republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > cant get rid of CWS.Searchx

Search Topic:
 Share Topic
Posting?
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

regz12

join:2004-05-02
Fall River, MA

reply to weeirdo

Re: cant get rid of CWS.Searchx

Here are my log files ... PLEASE HELP ME !

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2479859D-FAF5-4673-9878-3BCFA5C6740F}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{71922FAE-B010-487C-80C5-21D91D6229F1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{71922FAE-B010-487C-80C5-21D91D6229F1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"



Logfile of HijackThis v1.97.7
Scan saved at 7:51:03 PM, on 5/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Bryan Rego\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\gebd.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\gebd.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\gebd.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\gebd.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\gebd.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\gebd.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {2479859D-FAF5-4673-9878-3BCFA5C6740F} - C:\WINDOWS\System32\gebd.dll
to forum · permalink · 2004-05-02 19:52:26 · (locked)


Ctrl Alt Del
Premium
join:2002-02-18

regz12 See Profile, you have the same thing I had unfortunately. And the only way of getting rid of it is to boot to another operating system and delete the super hidden file. I don't know of any other way currently.
--
The day after tomorrow. Where will you be?

to forum · permalink · 2004-05-03 00:09:07 · (locked)


Zupe
Premium,MVM
join:2001-11-29
New York, NY
2 edits

reply to regz12
regz12 See Profile, first, that's not a complete Hijack This log, we'd need to see the full log. Second, from running the file I posted earlier, was there nothing in the results above what you posted? It will usually list the name of the "bad" hidden file there if one is found.

If that didn't list anything, you can try downloading and installing Reglite from here: »www.resplendence.com/download/reglite.exe

Start the program and paste the following into Reglite's
browser address bar and click the Go button:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

In the right pane, find the value "AppInit_DLLs" and double-click it. Copy and paste the output of the Size and Value fields that show up in the next box here.

ahulett See Profile, are you suggesting that Ad-Aware can now deal with this? If so, that would be great news, but from what I've seen so far, using, Ad-aware, CWShredder or any other automated removal tool before removing the hidden dll (assuming it's present, there may still be versions where it apparently isn't and this could be one) just ends up causing a bigger mess. If that DLL isn't removed, the other entries just return with new names, either right away or after a few hours, leaving even more to cleanup.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"?

to forum · permalink · 2004-05-03 13:06:46 · (locked)
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 05:06:45 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics