New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 24)
· Marcia's (CO8)
· Bill G's (CO12)
· Paul's (AR 5)
· Robin's (AR 2)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1180
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsFavForums 

Search assistant.net spyware can't remove
Goto page Previous  1, 2
 
Post new topic   Reply to topic       All -> FavForums -> Spyware - Guests
View previous topic :: View next topic  
Author Message
Guest








PostPosted: Fri Jun 04, 2004 3:37 am    Post subject:
Reply with quote

jedibratt wrote:
I just dont get it. Why the hell is this nation so hell bent on <A TITLE="Click for more information about spam" STYLE="text-decoration: none; border-bottom: medium solid green;" HREF="http://search.targetwords.com/u.search?x=5977|1||||spam|AA1VDw">spam</A>?? The real problem is the one that you CANT SEE, spy/<A TITLE="Click for more information about adware" STYLE="text-decoration: none; border-bottom: medium solid green;" HREF="http://messagebroadcaster.net/bannerfarm/link/sw/sw.htm">adware</A>. I guess your average Joe cluelessaboutcomputers doesnt fight what he cant see. Unfortunately, for the rest of us who know something, it is a constant battle, to have to LOCATE, and remove this malicious crap. Thank you Walt Rines from Odysseus marketing, the vilinous mastermind behind searchassistant, yet another moneymaking scheme. Why our congress doesnt care about this crap is unreal. Tell me, how is it legal for you to observe my url, visiting different websites, in anticipation that I may make money for YOU??!?!?Then, WITHOUT MY APPROVAL, you graciously leave something that "I might need or enjoy", waiting there on my desktop. How convieniant!

So is it ok for me to sit in my <A TITLE="Click for more information about car" STYLE="text-decoration: none; border-bottom: medium solid green;" HREF="http://search.targetwords.com/u.search?x=5977|1||||cars|AA1VDw">car</A> waiting for you to leave home, then follow you around to see where you shop, and what places you visit, then I'll race to your home, and leave a bunch of ads for flyers of the places that you visited earlier(and similar ones associated with me), in the hopes that you might pay for one of their services?? Is that legal, cause it sounds alot like stalking.

Evil or Very Mad INVASION OF PRIVACY IS ILLEGAL D|CKHEAD!!!!! Evil or Very Mad
Back to top
jefftfall

Guest






PostPosted: Fri Jun 04, 2004 8:29 pm    Post subject:
Reply with quote

RE: My post on Tue Jun 01, 2004 10:01 pm Post subject: Search Assistant

Does anyone have an answer for me as to how to get rid of this Search the Web toolbar in Taskbar?

I have got rid of any suspicious entries using HJT and rebooted but the Search Assistant toolbar is still there.

I have backed up my Registry and gone into regedit and done Edit, Find looking for any suspicious entry using various search terms such as:
My Web, My Way, Search Assistant, Fun Web etc and deleted them and rebooted but the Search Assistant toolbar is still there.

Below is my current HJT log:
Logfile of HijackThis v1.97.7
Scan saved at 10:23:12 AM, on 5/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optusnet.com.au/
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: ConferenceRoom Java Client - http://olapps.qut.edu.au:8080/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/...1/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winp...ficate.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/sh.../swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/...1741769427
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/...acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/o...winrep.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda...t/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90...scan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_do...Button.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...2750925926
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/part...nstall.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto...dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup...mAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup...veData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l...cfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.compani..._1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Can anyone please give me some advice on what to do to get rid of this annoying search toolbar in my Taskbar?

Do I need to reboot into SafeMode and delete/modify/do anything?

Any real help will be appreciated.

Jeff
Back to top
Guest








PostPosted: Sat Jun 05, 2004 1:46 am    Post subject:
Reply with quote

Re: My last post: RE: My post on Tue Jun 01, 2004 10:01 pm Post subject: Search Assistant

I deleted the following entry using HJT:
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

I went into Add/Remove Programs and deleted a program called Windows SA, then I went into Windows Explorer, Program Files and found the Windows SA folder and deleted it and emptied the Recycle Bin. Immediately upon doing this, up popped a web page BlazeFind.com which I copied and pasted to a Word doc and I then closed down the web page. I rebooted and noticed that the text in the search box now said Search Here instead of Search the Web.

I did a search for any file/folder with 'blaze' as the file name or part of and I found an entry in Spybot Recovery. I deleted that entry and emptied the Recycle Bin.

I then rebooted into SafeMode, logged on as Administrator and thoroughly searched for any trace of 'blaze' or 'Windows SA'. I found a reference to Windows SA in a folder called Prefetch, so I deleted that and emptied the Recycle Bin.

I rebooted and the search toolbar did not load itself into my Taskbar, however if I right-click on the Taskbar and go to Toolbars, the Search Assistant is still there as an option to tick but I dare not.

Does anyone have any suggestions as to how to remove it as an option from the Toolbars when I right-click on the Taskbar?

Jeff
Back to top
jefftfall

Guest






PostPosted: Sat Jun 05, 2004 7:01 am    Post subject: Search Assistant
Reply with quote

I have now succeeded in getting rid of the search toolbar in my Taskbar.

To get rid of it:

Back up your Registry first !!!

Use HJT to delete these entries if you have them:

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

Then go into Add/Remove Programs and delete a program called Windows SA (if you have it), then go into Windows Explorer, Program Files and find the Windows SA folder and delete it and empty the Recycle Bin. Immediately upon doing this, you will probably get a web page opening up by itself - it will be BlazeFind.com, just close it.

Do a search for any file/folder with 'blaze' as the file name or part of and if you have used Spybot you may find an entry in Spybot Recovery. If so, delete that entry. Then do a search for any trace of 'Windows SA' and if any find any, delete them.

Then follow my instructions from my last post (Sat Jun 05, 2004 1:46 am) and in addition do this:

Find and delete a file called UnstSA2.exe and another file called key2.txt and (if you have it) a file called 2_0_1browserhelper2.dll. I only had the first 2 files. Empty the Recycle Bin.

Then open up regedit, find and delete these keys (if you have them - I didn't find them in my registry):
HKEY_CLASSES_ROOT\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}

Also while in regedit, look for any suspicious entry using various search terms such as: My Web, My Way, Search Assistant, Fun Web etc and delete them.

Next run Adaware (Active in-depth scan) and delete anything to do with BlazeFind or VX2. (Ensure that you have the latest Adaware updates first.) Adaware found several BlazeFind entries and a few VX2 in mine - just delete them. Then reboot and you should have got rid of the search toolbar in Taskbar. Check by right-clicking on the Taskbar, go to Toolbars and the Search Assistant should be gone !!!

Hope this helps you all as I have found by doing a few Google searches that there are there are quite a lot of users out there with this same problem.

Regards
Jeff
P.S. I am an I.T. student planning to start my own business diagnosing, troubleshooting, optimising and networking home computers and this has been an invaluable experience for me.
Back to top
guest

Guest






PostPosted: Mon Jun 14, 2004 3:58 pm    Post subject:
Reply with quote

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe


that looks bad
but im a spyware nub
Back to top
jefftfall

Guest






PostPosted: Mon Jun 14, 2004 6:58 pm    Post subject: spyware - search assistant
Reply with quote

guest

Thats why I got rid of it.

The "SA" is short for Search Assistant.
The same goes for "wsaupdater" - it is short for Windows Search Assistant updater.
My previous post gives advice on how I did achieve permanent removal of that annoying Search Assistant from my Taskbar.

Regards
Jeff
Back to top
nadav bitton

Guest






PostPosted: Tue Jun 15, 2004 5:23 pm    Post subject: remove search assistant
Reply with quote

k boys
this is how u remove search assistant.
first u go to c:\windows\prrogram file and go in to windowssa folder
there are 3 file there u cannt remove them yet.
what u do is rename them (no matter to what name)
then u open the task manager there are proccess there that are search assistant. remove those they have the same name as the files on the
windows folder
then u remove the windowssa from add/remove program.

when restarting the computer u will b free from search assistant
Back to top
eamo

Guest






PostPosted: Thu Jun 17, 2004 8:11 am    Post subject:
Reply with quote

Thanks nadav bitton
That worked for me!

Im not FREE of that dam Search Assistant!!
Back to top
janix

Guest






PostPosted: Thu Jun 17, 2004 3:30 pm    Post subject:
Reply with quote

anybody know how to fix this? it's really annoying and i've done everything i could to get rid of it.
Back to top
Jethro

Guest






PostPosted: Fri Jun 18, 2004 12:16 pm    Post subject:
Reply with quote

h**p://www.180searchassistant.com/uninstall/uninstall1.aspx?ClientId=189390497&ProductId=378

Is the uninstall site and how I removed mine
Back to top
jefftfall

Guest






PostPosted: Sat Jun 19, 2004 8:57 pm    Post subject: Search Assistant
Reply with quote

eamo and janix

If you want to get rid of the Search Assistant in your Taskbar, read my post which is on this same Thread. My post was posted: Sat Jun 05, 2004 7:01 am Post subject: Search Assistant (it is four posts before eamo's post)

I suggest that you read my post and then run HJT and post your log here for members viewing. If you require any instructions, please ask.

Regards
Jeff
Back to top
slippy666

Guest






PostPosted: Wed Jun 23, 2004 5:01 pm    Post subject: fuckin shit
Reply with quote

i tried to get rid of this little fucker and my machine just went to shit

everytime i logged on it was logging off

little bastard

beware this will fuck your machine up

so be carefull
Back to top
Guest

Guest






PostPosted: Fri Jun 25, 2004 12:40 pm    Post subject:
Reply with quote

Thanks a lot Jeff... my dum sis installs all this retarded crap onto my machine, and that fagging toolbar was one of them. Finally, it is gone. ^___^
Back to top
PLZ help

Guest






PostPosted: Sat Jun 26, 2004 2:53 pm    Post subject:
Reply with quote

Done delete : wsaupdater.exe
Cant delete : C:\Program Files\WindowsSA

Add remove : done

still this crapy working plz help Sad(

Logfile of HijackThis v1.97.7
Scan saved at 19:57:43, on 26/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\EmEditor\emedtray.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr_.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\3l3x4\My Documents\DOWNLOADZ\hijackthis1977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://go.microsoft.com/fwlink/?LinkId=17
F0 - system.ini: Shell=
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {44AF5221-A43E-224E-56BA-ABCD43C344D1} - C:\PROGRA~1\MAGELL~1\DOWNLO~1\dboostie.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Inst...S_live.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://c:\program files\internet explorer\plugins\awswaxf.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/197d9b5a762...xIE601.cab
O16 - DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} (ActiveFormX Control) - file://C:\Program Files\Intelore\AnimatedDesktop\advThemes\WorkDir\31787387\Files\ActiveFormProj1.inf
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004...scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me...Client.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://michaellubelle.bounceme.net/tsweb/msrdp.cab
O16 - DPF: {91285EE6-F2ED-11D4-B38C-0050BAE63BA3} (Mediaphora Agent) - http://www.mediaphora.com/cab/quixel.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...1696412037
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC5EA78-1520-44B3-9E38-4455ED458A27}: NameServer = 194.168.4.100 194.168.8.100
Back to top
limabeans

Guest






PostPosted: Sat Jun 26, 2004 9:29 pm    Post subject: Re: fuckin shit
Reply with quote

slippy666 wrote:
i tried to get rid of this little fucker and my machine just went to shit
everytime i logged on it was logging off
little bastard
beware this will fuck your machine up
so be carefull


slippy can you please help me? i followed the steps here to remove search assistant and i think i ran into the same problem you did. i cant log into any of the accounts on my winxp at all, it just logs off right away. anyone know how to solve this? Thanks for your time.
Back to top
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Spyware - Guests All times are GMT - 5 Hours
Goto page Previous  1, 2
Page 2 of 2

 
 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops