Searchbar popup! need help!

Discussion in 'adware, spyware & hijack cleaning' started by caltuga, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. caltuga

    caltuga Registered Member

    Joined:
    May 23, 2004
    Posts:
    10
    Hi, my web homepage keep having this "http://mysearchnow.com/passthrough/index.html?" stuck to the address and there is a search bar that keeps appearing on the page itself. Sometimes it gets worst and the computer seems to freeze when I open internet explorer. I've tried Adaware but it keeps coming back. Here it the logfile from HijackThis. Thanks.

    Logfile of HijackThis v1.97.7
    Scan saved at 16:47:21, on 15-07-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\Math dumb cake\Part User.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Proprietário\Definições locais\Temporary Internet Files\Content.IE5\A8QLN9CG\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.lpn.pt/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FE993D47-EBD4-EDCB-B681-9B13CAF7685B} - C:\PROGRA~1\SCRNEW~1\LiesMail.dll
    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
    O3 - Toolbar: Bat Roam Bags - {4962AE1E-62FB-8CAA-235A-B5D357E1F2E2} - C:\PROGRA~1\SCRNEW~1\LiesMail.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Corn Build] C:\PROGRA~1\Math dumb cake\Part User.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\programas\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programas\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\programas\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. caltuga

    caltuga Registered Member

    Joined:
    May 23, 2004
    Posts:
    10
    Hi, I still haven´t had any reply and I would really like someone to give me a hand with this if it is not any trouble. Thanks.

    Caltuga.
     
  3. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    If you still need help, just post back. If you do, you are running hijackthis out of a temporary directory. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis creates backups and we would like the backups to not be in the Temp folder.
     
Thread Status:
Not open for further replies.