Revop C

Discussion in 'adware, spyware & hijack cleaning' started by julescuk, May 12, 2004.

Thread Status:
Not open for further replies.
  1. julescuk

    julescuk Registered Member

    Joined:
    May 6, 2004
    Posts:
    9
    Location:
    Newcastle England
    Hi
    I followed your instructions below is a copy of my hijack i am using windows 2000 can some one please help as it is driving me mad
    Many thanks
    :'(
    Logfile of HijackThis v1.97.7
    Scan saved at 15:20:51, on 12/05/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LXSUPMON.EXE
    C:\Program Files\Open Site\opnste.exe
    C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
    C:\PROGRA~1\Save\Save.exe
    C:\Program Files\Sysmnt\ssmgr.exe
    C:\Program Files\webHancer\Programs\whAgent.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\WINNT\FSScrCtl.exe
    C:\WINNT\system32\RUNDLL32.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\Rem81.exe
    C:\WINNT\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Documents and Settings\Julie Charlton\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O1 - Hosts: 212.33.69.3 js1.hitbox.com
    O1 - Hosts: 212.33.69.3 stats.hitbox.com
    O1 - Hosts: 212.33.69.3 pagead2.googlesyndication.com
    O1 - Hosts: 212.33.69.3 m1.nedstatbasic.net
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} - C:\WINNT\DOWNLO~1\geniebar.dll
    O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINNT\system32\sfg5062.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\CONFLICT.1\bridge.dll
    O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4a\NHelper.dll
    O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRA~1\WEBHAN~1\programs\whiehlpr.dll
    O2 - BHO: (no name) - {DE614603-6320-4046-A7A7-6A69CEC26F14} - (no file)
    O2 - BHO: (no name) - {E1EDD3CF-F52F-84FE-FF94-32F5C826F777} - C:\PROGRA~1\CAKERE~1\FunkPart.dll
    O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A0E4-EA6FA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrscuz2.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-gb\msntb.dll
    O3 - Toolbar: GENIEBAR - {4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} - C:\WINNT\DOWNLO~1\geniebar.dll
    O3 - Toolbar: owns move - {97A42810-B57E-61B9-3F57-68D3A71D5592} - C:\PROGRA~1\CAKERE~1\FunkPart.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
    O4 - HKLM\..\Run: [Popup Blocker Updater] regsvr32 /s C:\WINNT\system32\sfg5062.dll
    O4 - HKLM\..\Run: [WinService32] C:\Program Files\Sysmnt\ssmgr.exe
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Size noun] C:\PROGRA~1\FLAWST~1\dupe logo joy.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\CONFLICT.1\bridge.dll",Load
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
    O9 - Extra button: Erotic (HKLM)
    O9 - Extra 'Tools' menuitem: Erotic... (HKLM)
    O9 - Extra button: Turn on/off ToolButton (HKLM)
    O9 - Extra button: eBay Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Voiceglo directory (HKLM)
    O9 - Extra 'Tools' menuitem: Popup Blocker Options (HKLM)
    O9 - Extra button: IQ Test (HKLM)
    O9 - Extra 'Tools' menuitem: IQ Test... (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Search cracks at CrackSpider.NET (HKCU)
    O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET (HKCU)
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} - http://www.thepaymentcentre.com/build/preload.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843003.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} (GENIEBAR) - http://www.smartgenie.com/geniebar.cab
    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1627b6337fb824609806/netzip/RdxIE601.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v45/blockwerx/blockwerx.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://infinity.n-case.com/newgrounds/resources/nCaseInstaller.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46/collapse/collapse.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37939.0506365741
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://82.196.8.135/tools/FlipsideWebLauncherControl.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\IntraLaunch.CAB
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/v41/golfsol/golfsol.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4322/mcfscan.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/9891/toolbar/2020Search.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi julescuk,

    Your log is about the best reason to install SpywareBlaster that I have ever seen.

    First Uninstall WhenUSave aka SaveNow aka Save! under Add/Remove Software.

    Before you start using HijackThis please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O1 - Hosts: 212.33.69.3 js1.hitbox.com
    O1 - Hosts: 212.33.69.3 stats.hitbox.com
    O1 - Hosts: 212.33.69.3 pagead2.googlesyndication.com
    O1 - Hosts: 212.33.69.3 m1.nedstatbasic.net

    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll

    O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINNT\system32\sfg5062.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\CONFLICT.1\bridge.dll
    O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4a\NHelper.dll
    O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRA~1\WEBHAN~1\programs\whiehlpr.dll
    O2 - BHO: (no name) - {DE614603-6320-4046-A7A7-6A69CEC26F14} - (no file)
    O2 - BHO: (no name) - {E1EDD3CF-F52F-84FE-FF94-32F5C826F777} - C:\PROGRA~1\CAKERE~1\FunkPart.dll

    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A0E4-EA6FA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrscuz2.dll

    O3 - Toolbar: owns move - {97A42810-B57E-61B9-3F57-68D3A71D5592} - C:\PROGRA~1\CAKERE~1\FunkPart.dll

    O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe

    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
    O4 - HKLM\..\Run: [Popup Blocker Updater] regsvr32 /s C:\WINNT\system32\sfg5062.dll
    O4 - HKLM\..\Run: [WinService32] C:\Program Files\Sysmnt\ssmgr.exe
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

    O4 - HKLM\..\Run: [Size noun] C:\PROGRA~1\FLAWST~1\dupe logo joy.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\CONFLICT.1\bridge.dll",Load
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess

    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
    O9 - Extra button: Erotic (HKLM)
    O9 - Extra 'Tools' menuitem: Erotic... (HKLM)

    O9 - Extra button: Search cracks at CrackSpider.NET (HKCU)
    O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET (HKCU)
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab

    O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab

    O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} - http://www.thepaymentcentre.com/build/preload.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843003.cab

    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/Install.cab

    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab

    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1627b6337fb824609806/netzip/RdxIE601.cab

    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://infinity.n-case.com/newgrounds/resources/nCaseInstaller.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge.cab

    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://82.196.8.135/tools/FlipsideWebLauncherControl.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab

    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab

    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab

    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab

    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/9891/tool...ww.wilderssecurity.com/showthread.php?t=15913

    Can you tell me if yo9u installed this Geniebar voluntarily?
    If not you can add these to the list of the items to be fixed:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} - C:\WINNT\DOWNLO~1\geniebar.dll
    O3 - Toolbar: GENIEBAR - {4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} - C:\WINNT\DOWNLO~1\geniebar.dll
    O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD69BD9BBF3A} (GENIEBAR) - http://www.smartgenie.com/geniebar.cab

    Regards,

    Pieter
     
  3. julescuk

    julescuk Registered Member

    Joined:
    May 6, 2004
    Posts:
    9
    Location:
    Newcastle England
    Thank you very much for your help I am not very clever at doing technical things to pcs but your instructions were very clear and precise and guess what it worked revop c has dissappeared from my pc many thanks i will recommend this site without a doubt once again many thanks
    :D :D :-*
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.