Annoying blue toolbar

Discussion in 'adware, spyware & hijack cleaning' started by latindude, Jun 21, 2004.

Thread Status:
Not open for further replies.
  1. latindude

    latindude Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    2
    Hi, I got this blue toolbar in my Internet Explorer and I've run Spybot but I still couldn't get rid of it. This is my log:

    Logfile of HijackThis v1.97.7
    Scan saved at 12:02:29 PM, on 6/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\hijackthis\hijackthis.exe
    C:\Documents and Settings\LatinDude\Desktop\hjtlog.exe
    c:\hijackthis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {CABA2204-67FE-AD8C-8B62-F79C74C7AD0D} - C:\PROGRA~1\SIZEIN~1\rule hole.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: dead more - {89B1DAA7-84DB-5D19-77A6-1393B0AD2620} - C:\PROGRA~1\SIZEIN~1\rule hole.dll
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/303428389650d3a76417/netzip/RdxIE601.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38125.3420023148
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab



    Thank you,

    Angel
     
  2. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    hi
    close all windows except hijackthis, tick the boxes next to these lines and click FIX:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

    O2 - BHO: (no name) - {CABA2204-67FE-AD8C-8B62-F79C74C7AD0D} - C:\PROGRA~1\SIZEIN~1\rule hole.dll

    O3 - Toolbar: dead more - {89B1DAA7-84DB-5D19-77A6-1393B0AD2620} - C:\PROGRA~1\SIZEIN~1\rule hole.dll

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3038/9b4283...ip/RdxIE601.cab


    i'd uninstall messengerplus, i suppose it was the source of this

    you've run spybot, why not try
    ADAWARE

    1. Download and install Adaware (free edition) . (Click on "Adaware" in the left-hand column near the top at their website to download the free edition.)

    2. Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

    3. Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list

    4. Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

    1. In the ‘General’ window make sure the following are selected:
    · Automatically save log-file
    · Automatically quarantine objects prior to removal
    · Safe Mode (always request confirmation)

    2. Click on the ‘Scanning’ button on the left and select :
    · Scan Within Archives
    · Scan Active Processes
    · Scan Registry
    · Deep Scan Registry
    · Scan my IE favorites for banned URL’s
    · Scan my Hosts file
    · Under ‘Click here to select drives + folders’, choose:
    · All of your hard drives

    3. Click on the ‘Advanced’ button on the left and select:
    · Include additional process information
    · Include additional file information
    · Include environment information
    · Include additional object details

    4. Click the ‘Tweak’ button and select:
    · Under the ‘Scanning Engine’:
    · Unload recognized processes during scanning
    · Include basic Ad-aware settings in logfile
    · Include additional Ad-aware settings in logfile
    · Under the ‘Cleaning Engine’:
    · Let Windows remove files in use at next reboot

    5. Click on ‘Proceed’ to save the settings.

    6. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page and then choose:
    · Use Custom Scanning Options

    7. Click ‘Next’ and AdAware will scan your hard drive(s) with the options you have selected.

    8. Save the log file when it asks and then click ‘finish’

    9. REBOOT

    post a fresh log when done
     
  3. latindude

    latindude Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    2
    hi!
    thank you very much!
     
Thread Status:
Not open for further replies.