed the PC. This happened 3x. Anyhow did all the other things but only managed to delete about 4 things off the panda log. Couldn't find the rest, or the long recycler one from lop started deleting but then stopped, saying that it is being used by another program. ( i unchecked the read only box as well) Here's the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 02:11:29, on 04/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.ex e
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\Documents and Settings\Craig\Desktop\hijackthis.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fmkypsnaxsjnlqfrxcwatermw...oHBwbhB5N.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: zyxdotrcytbhemfcwjlb - {99ccfe22-9dc6-4759-99f3-90fad22fbc2a} - C:\DOCUME~1\Craig\APPLIC~1\vcklriqtr.dll (file missing)
O2 - BHO: (no name) - {A398B486-60F8-2170-B2CF-3A25A42F913E} - C:\DOCUME~1\Craig\APPLIC~1\SoftAmok\Mathfor.exe (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [m.exe] C:\documents and settings\craig\local settings\temp\m.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GPBgR.exe] C:\documents and settings\craig\local settings\temp\GPBgR.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\pcsync2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\New Folder\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodat...datePortal.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Really appreciate yr effort.

Craig
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 04-09-2005, 03:19 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: The dreaded blue searchbar
Okey dokey,

Let's kill LOP right now.


Run both of these uninstallers

Download both these uninstallers...and run them


http://lop.com/new_uninstall.exe

http://lop.com/toolbar_uninstall.exe

Save to your desktop and then run them.

Reboot into safe mode and try CCleaner again. Thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 06-09-2005, 11:20 AM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 11
m223453 Is a beginner here at D-A-L
Re: The dreaded blue searchbar
Hello Neal

I ran those two uninstallers, thanks, but Ccleaner still wont run in safe mode. It keeps crashing the computer. Anyhow, here is the latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:06, on 06/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.ex e
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Craig\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: zyxdotrcytbhemfcwjlb - {99ccfe22-9dc6-4759-99f3-90fad22fbc2a} - C:\DOCUME~1\Craig\APPLIC~1\vcklriqtr.dll (file missing)
O2 - BHO: (no name) - {A398B486-60F8-2170-B2CF-3A25A42F913E} - C:\DOCUME~1\Craig\APPLIC~1\SoftAmok\Mathfor.exe (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [m.exe] C:\documents and settings\craig\local settings\temp\m.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GPBgR.exe] C:\documents and settings\craig\local settings\temp\GPBgR.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\pcsync2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\New Folder\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodat...datePortal.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Thank you for your patience and time.

Craig
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 06-09-2005, 08:29 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: The dreaded blue searchbar
Hi again,

Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[RESOLVED] Dreaded CiD & Malware rasta114 Spyware, Adware, Viruses and HijackThis Logs 8 23-09-2008 06:05 PM
Mozilla. Babylon Searchbar yoipico General Internet Issues and Questions 3 27-05-2008 12:01 AM
Starting Up leads to Dreaded Blue Screen with White Writing mr_film Windows XP Help 4 13-03-2006 01:23 AM
eXact searchbar (RESOLVED) mikeyboy Spyware, Adware, Viruses and HijackThis Logs 2 01-01-2006 03:07 PM
Dreaded About:Blank, HijackThis Log BarbiePhish Spyware, Adware, Viruses and HijackThis Logs 21 02-07-2005 10:04 PM


All times are GMT +1. The time now is 09:41 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav