Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

searchweb2 help needed


  • Please log in to reply
3 replies to this topic

#1 nokimos

nokimos

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 09 September 2005 - 03:04 PM

Hi there....hope I am doing this right....

I have been hit by that annoying searchweb2 thing as well. I am almost to the point of taking the computer in to be fixzed, but thought I'd see if anyone here can help me get rid of it first. I hope I have saved the log right by highjack this:

I have already uninstalled the messenger plus through add/remove but am still stuck with the tool bar and pop ups.

Logfile of HijackThis v1.99.1
Scan saved at 3:54:10 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\highjackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [logo cool store this] C:\Documents and Settings\All Users\Application Data\amen one logo cool\ARMY THIRD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\RunServices: [Windows iMessenger Messenger] winimsg.exe
O4 - HKCU\..\Run: [Windows iMessenger Messenger] winimsg.exe
O4 - HKCU\..\Run: [4five] C:\DOCUME~1\Paula\APPLIC~1\knobnurb\meal start.exe
O4 - HKCU\..\RunServices: [Windows iMessenger Messenger] winimsg.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slot...a-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.2.2.51/roul...e-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.5.42/domi...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.28/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.0.30/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hear...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.2.32/jigs...w-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.1.33/mahj...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlsl...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.5.28/free...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.2.25/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.2.5.42/pira...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.3.27/popp...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.42/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/popp...t-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spad...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.1.26/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.0.46/sque...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.1.26/jumb...e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.2.25/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.3.2.32/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb17.pogo.com/game/deluxe/insa...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E48E74-32B0-497B-8CBD-202D5B0533D9}: NameServer = 207.61.64.103 209.167.105.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

BC AdBot (Login to Remove)

 


m

#2 scotia

scotia

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 09 September 2005 - 03:31 PM

follow what they have here to remove your new.net problem

http://www.newdotnet.com/removal.html

did you run spybot and adaware

#3 nokimos

nokimos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 09 September 2005 - 09:26 PM

Hi there,
I have run adaware, but don't have spybot. This is something I should have I assume? Thanks for the link.....I'll look into the spybot thing in the morning.

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:01:46 AM

Posted 09 September 2005 - 10:54 PM

You still have a serious malware infection.

Open Adaware, update it and run a full system scan from safe mode. Set it to fix what it finds.

Download, install, UPDATE and run Spybot Search and Destroy. Also set it to fix what it finds.
Spybot S&D: http://www.safer-networking.org/en/index.html

After you have done that post a Hijack This log in the appropriate place in our forum.

Read the pinned post in our “HijackThis” forum, here
Carefully read and follow all directions explicitly.

Following instructions run a log, and post it in the appropriate HJT forum, at this link.

Do not as yet attempt to fix anything by yourself using Hijack This.

A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a short period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Pleasebe patient as this team is manned by volunteers. They will help you as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum until you get a response from a member of our HJT expert team.

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking to see if a reply has been made might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users