Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search bar (lop I guess...) 1

Status
Not open for further replies.
LamaBonga

LamaBonga

Vendor
Feb 27, 2005
3
BE
Hello,

Kids have surfed a bit everywhere :-(
I have a search bar that comes always back after reboot, even after treatment with norton, adaware, spybot...

Here is an Hijackthis LogFile. I would delete first one
"R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
but not sure if sth else would be also deleted.

Thanks a lot in advance for your help.

Erik
(Belgium)

Logfile of HijackThis v1.99.1
Scan saved at 21:55:16, on 27/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53594A93-62BF-E1DE-D8D4-FF79329A46B3} - C:\DOCUME~1\acer\APPLIC~1\MULTII~1\Settingsdog.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Wipe Flaw Inside City] C:\Documents and Settings\All Users\Application Data\bowslovewipeflaw\Flawwave.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\acer\APPLIC~1\HOPEME~1\film dumb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Sort by date Sort by votes
Hi, the entry: O4 - HKLM\..\Run: [Wipe Flaw Inside City] C:\Documents and Settings\All Users\Application Data\bowslovewipeflaw\Flawwave.exe seems suspect to me. No google on the flawwave.exe...

Give a try to MS-Antispyware beta1, you'll be surprised!



Hope this helps. Please let know if this resolve your issue

Jeff
 
Upvote 0 Downvote
Hello JF,

Well, first entry + "flawwave" deleted with HighjackThis. But the first entry is still coming back at each start of windows internet explorer.

Have tried Microsoft Antispyware. It detects immediatly Lop-Omega search bar, warns that the search bar is trying to change url address, and removes the program... but when clicking on IE (after reboot), damned search bar is still there... HELP... :-(
I have a prinscreen of Microsoft Antispyware result if you want, how can I post it on the forum ??

Erik
(Belgium)
 
Upvote 0 Downvote
Hi Erik! Nice name.

Remove the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ZWtY0HZOJHe4Jr1wfmPGnp/.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
O2 - BHO: (no name) - {53594A93-62BF-E1DE-D8D4-FF79329A46B3} - C:\DOCUME~1\acer\APPLIC~1\MULTII~1\Settingsdog.exe

This one is iffy, remove it if you don't recognize Flawwave.exe

O4 - HKLM\..\Run: [Wipe Flaw Inside City] C:\Documents and Settings\All Users\Application Data\bowslovewipeflaw\Flawwave.exe

Hope this helps,

Erik
 
Upvote 0 Downvote
Part of your cleanup should be emptying temp folders, so you ought to move hijackthis.
C:\DOCUME~1\acer\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe


There is your lop pattern:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = O2 - BHO: (no name) - {53594A93-62BF-E1DE-D8D4-FF79329A46B3} - C:\DOCUME~1\acer\APPLIC~1\MULTII~1\Settingsdog.exe
O4 - HKLM\..\Run: [Wipe Flaw Inside City] C:\Documents and Settings\All Users\Application Data\bowslovewipeflaw\Flawwave.exe
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\acer\APPLIC~1\HOPEME~1\film dumb.exe

You need to get and run the lop uninstaller.

Fix those lines in hijackthis.

In safe mode clear all your temp folders.

Look for these folders in program files and application data folders and remove if present.
MULTII~1
bowslovewipeflaw
HOPEME~1

Look for c2media folder in program files.

Check your desktop for extra icons.
Favorites for extra stuff.

If all that doesn't work, you will have to edit the registry.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Thanks to all,

This damned search bar is gone... After deleting following line
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\acer\APPLIC~1\HOPEME~1\film dumb.exe

When deleting other lines, came always back..

Thanks again.

Erik
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
269
2ffat
2ffat
Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
254
Mike Lewis
Mike Lewis
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
244
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
776
Yoko Littner
Yoko Littner
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
301
Oorde
Oorde

Part and Inventory Search

Sponsor

Back
Top