Search Extender, Shopping wizard
-
Search Extender, Shopping wizard
How can i get rid of the search exteneder, shopping wizard installed on my computer? I also have a pop up from norton saying that my computer has been infected by a trojan horse. How can i fix that? your help is greatly appreciated!
-
If you have a trojan virus you need to run your norton anti virus software to pick it up and will give you a choice whether to delete the virus's it has found 
-
to get rid of this search engine you can go to:
1.my controlpanel
2. add and remove programs
3. search for the program within the list
4.uninstall
may work and may not
If you cant get rid of the viurs with norton download (free)
http://www.avast.com/eng/update_avast_4_vps.html
a good virus scanner. does it during your reboot
-
Hello,sleepydon & Welcome
I need you to download install update these progs here
then run them for us but as was said do an online Virus scan
Go for free online Virus scans here:
http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.
now the progs
1. Download and Install Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
1.Downloaded and Install Spybot Search & Destroy, accepting the Default Settings
2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
3. Close ALL windows except Spybot S&D
4. Click the button to ‘Search for Updates’ then download and install the Updates.
5. Next click the button ‘Check for Problems’
6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window
7. Make certain there is a check mark beside all of the RED entries ONLY.
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
9.REBOOT to complete the scan and clear memory.
10.Once done with all above make sure to place HijackThis in a folder
in C:\Drive like so C:\HJT
11.Run HijackThis & show us logfile.
http://www.isecurity.org.uk/downloads/hijackthis.exe
instructions for posting a log can be found at
http://www.isecurity.org.uk/misc/hijackthis.html
Finally after running both Spybot SD and Ad-Aware SE, SCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’.
@terri_annuk
Thank you
HGD
-
here is the log from Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 2:52:44 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DOWNLO~1\WebEx\319\atnthost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\DOWNLO~1\WebEx\319\RAAGTAPP.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dptrpqv\Qpbq.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\sysxv32.exe
C:\WINDOWS\system32\ciatab.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cfgdcmsg.exe
C:\WINDOWS\DOWNLO~1\WebEx\319\raagtx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LA K.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SW K.EXE
C:\Program Files\AdwareAlert\Launcher.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason Mollison\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\emomy.dll/sp.html#49693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\emomy.dll/sp.html#49693
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {97844521-9B02-5F4A-6832-B572D5720BB7} - C:\WINDOWS\system32\netjh32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Empvpt] C:\Program Files\Dptrpqv\Qpbq.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [sysxv32.exe] C:\WINDOWS\sysxv32.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [u7tj3ne] ciatab.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fw2tRhKtU] cfgdcmsg.exe
O4 - Global Startup: Access Anywhere Agent.LNK = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LA K.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AT Host Service (atnthost) - WebEx - C:\WINDOWS\DOWNLO~1\WebEx\319\atnthost.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
Hi,sleepydon
Once again before you do any of this move HijackThis to a folder
in C:\Drive like so C:\HJT
OK we will work from Safe Mode on this here
i also need you to download these progs here
Download CWShredder.
Save CWShredder.exe to a convenient location.
Please do not do anything with it yet.
Prepare AboutBuster for use:
Download the free tool
AboutBuster
here:
http://malwarebytes.biz/AboutBuster.zip
* Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
* Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
* Click "OK" at the prompt with instructions.
* Click "Update" and then "Check For Update" to begin the update process.
* If any updates exist please download them by clicking "Download Update".
* You should not run the program yet so click "Exit".
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
Dptrpqv
AdwareAlert
Make sure you can view hidden and system files: Instructions here
Then Boot to safe mode: Instructions here
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\emomy.dll/sp.html#49693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\emomy.dll/sp.html#49693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\emomy.dll/sp.html#49693
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {97844521-9B02-5F4A-6832-B572D5720BB7} - C:\WINDOWS\system32\netjh32.dll
O4 - HKLM\..\Run: [Empvpt] C:\Program Files\Dptrpqv\Qpbq.exe
O4 - HKLM\..\Run: [sysxv32.exe] C:\WINDOWS\sysxv32.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [u7tj3ne] ciatab.exe
O4 - HKCU\..\Run: [fw2tRhKtU] cfgdcmsg.exe
Delete the following files\folders IF still present:
C:\WINDOWS\system32\netjh32.dll<---This file
C:\Program Files\Dptrpqv\<---This folder
C:\WINDOWS\sysxv32.exe<---This file
C:\Program Files\AdwareAlert\<---This folder
Stell in Safe Mode do a file Search for these files here if found delete them
ciatab.exe
cfgdcmsg.exe
Run CWShredder:
* Double-click on CWShredder.exe.
* Click "Fix ->" and click "OK" at the prompt.
* CWShredder will scan and clean your system of CWS files.
* Click "Next->" and then "Exit".
Run AboutBuster and save the logs:
* Browse to where you saved AboutBuster and run AboutBuster.exe.
* Click OK at the directions prompt.
* Click Start and then OK to run
* Click Yes to allow it to shutdown explorer.exe.
* It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
* When it has finished, click Save Log.
Clean out temporary files:
* Start | Run | type cleanmgr | OK
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Click "OK" to remove them.
* Click "Yes" to confirm the deletion.
Restart your computer normally to return to normal mode.
see how it is & show us new logfile.
HGD
Last edited by HJThis; 27-06-2005 at 12:50 AM.
Newbie
