|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
November 8th, 2003, 12:18 AM
|
|||
|
|||
STUPID SEARCH BAR!!
ok, how do i get rid of this stupid search bar....
im used to just typing my search in on the standard address bar.. but now when i do it, it comes up with something called "Search The Web" and instantally tries to download C2.lop, but luckly my spybot detects it and asks if i want to block it... but still its annoying when i right click on my ie bar to where i can take off extra bars... it comes up as "reaaaoadooo" its just stupid, and i have ran ad-aware and spybot and i dont know how to get rid of it.. so does anyone have any suggestions? Thank you
__________________
This Was A Message From Heath, Please Enjoy It... Thank You |
|
#2
November 8th, 2003, 12:35 AM
|
||||
|
||||
|
Re:STUPID SEARCH BAR!!
Hello Heath
Download HijackThis! and run it. Do not change or delete anything yet. Simply post the whole outcome here and someone will advise on the next steps. Best wishes
__________________
HMSS Q Section Visualise World Righteousness Semper Ad Fundum Careers in the SECRET INTELLIGENCE SERVICE <--Click link for more information |
|
#3
November 8th, 2003, 12:43 AM
|
|||
|
|||
|
Re:STUPID SEARCH BAR!!
i swear i post one of theese every other day... lol
Logfile of HijackThis v1.97.3 Scan saved at 11:42:43 PM, on 11/7/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\DLA\install\tfswctrl.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Norton Internet Security\IAMAPP.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe C:\Program Files\Norton Utilities\SYSDOC32.EXE C:\DOCUME~1\Owner\LOCALS~1\Temp\Zxc4D.exe C:\Documents and Settings\Owner\Desktop\tools to clean computer\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\Program Files\DLA\install\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [eezoul] C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe -QuieT O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
__________________
This Was A Message From Heath, Please Enjoy It... Thank You |
|
#4
November 8th, 2003, 12:44 AM
|
|||
|
|||
|
Re:STUPID SEARCH BAR!!
AH HA, i just saw it, so now i wont have much problems anymore, i finally understand... lol
thanx tho
__________________
This Was A Message From Heath, Please Enjoy It... Thank You |
|
#5
November 8th, 2003, 12:54 AM
|
|||
|
|||
|
Re:STUPID SEARCH BAR!!
AAAAAAHHHHHHHHH....
i told you it was a stupid search bar... i got rid of ... O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll Thoes Two.. then opened the internet explorer.. and it was gone..!! but then my computer started messing up.. and i restarted it... and then i opened my interntet explorer... my homepage is yahoo... and DUM DUM DUM!!!! THERE IT WAS!!!!!!!!!! IT CAME BACK!!!! WHAT DO I DO!!!
__________________
This Was A Message From Heath, Please Enjoy It... Thank You |
|
#6
November 8th, 2003, 04:33 AM
|
||||
|
||||
|
Re:STUPID SEARCH BAR!!
Hi Heath,
You were almost there  Have only HijackThis running while staying offline and fix the following : O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll O4 - HKLM\..\Run: [eezoul] C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe -QuieT Reboot the PC after doing so and remove : C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe <- this file Hope this helps, Cheers,
__________________
TonyKlein's "How can I be better protected?" |
|
#7
November 8th, 2003, 12:25 PM
|
|||
|
|||
|
Re:STUPID SEARCH BAR!!
Okay, i did the first 3... then restarted, but then i ran it again... and that file wasnt there...
C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe That File Just Wasnt There, So I Opened My Internet Explorer, and it was gone... so.. hopefully that took care of it.. Thanks -Heath
__________________
This Was A Message From Heath, Please Enjoy It... Thank You |
|
#8
November 9th, 2003, 06:00 PM
|
||||
|
||||
|
Re:STUPID SEARCH BAR!!
Hi Heath,
Good job cleaning up Just to make sure the steoeaae.exe file is really gone (it's not running anymore, but i'll feel better if it's cleaned as well  )Make sure you have enabled 'Show hidden files and folders' Here's how to that in XP Can you recheck after doing so, to see the file is there or not? If so, rightclick + delete. Thanks! Cheers,
__________________
TonyKlein's "How can I be better protected?" |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
