Computer Support Forum

Awtsp.dll And 180search Assistant/zango Removal Help

Question: Awtsp.dll And 180search Assistant/zango Removal Help

I've tried numerous programs including avg, xoftspy, trojanhunter, adaware, spybot, avast, fixvundo, cwshredder, smitrem, everything. There's this file awtsp.dll which is impossible to delete no matter what I have tried (force deleting it, killbox, safe mode.. even though safe mode explorer doesn't seem to want to run). Also.. there's a pesky devldr32 file. Even after I did a complete uninstall of creative and used driver clean professional. Can someone help me?

Relevance 100%
Preferred Solution: Awtsp.dll And 180search Assistant/zango Removal Help

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Awtsp.dll And 180search Assistant/zango Removal Help

Hello Darkmindzero I'm EVAN198.I'm going to ask you to download ewido. You can download it here. * Install ewido security suite * Ewido will automatically run at the end. * The program will now open to the main screen. * When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. * You will need to update ewido to the latest definition files. o On the top row of the main screen click update. o Then click on "Start Update". * The update will start and a progress bar will show the updates being installed. (the status bar at the top will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesDon't run it yet.Reboot into SAFE MODEBy pressing the F8 key right when Windows starts, usually right after you hear your computerbeep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)you will be brought to a menu where you can choose to boot into safe mode.Open Ewido anti-malwareClick on the scanner button in the top row. * Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom left of the screen and click the "Save Scan Report" button. * Click on "Save Report As". * Save the report to your desktopClose EwidoThen I'm going to ask you to run Hijackthis, which you can download hereThen you are going to need to post that log you get (It will be in a text document. .txt) Then please copy and paste that into a new reply in the HijackThis board. One of our experts will then adress your problem further thereDo not post the results of the Hijackthis Log, until you give me the results of Ewido. The problem maybe able to be fixed just with the Ewido scan. If it isn't able to be resolved, then I will post back with further instructions.

2 more replies
Relevance 132.53%

Forgot to add I tried ewido as well... and my hijackthis log is...

Logfile of HijackThis v1.99.1
Scan saved at 3:05:09 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\HijackThis.exe

R1 - HKLM\Software\Microsoft\Inter... Read more

Answer:Awtsp.dll And 180search Assistant/zango Removal Help

Hello Darkmindzero, and welcome to Bleeping Computer. My name is Charles and I will be helping you to clean up your computer.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Charles

2 more replies
Relevance 81.78%

No matter what I do I can't get rid of the text image on my screen.
The text image says:
"Warning spyware threat has been detected
on your pc. Your computer has several fatal errors due to spyware
activity. It is strongly recommended to install an antispyware software
to close all security vulnerabilities. Antispyware software holps protect your PC against spyware and This text image seems as though that this image is permanently pasted to my desktop. I have attached images of what I'm seeing on my computer screen.

And if I hit the keys "ctrl", "alt" and "delete" a message
comes up that says "task manager has been disabled
by your administrator".

On my task bar I have a little yellow triangle with an exclamation
mark that has a warning popup that says
"Your computer is not protected by spyware".

I have ran every full, updated, protection antivirus and security
program several times and rebooted several times as
well. I would appreicate any help you can offer.

Thanks,

Answer:Rid Me Of 180search Assistant, 180solutions, Seekmo And Zango

Archstorm, welcome to Bleeping Computer.

If you think you may be infected with malware, the first place to start is in the "Am I Infected? What Do I Do?" forum. This is a centralized place where advanced members and staff can provide initial assistance with malware removal. If your issues cannot be resolved there, then you will receive further instructions as to what you need to do.

Please be patient, I will have a Moderator move your topic to the appropriate forum.

6 more replies
Relevance 78.31%

I have just been hit with this blighter. On checking the 680180 .net site I see that this is only installed upon request. Well, I did not request it and certainly don't want it. I have tried to uninstal it, but it keeps coming back. I have run Adaware and Spybot S & D, to no avail. Another programme was also installed at the sa,e time - AdDestroyer, this sees Ad Aware as a threat and identifies it as spyware and tries yo delete it. Another programme, TV Media is also installed and this just will no go. I cannot delete it (protected), Add Remove Programs doesn't touch it. The worst thing about these programmes is the speed at which they dump adverts and spurious web pages on my system. I feel as if I am genuinely under attack. I have not been able to work effectively for a whole day because of the effort involved in trying to get shut of them.It looks as if I need to reformat, unless someone out there knows any solutions. Was I protected? Well I am on a network, which is protected by a regularly updated hardware firewall (Watch Guard), Sophos Anti virus, with all the bells and whistles. I don't know what else I could have dome. For goodness' sake, I'm supposed to be the manager of this small training company - I don't mess about on the Internet at work! Any help gratefully received.Mike

Answer:180search Assistant and others

this site click here may be of some help

2 more replies
Relevance 78.31%

Logfile of HijackThis v1.98.0
Scan saved at 08:57:56, on 28/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\temp\salm.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\bundle.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EX... Read more

Answer:180Search Assistant - HJT log

i see search relevancy in HJT. check your add/remove programs and you will find it there and remove. this is one of those which is really annoying to remove so read everything that comes out and you have to be connected to the internet to remove it.

p.s. i am not really an expert on this, i just happen to have an encounter with this search relevancy. and while you are at it check all the programs installed that you are not familiar with that you did not install.
 

2 more replies
Relevance 78.31%

1st time posting... Per my handle, I'm a technical voice communications specialist, not overly adept at PC/data.

Quick question: I'm getting the 180Search Assistant Alert pop-up. Am I asking for trouble if I select their uninstall option?

Thanks for your advice.
 

Answer:180Search Assistant

Sorry, didn't follow your guidelines...

XP home edition SP1
P4 2.0 GHz
256MB RAM






VoiceNotData said:



1st time posting... Per my handle, I'm a technical voice communications specialist, not overly adept at PC/data.

Quick question: I'm getting the 180Search Assistant Alert pop-up. Am I asking for trouble if I select their uninstall option?

Thanks for your advice.Click to expand...


 

3 more replies
Relevance 78.31%

Greetings all...I'm new here and was referred here by a friend with the advice that this is a place that might be able to help...I have recently noticed my comp being inhibited by strange activity and adware...primarily something called 180search assistant...I've tried to "uninstall" the software but nothing happens when I go into the Add/Remove Programs...I mean nothing...it suggests I go online while trying to uninstall but to no avail...also, on their site it suggests I download their uninstaller...i couldn't find it...I've tried adaware, spybot and spykiller...as well as McAfee...here is the recent log...

Logfile of HijackThis v1.99.0
Scan saved at 10:18:17 PM, on 1/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
D:\DiskeeperWorkstation\DKService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\PROGRA~1\McAfee.com... Read more

Answer:180search Assistant...need help!!!

Hi

Make sure to run 'CWShreader'(check for updates) as this will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the EXE files (if they are there) and click Kill process before deleting.


Files highlighted in BLACK in the log will need to be removed from your hard drive.

Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it to clean out the temp folders ..Then please reboot and post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=31693
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-find.com/... Read more

5 more replies
Relevance 78.31%

I keep getting a warning message as follows:The system has detected, that a 3rd party has removed 180search assistant,possibly without your consent. this may cause some programs not to run as expected. please choose an option below.1) Re-Install2) Leave UniInstalled3) Remind me later.Can anyone tell me what this is please.I run windows XP Pro.regards

Answer:180search Assistant

Have a read click here

5 more replies
Relevance 78.31%

What is 180search Assitant?
 

Answer:180search Assistant

7 more replies
Relevance 78.31%

Hi,
I think I've been infected with spy ware -- L
-- Here's my info:

1. System: XP (User accounts: Administrator and guest)

2. Browser: SBC Yahoo! Browser DSL Version 5.01-ACSX;SP2

3. Problem: ?180search Assistant? (spyware?) keeps popping up and asking to be reinstalled; and a program, ?WebRebates_CDT_InstallSilent,? keeps reappearing in my Temp folder after I?ve deleted it. Also, I had a few warnings from the Norton program that ?c:\temp\salm.exe? was attempting to access the internet -- I went and manually deleted that file. I believe all three of these programs are connected (???).

4. Security Software running: Norton Internet Security and AntiVirus; firewall; Spybot S&D; SpywareBlaster; CWShredder. -- They are all up to date.

5. Steps taken:
-- I?ve deleted all the files associated with these programs in the Temp folder, when I tried to delete ?180search assistant? from the add/remove programs page it gave me an error message saying that it had already been deleted -- but, it still shows up on the page;
-- I?ve run virus scans on Norton (and TrendMicro online) which didn?t find anything;
-- Spybot S&D scans find ?DSO Exploit? (but, I?ve been told that that?s a false positive);
-- CWShredder finds two things: ?CWS.Jksearch? and ?CWS.HiddenDll? (I?ve run this scan a couple of times to remove them and they keep coming back).

6. Both Grokster and Kazaa were installed at some point ... Read more

More replies
Relevance 78.31%

180search assistant is on one of the computers here at work. I need help getting it off (Windows 98). You might need to remind me how to run, save and post my hijack this log. thanks for the help.
 

Answer:180search assistant

srl said:



180search assistant is on one of the computers here at work. I need help getting it off (Windows 98). You might need to remind me how to run, save and post my hijack this log. thanks for the help.Click to expand...

You should be able to Uninstall 180search assistant via Add or Remove Programs.

Otherwise, please see the Read Me First and HijackThis Sticky Posts at the top of the forum.

PP
 

3 more replies
Relevance 78.31%

Recently through some sort of spyware  i think, i noticed this program called 180search assistant. it constantly launches pop ups at pretty much every site i visit and it is not only becoming incredibly annoying it is also slowing my computer considerabley.I've tried uninstalling the program through Add/Remove Programs but it won't uninstall! is there any other way i can get rid of this pest of a program!???

Answer:180search assistant

Please Read This First - Viruses & SpywareInstall the programs recommended. I suggest you properly configure them to make better use of the scanner. Refer to the manual in order to do so.

1 more replies
Relevance 77.49%

There has been a grey box popping up on my screen after my computer has loaded. It has been happening for a month or so. I do not know if it is a virus or not. I have launched Network Associates virus scanner, Vshield and Ad-aware 6.0 and still the box does not popping up. It only pops up once, never pops up again after you close the box.
It says:
WARNING
The system has detected that a third-party application has removed 180search Assistant, possibly without your consent. This may cause some programs not to run as expected. Please choose an option below.

Options:
- Re-install 180search Assistant so that your programs will run as expected. Requires internet connectivity.

- Leave 180search Assistant un-installed, and clean up any 180search Assistant files or settings that remain.

- Remind me later.

Any Help with this would be greatly appreciated.

Thanks,

Allmotorhatc
 

Answer:180search Assistant Alert box

I googled 180Search Assistant and found this site which explains what it is:
http://www.180searchassistant.com/faq.html Then there is this site:
http://www.180searchassistant.com/uninstall.html which tells you how to uninstall it. It seems that 180search Assistant is installed as a part of many free software applications, screensavers, games and Internet accelerators - so you may have installed it unknowingly. Hope this helps.
 

2 more replies
Relevance 76.67%

Got a pop-up to warn constantly. Not a IT person, need simple advice (not too technical please).
1. 180 Searchassistant warning
2. NCASE Alert
3. Error loading C:\Windows/system32/bridge.dll

Thank you so much
 

Answer:Pls help-what is 180search assistant & NCASE alert?

16 more replies
Relevance 76.67%

have just switched on pc, opened outlook express and a window appeared saying; 180search assistant alert...The system has detected that a third party application has removed 180search assistant, possibly without your consent. this may cause some programs not to run as expected. please choose an option below.1. Re-instal 180search assistant so that your programs will run as expected. requires internet connectivity.2. Leave 180search assistant uninstalled, and clean up any 180search assistant files or settings that remian 3. Remind me laterI did not check any of the options... I just closed the window.Is it genuine, what should I do next?

Answer:180Search Assistant Alert ...real or not?

Do nothing. 180 search assistant is spyware.

6 more replies
Relevance 76.67%

Please help me to unistall 180Search Assistant
My Hijackthis.log
Logfile of HijackThis v1.98.2
Scan saved at 4:25:58 PM, on 9/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINNT\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} -... Read more

Answer:Uninstall 180Search Assistant Hijackthis log

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

If you knowingly put this site into your Hosts file you may keep the following entry. if not, let Hijack This fix it.

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINNT\system32\AANTX.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {6FD83C2E-9416-0BC3-8022-125578A02D39} - C:\WINNT\system32\lspim.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll... Read more

5 more replies
Relevance 76.67%

I am running spyblaster, and adaware pro, spysweeper, spybot religiously, but keep geting these. Also ive downlded service pack 2 successfully without any percieved probs for over a week. What can i do with this log to further clean up my system? Thanks in advanc

Logfile of HijackThis v1.98.2
Scan saved at 5:55:04 PM, on 9/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\windows\180ax.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\Syste... Read more

Answer:Pop ups of N case, hunt bar, and 180search assistant

9 more replies
Relevance 76.67%

Hallo, Please could you access my hijackthis.log
Many thanks in advance, G.Hards
 

Answer:Pls help-what is 180search assistant & NCASE alert?

12 more replies
Relevance 76.67%

Logfile of HijackThis v1.98.2
Scan saved at 4:13:00 PM, on 9/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\msvcmm32.exe
C:\Program Files\Movielink\MovielinkManager\Movielink Manager.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\Fonts\drvutil.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.... Read more

Answer:Pls help-what is 180search assistant & NCASE alert?

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Viewmgr is adware, you should remove that in control pane, add/remove programs.

These two are also new and I don't know what they are, do you?
O4 - HKLM\..\RunOnce: [*drvutil] C:\WINDOWS\Fonts\drvutil.exe rerun
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\addins\nutip.exe ren

If not find the file and try to submit it here: http://www.kaspersky.com/remoteviruschk.html and post the results.

EDIT: jupota, I see you posted in a thread I was already working, thus my reaction that the two above are *new*. Please don't post your log to someone else's thread.

At any rate I've split you into a new thread and want to assist and these two comments are for you. Please continue to reply here and we will be happy to help you.
 

3 more replies
Relevance 75.85%

i suddenly got real rebates and 180 search assistant installed on my pc. i have uninstalled them from the software and deleted them ( as far as i know ) but to be sure i got rid of all spyware i am posting my ijackthis log. kindly see wht else is needed to be done.
many thanks.
Logfile of HijackThis v1.98.2
Scan saved at 01:56:35, on 18.11.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
D:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Yahoo!\Messenger\YPager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\PROGRA~1\WI... Read more

Answer:Solved: real rebates and 180search assistant

14 more replies
Relevance 75.85%

Brand new "TSGF" user with some problems.

I've been pretty good about taking care of spyware using spybot, but just recently I seem to have some that I can't get rid of, specifically "Hunt Bar" (and others I'm not aware of I'm sure).

I realize that this- {8952A998-1E7E-4716-B23D-3DBE03910972}
is Hunt Bar, but I figured I'd check with you guys to see what else I should get rid of. In the meantime I'm picking through the CLSID list on sysinfo.org for more info. BTW Mozilla is my internet browser, is there something else that's better for surfing?

Here's my HJT results, any help you could provide would be greatly appreciated.

Thanks.
_____________________________________________________________

Logfile of HijackThis v1.98.2
Scan saved at 6:26:52 PM, on 10/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C... Read more

Answer:Solved: Pls help-what is 180search assistant & NCASE alert?

10 more replies
Relevance 74.21%

Please help me to fix my problems
My security level of internet change alone to the
lowest level and assign all the pages to trusted sites
PLEASE HELP!!!!!

this is my Hijackthis.log

Logfile of HijackThis v1.98.2
Scan saved at 16:48:43, on 20/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\TVMJUD.EXE
C:\WINDOWS\APPLICATION DATA\TABA.EXE
C:\WINDOWS\SYSTEM\VVJHZI.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\ARCHIVOS DE PROGRAMA\3-BUTTON MOUSE\SCW32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\ESCRITORIO\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Exp... Read more

Answer:Problems with trusted sites without permission and uninstall 180search assistant

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\SYSTEM\TVMJUD.EXE
C:\WINDOWS\APPLICATION DATA\TABA.EXE
C:\WINDOWS\SYSTEM\VVJHZI.EXE

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Download Accelerator (DAP)

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: MyObj Class - {275636E... Read more

5 more replies
Relevance 72.57%

Okay I accidently got this stupid Zango Search assistant and I want it off my computer and I went into my computer into add/remove programs and it will not let me delet it..... HELP

-Stephanie

Answer:Zango Search Assistant

post us a hijack this log

2 more replies
Relevance 72.57%

Hi
I have dont know how picked up Zango Search Assistant 10.0.341.0and cant get rid of it. My spyware is blocking it but it is coming up every few mins and is a pain. can any body help me get rid of it
 

Answer:zango search assistant 10.0.341.0

Let's run some scans and see what we can find.

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you also use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you also use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click ... Read more

1 more replies
Relevance 71.75%

I have recently been infected with 180 Search Assistant, Zango, and other malware I guess you can say.

My computer's symptoms:
- There is a yellow text box at the bottom of the computer screen that pops up frequently reminded me that I have spyware, but I know it's not from my computer.
- I have pop ups and my Internet Explorer is working slowly
- My desktop background has been changed to tell me I have spyware
- When I try to use task manager, a dialogue box tells me that it's been disabled by the administrator

Information about my computer:
- Windows XP Home edition
- McAfee SecurityCenter

Any other information you need to help me I can tell you, but I really need help soon as my entire family uses this computer.

Answer:Infection Of 180 Search Assistant, Zango, Etc.

Hello there and welcome to BleepingComputer.I think the best course of action for you, based on the amount of malware it would appear is present, would be to post a HijackThis in our forum for analysis from an expert. Please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log. Do not post your log here, but instead use our HijackThis Logs and Analysis Forum.After posting a log you should NOT make further changes to your computer except those that are advised by a member of the HijackThis Team; doing so can cause system changes that may not be visible in your log. Please be patient whilst waiting for a response, our HJT Team is currently very busy, and as we try to deal with logs on a "first come first served" basis, you may have to wait a short while.

1 more replies
Relevance 67.65%

I'm running XP, Norton Antivirus. I tried all the basic removal tools recommended in the sticky, but I'm unable to remove these items below (Norton cannot remove):

Adware.180Search
Adware.ZangoSearch
Adware.PowerScan

Please help! I can post my HijackThis log if necessary.

TIA,

Mike
 

Answer:Help please. 180search removal.

Please follow the steps below exactly as written:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

11 more replies
Relevance 62.73%
Question: Zango removal

hi, i am having problem with zango software that i have no idea when i downloaded. computer now too slow with frequent freezing and hangups. everytime my zonealarm runs i have a Trojan-PSW.Win32.Papras.qh or anot-a-virus:AdWare.Win32.HotBar.ck which is usually quarantined. all seem to be related to zango. i am not an expert in computers and have tried a little to remove zango. i do see it in the programs menu, but when i try to uninstall it, i do not see it in that menu. i read a few threads here in the forum and have downloaded hijackthis and am posting my log for review. any help will be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:21 PM, on 1/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics... Read more

Answer:Zango removal

do all messages in this forum get answered? am still waiting for a reply on my earlier query!!
 

1 more replies
Relevance 62.73%
Question: Zango Removal

How do I remove "Zango" from my computer? I go through the control panel and remove it, only to see it come back. I asked them to help me uninstall zango, but they ask me to find certain file in the control panel and remove it. Well, I don't see the file in the control panel. They suggested I use their Uninstall link, but when I try to use it, it states it is looking for certain file and can't find it. I click OK and it exits the program. Also, ever since I downloaded their program, my computer is extremely slow to the point I have to manually turn the power off. Please help. Thank you very much.
 

Answer:Zango Removal

8 more replies
Relevance 62.73%
Question: Zango removal.

I've looked through other posts but could not find any that were of help. Zango is installed on my computer and I'd like to get rid of it. It is not found on add/remove programs and the link provided by the zango website requires something else to be downloaded before the program can be uninstalled. My McAfee SiteAdvisor is a bright red color on that page, which makes me nervous.

I have operating system windows XP on a Dell Inspiron B130.

Thanks in advance for any help!
 

Answer:Zango removal.

12 more replies
Relevance 62.73%
Question: Zango Removal

At one time my grandchildren loaded Zango on my computer. I removed the program using the uninstall, but I continue to get popups asking to load the program again. It also says there is a previous program downloaded on my computer. This is not the case. How do I remove all traces of Zango?

greatideas

Answer:Zango Removal

Welcome to BCI found a fix for it but quite honestly you'd be better served posting a HighjackThis log. The malware and HijackThis forum is further down the main forum page. Start here first http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Mark

1 more replies
Relevance 62.32%

hi all, here is my delimma, i KNOW i have hotbar/zango on my laptop, im running win 7 64 bit. i have a shortcut for norton yet i cant remove it in my uninstall options. i cannot run spybot s&d, i get the following " Error sending request. A connection with the server could not be established, im post ing this here as a request from on of the mods, im tryingt to us ethe guides that you suggest but im getting blocked form something.
 

Answer:hotbar/zango removal

Welcome to Major Geeks!

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
Once you've gotten one of them to run then try to immediately run the following.


Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post )


Now download and Run exeHelper

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
A log file named log.txt will be created in the directory where you ran exeHelper.com
Attach the log.txt file to your next message.
Note: If the window shows a message that sa... Read more

33 more replies
Relevance 62.32%

well i have this problem from a long time. Though i didn't install zango fully (somehow i downloaded it - unknowingly) when i scan using ad-aware it scans for zango, windad, and wind update. even though i remove it - this comes agin in the scan. only ad-aware gets it - spybot, ewido( online and proffessional both) and bitdefender online didn't detect this..
The following is the Ad-Aware log:

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediagateway.installer

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}

Zango Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}
Value : AppID

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d676f999-4608-4dc5-a135-4f51f4212739}

Zango Object Recogn... Read more

Answer:Solved: zango removal

10 more replies
Relevance 53.71%

Hi,I am having this problem - Helpassitant folder created in my document and settings folder, every time i reboot my computer.I have many problems because of this.. like slow booting up... freezing computer..Any help is really appreciatedThanks for you time and efforts in advance.Disha

Answer:Help Assistant Removal

Hello my name is Sempai and welcome to Bleeping Computer. *We apologize for the delay. Forum has been busy.* Please stay with me until I declare that your computer is clean as most users don't reply anymore once they found out that their computer is running smoothly, but absence of symptoms does not mean that a computer is free from infection.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.+++++++++++++++++++1. Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Post the contents of that report when you reply.2. Download OTL to your Desktop.Double click on the icon... Read more

12 more replies
Relevance 53.3%

After having numerous problems with my machine locking up I discover the Help Assistant directory with a copy of my hard drive in it. After some initial research I tried to remove it by disabling the user and deleting the directory only to have it return. I found another topic regarding this but after reading decided to contact you first before doing anything more.DDS log file is below and Attach.txt is attached. When I tried to run GMER, after making the requested adjustments and then clicking scan, it began scanning and then displayed the blue problem detected screen and windows has been shut down. Pertinant information in blue screen was:======================================DRIVER_IRQL_NOT_LESS_OR_EQUAL======================================then the standard if first time restart message followed by:======================================Technical Information:*** STOP: 0x000000D1 (0x0000000C, 0x00000002, 0x000000000, oxEE0C2E52)Mpfp.sys - Adress EE0C2E52 base a EE0B9000, Date STamp 49de3cac======================================DDS logDDS (Ver_10-03-17.01) - NTFSx86 Run by Mommy at 13:15:06.03 on Sat 06/12/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.158 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\syste... Read more

Answer:Help Assistant Virus removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

16 more replies
Relevance 53.3%

Follwed instructions and the toolbar diappeared.. Now as I start browsing on firefox I get an alert from my Norton firewall asking to permit this connection. I block it.I permitted this before and the hijacker returned .This is the log from norton firewall log: Help is appreciated. Thanks Details: This one time, the user has chosen to "block" communicationsOutbound TCP connectionRemote address,service is (f15717.bins.lop.com(66.220.17.158),http(80))Process name is "C:\Program Files\Internet Explorer\iexplore.exe" Logfile of HijackThis v1.98.2Scan saved at 1:19:31 AM, on 8/26/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Microsoft Shared\Work... Read more

Answer:Search Assistant removal

Are you already being helped in another thread?

1 more replies
Relevance 53.3%

Hello HijackThis Team and the Moderators!! You guys helped me out a couple years ago, which I appreciated. Now once again, am here asking for your help.Can't get rid of this &$#%$ Search Assistant Have scanned with Ad-Aware and Spybot - Search and Destroy but to no avail - it comes back up each time I do a Hijack This run. Not sure of this but I think it controls results on Google--sometimes I do a search, and the weirdest sites come up as results--just doesn't look right.Anyway, your help is much appreciated, as always!! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:44:24 AM, on 26/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\system32\gearsec.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlcl... Read more

Answer:Please Help With Search Assistant Removal

Hello jaja67893,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

3 more replies
Relevance 53.3%

Logfile of HijackThis v1.98.2Scan saved at 6:05:20 AM, on 8/23/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\WINDOWS\LTMSG.exec:\progra~1\... Read more

Answer:Search Assistant Removal

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bqqiwmqzjtdiaqd.net/YobkkBgtflu...pJ4cDxgrq5m.jpgO2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dllO2 - BHO: (no name) - {D851EA4E-FB53-1B72-AD35-D592E4700583} - C:\PROGRA~1\ERRORC~1\Hold this.exeO2 - BHO: TChkBHO Class - {F6E6D2FD-5AFD-4D35-91CD-3F09010EFD52} - C:\WINDOWS\system32\effje.dllO4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exeO4 - HKLM\..\Run: [Audio Noun] C:\PROGRA~1\OPENDO~1\Info Platform First.exeO4 - HKLM\..\Run: [support bird readme move] C:\Documents and Settings\All Users\Application Data\Proxy More Support Bird\heartfast.exeO4 - Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.htmlO16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://ultimateplugin.com/tl7000.dllO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...f7... Read more

1 more replies
Relevance 53.3%

Happy 4th of July Everyone!

Somehow I got this little bugger... can't figure out how to get rid of it.
You can't remove it from the "Add/Remove Hardware" screen.

I have a HijackThis log if you want to see it.
I ran AdawareSE but for some reason I don't think it's updating correctly.

Any help would be appreciated!
Thanks

 

Answer:My Way Search Assistant Removal

You should be looking at Add/Remove Programs not Hardware.

If you still have problems, follow the steps below. HijackThis is far from the first step. What version of Ad-Aware SE do you have. Make sure you compare to the one in the links below.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

13 more replies
Relevance 53.3%

i original posted in security - as i dont have the machine
but will probably connect tomorrow

however, as i only really want advice from the experts here - i moved to the virus forum

I have just been helping a friend remotely on a laptop - windows 10 remove amazon assistant
which keeps popping up on the screen

usually adwarecleaner followed by malwarebytes gets rid of these

Adwarecleaner - listed it as an optional PUP and i made sure it was checked - also checked other amazon items WOW - etc
and removed and rebooted

Still came up

ran adwarecleaner again
this time it had removed other items - except amazon button1 (which is amazon assistant)
so removed it again and rebooted

still came up

ran malwarebytes

listed as a threat - quarantined
rebooted

still there

how do we get of this think
ALL google searches appear to indicate that Malwarebytes & Adwarecleaner - should remove
 

More replies
Relevance 53.3%

Hi,

I have looked through a few forums on removing the Amazon Assistant virus but I still have not removed it from my machine. I'm continuously getting the blank, white pop-up. When I went to remove the program, the "uninstall" option is greyed out and I am unable to get into the actual file to delete it because it keeps saying that the file is open. I haven't been able to close the pop-up for long enough to remove the file. As I type this, the pop-up is coming up every 10-15 seconds. I just need this gone, it's getting to be too much and my machine is slowing down exponentially.

Here are the specifications of my machine.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, Intel64 Family 6 Model 78 Stepping 3
Processor Count: 4
RAM: 3969 Mb
Graphics Card: Intel(R) HD Graphics 520, 1024 Mb
Hard Drives: C: 930 GB (812 GB Free);
Motherboard: Acer, Ironman_SK
Antivirus: Avast Antivirus, Enabled and Updated

I also went ahead and ran a scan on my computer with the FRST (x64) program I saw in many other replies. I will include both scans below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
Ran by Ethan Hughes (administrator) on HUGHES (06-12-2017 13:24:46)
Running from C:\Users\Ethan Hughes\Downloads
Loaded Profiles: Ethan Hughes (Available Profiles: Ethan Hughes)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Languag... Read more

Answer:Amazon Assistant Removal

Here is the additional scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by Ethan Hughes (06-12-2017 13:26:14)
Running from C:\Users\Ethan Hughes\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-10 02:58:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-2008701448-1604200778-1345039759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2008701448-1604200778-1345039759-503 - Limited - Disabled)
Ethan Hughes (S-1-5-21-2008701448-1604200778-1345039759-1001 - Administrator - Enabled) => C:\Users\Ethan Hughes
Guest (S-1-5-21-2008701448-1604200778-1345039759-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2008701448-1604200778-1345039759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs s... Read more

1 more replies
Relevance 53.3%
Question: awtsp.dll

i Cookiegal i send you the hijackthis.log that talk to you before. sorry for my english !!

thank you in advanced
 

Answer:awtsp.dll

6 more replies
Relevance 52.89%

I'm sure you have all seen a lot of this lately. I am comfortable enough to follow someones wonderful instructions, but I am not confident in changing dll files without an expert opionion. I have attached my log file from hijack this. I have read all of the instructions from this site and downloaded all of the tools. I just need to know which files I should alter. Thank you very much.____________________________________Logfile of HijackThis v1.99.0Scan saved at 4:22:20 PM, on 1/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\AGRSMMSG.exeC:\PROGRA~1\QtVprMtx\QTVPRMTX.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\support.com\bin\tgcmd.exeC:\WINDOWS\system32\netts32.exeC:\WINDOWS\system32\Zrdhon.exeC:\WINDOWS\system32\Qlixmm.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Common Fil... Read more

Answer:Home Search Assistant Removal

Your logfile is being analyzed now, and a response will be posted shortly.

Thanks
daveai

6 more replies
Relevance 52.89%

Hi. My mywaysearch assisant is gone rogue. I've attached my log of hijackthis so I just need help on what to do next. Already uninstalled myway and cleared the folders as well.
 

Answer:Myway Search Assistant Removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using ... Read more

1 more replies
Relevance 52.89%

I was infected on Sunday July 5th and ran the Superantispy software and that seem to clear the issue, but I still have the Myway Search Assistant as a listed program. I see a previous post with the same issue and followed all the instructions up to including the post from Chaslang on 07-05-05 14:43 (http://forums.majorgeeks.com/showthread.php?t=66855). I believe the threat has been removed, but like rookiegirl it still shows in my "add/remove programs" and I want to make sure the threat is completely removed.

I didn't know if the delmyway.reg given to rookiegirl would work directly for my PC. Attached are the log files. Please let me know if there's more to be done and how to get rid of the final traces of the Myway Search Assistant

Thanks in advance for you help!
(first time msg board, so please let me know if I've committed any faux paus!)
 

Answer:Myway Search Assistant Removal

Welcome to Major Geeks!

We cannot continue until you attach the last log that was requested which is the C:\MGlogs.zip file created by running MGtools.
 

19 more replies
Relevance 52.89%

It appears I have fallen victim to the Home Search Assistant hijack as so many others have. I downloaded the HSRemove tool and followed the instructions contained therein. After running the program in safe mode, I checked the add/remove programs and Home Search Assistant is no longer listed. When I restart my computer in normal mode, it reappears. IE opens with the message that the hijack has been removed, but once I close IE and reopen it again the hijack is back. The curious thing is that I stopped and disabled Network Security Services when in safe mode. When I restart in normal mode, I find that Network Secuirty Services has been changed back to "automatic". Any ideas??? I have Windows XP home edition. I have set up an administrator account and a personal account too if that makes a difference. Thanks for any help you can offer.
 

Answer:Home Search Assistant Removal

It does in that you need to remove it from both accounts. More importantly, you can not open internet explorer until you have done both. Double the pleasure
 

3 more replies
Relevance 52.89%

Please help--I have been infected by the Home Search Assistant. I am running Norton antivirus and "Alert Spy"--any help is greatly appreciated. By the way, this is a work computer. Here is my most recent HJT LOGLogfile of HijackThis v1.99.0Scan saved at 2:06:41 PM, on 1/19/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\NavNT\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NavNT\Rtvscan.exeC:\oracle\Ora_Client\bin\omtsreco.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exeC:\WINDOWS\System32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\P... Read more

Answer:Home Search Assistant Removal

Sorry about a new log being posted, but I got booted from the laptop (battery died).Logfile of HijackThis v1.99.0Scan saved at 4:43:53 PM, on 1/19/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\NavNT\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NavNT\Rtvscan.exeC:\oracle\Ora_Client\bin\omtsreco.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exeC:\WINDOWS\System32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\AClient\Bin\XCDiffCache.exeC:\windo... Read more

38 more replies
Relevance 52.89%

I am trying to remove Home Search Assistant - CWS_NS3 and have a question about step 2 under the Begin Removal Procedure - specifically the services that are running. I do not have Network Security Service or Workstation NetLogon Service but have Remote Procedure Call (RPC) Locater NOT "HELPER" as described as the three. What should I do? Thanks.

Answer:Home Search Assistant Removal

The first thing I need you to do is download the file from here:ServiceFilter.zip - Get list of XP/2000/NT ServicesExtract the zip file to your C: drive. Once it is extracted there will be a directory on your C: drive called ServiceFilter. Inside the C:\ServiceFilter directory will be a file called ServiceFilter.vbs. Simply double-click on the ServiceFilter.vbs. When the script finishes a wordpad document should open with the unknown services listed in it. If the script could not access wordpad then you will see a message box telling you so. In that case you need to open POST_THIS.TXT by double-clicking it and pasting the contents as a reply to this topic. Please provide a brand new hijackthis log as well in this reply.

1 more replies
Relevance 52.48%

I am trying to fix a friend's computer that is infected with Vundo. This PC has Win XP SP 2 , and is using Norton Anti Virus. After downloasing the Vundo removal tool from their site, and running it, I am getting a message that says it cannot be removed. I have disable the system restore function as per the instructions.. Any help would be greatly appreciatiated. TIA :confused mimart7
 

Answer:Vundo +awtsp please help

The Special Removal Procedures sticky thread has the below link

Virtumonde aka Trojan Vundo Fix w/ Tool - some people also refer to this as WinFixer
 

1 more replies
Relevance 52.07%

I have been working on my nephews computer for a couple of days now and Cox Security still finds zeno search assistant. Please help. Thanks in Advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:51:04 PM, on 2/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Cox\Applications\App\syssvcnt.exeC:\Program Files\Bonjour\mDNSResponder.exec:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exeC:\Program Files\Kodak\printer\center\KodakSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_03\bin&#... Read more

Answer:Zeno Searc Assistant Removal And Other Popups

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 52.07%

Hi everybody,

my problem is that i just don?t seem to be able to get rid of that damn Search Assistant that appears beside the clock-tray on the taskbar.
Everytime I turn on my computer it is back, I?ve run AdAware 6, SpyWareDoctor etc. You just name it. So this is kinda my last call for help.. i?m going nuts over this :evil: Search Assistant.

So here below i?m going to post the log from Hijack This and hope someone can lend me a helping hand

--------- HijackThis ---------
Logfile of HijackThis v1.97.7
Scan saved at 16:02:00, on 14/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\AS***ent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\j2re1.4.... Read more

Answer:Search Assistant Removal problem (HJT included)

Hi,
Go to http://www.greyknight17.com/spyware.htm
Its a KRC Anti-Spware Tutorial..Very helpful.
Do follow everthing suggested.
Great start for security team in digesting your problem.
Upgrade your HJT to latest version.
Repost new HJT LOG.
Marty

1 more replies
Relevance 52.07%

Before I pestered you with my HijackThis log - I've seen these things before and they're not pretty - I followed your Home Search Assistant Removal Guide, and I no longer get the annoying symptoms. You guys rock!

Answer:Home Search Assistant Removal Guide Did The Job!

Thank Grinler, the guy who created the tutorial
I'm glad we could help.
David

1 more replies
Relevance 52.07%

Logfile of HijackThis v1.98.2Scan saved at 4:51:33 AM, on 8/24/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\WINDOWS\LTMSG.exeC:\Program Files... Read more

Answer:Searh assistant removal- I didn't see it at reboot

Scan with Hijackthis again and mark the following items. Make sure you have all browser windows closed and click"Fix Checked"R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sszikvhzgyff.com/YobkkBgtflu3A7...ZJ4cDxgrq5m.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKCU\..\Run: [Workout] C:\Program Files\WorkoutGenerator\\RSSAD.exe <-do you know what this program is?Reboot, scan with HijackThis again and post a fresh log please.

1 more replies
Relevance 51.66%

Hey guys.....................I have recently encountered CWS home search assistant in spyware doctor and as you already know Im sure........it wont remove it. Ive ran all the scans with the CW and Home search programs includding CWShredder, virus scans, asquared, adaware, spybot,ect, ect. My problem is...........I followed the guide to removing it and when I get to the part where you look for bogus network processes.......I dont find anything. I saw names of newtork service programs that were similar but not exact, so I ran the "get active services" file to see which were bogus and which werent, and all of them came back without the funny characters following the name that are supposed to differentiate the bogus service from the real service. What should I do now? Do I continue with the removal guide even though I can find bogus network service names? This is what I came up with:These are the Current Active Services: Adobe Active File Monitor V4: AdobeActiveFileMonitor4.0C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe Application Layer Gateway Service: ALGC:\WINDOWS\System32\alg.exe Windows Audio: AudioSrvC:\WINDOWS\System32\svchost.exe -k netsvcs Computer Browser: BrowserC:\WINDOWS\System32\svchost.exe -k netsvcs Cryptographic Services: CryptSvcC:\WINDOWS\system32\svchost.exe -k netsvcs DHCP Client: DhcpC:\WINDOWS\System32\svchost.exe -k... Read more

Answer:Cws Home Search Assistant Removal..........tutorial Problem

Anyone out there?

18 more replies
Relevance 51.25%

I'm pretty new to all this so please bare with me!
I have this virus (i think)! I have ran TrendMicro PC Cillin, Ad-Aware, and Spybot S & D
They all come up clean except for Spybot... It comes up with Virtumonde, then as a file under that is c:\windows\system32\awtsp.dll When i try to clean/delete that file, my screen turns blue with a bunch of words and then proceeds to restart! How can i get rid of this file? And if i delete it with KillBox will my computer still run correctly or what?
Is this file a necessary component for running windows? How can i fix this? Someone Please HELP!!

Thanks
Jewel

Ohh and another question for FYI purposes what is a Hijackthis log and what does it do?
 

Answer:Virtumonde - c:\windows\system32\awtsp.dll

Welcome to TSG

Ohh and another question for FYI purposes what is a Hijackthis log and what does it do?Click to expand...

It lets use see view certain aspects of your computer, usually where virus's show themselves. But, not always.

Please download HJTInstaller.exee Here
Let it Place Hijackthis in C:\Program Files\Trend Micro\Hijackthis
Let it create a Desktop Icon
Please run Hijackthis after you have run ComboFix. Thanks

===================================

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
Save it to your desktop

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

===================================

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe... Read more

1 more replies
Relevance 51.25%

i cant seem to get rid of this virus

here is my hijackthis log

I cant get this off my computer. I ran spybot and other programs..and they detect it..but can't delete it.

Here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:18 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Network Associates\Common Framework\Upda... Read more

Answer:need help removing vundo virus awtsp.dll

7 more replies
Relevance 51.25%

dvk01 kindly helped me kill vundo not long ago. At his recommendation, I now use CleanUp, SpywareBlaster, AdAware and Spybot along with my Norton AV, and run a Panda ActiveScan fairly often. Winfixer pop-up appears on a regular basis (beginning about two weeks before vundo, and continues to--never saw it before that). Every time I run ActiveScan, awtsp.dll shows up--EVERY time. Did enough looking around to see winfixer and awtsp showing up together on many message board requests for help (?) but that's all I know. Nothing else I run is showing any signs of a virus or vundo repeat, but can someone explain why awtsp.dll keeps coming back, and how do I stop the winfixer pop-ups? Obviously my regular pop-up blocker does nothing to stop it (I get almost no other pop-ups but winfixer!). Am I right in thinking these two are connected somehow or is it just coincidence? Whatever it is seems to slow my computer down--not lots, but enough to be noticeable, and CleanUp seems to bring it right back to normal speed. What can I do other than keep wiping out awtsp.dll every time it re-appears? Thanks in advance for any advice!
 

Answer:Solved: awtsp.dll keeps coming back!

11 more replies
Relevance 47.15%

Hi

Model No- HP Pavilion dv6330ea Notebook PC. Refer to the link http://h10025.www1.hp.com/ewfrf/wc/product?cc=us&d

my OS is vista home premium 32-bit.

Everytime i run Hp Support Assistant i get an error of CASLExec has stopped working. recently downloaded sp52110.exe for vista os. http://ftp://ftp.hp.com/pub/softpaq/sp52001-52500/sp52110.exe
but everytime i run hp support assistant i get this error.

Even Hp Wireless Assistant is not working or not opening at all. Recently just flash bios, then installed wireless drives and finially installed wireless assitant but still now solution. same problem not opening at all. but wireless card is working fine and i can easily connect to the internet, therefore there is no wireless problem.

Because of hp wireless assistant, i am unable to turn on Bluetooth because previously when hp wireless assistant was working at that time i had ennabled wireless and disabled bluetooth. Now i am unable to turn on the bluetooth because of this.
Can anyone suggest me any alternative way to enable the bluetooth without hp wireless assistant.
---------------------------------------------------------
If any user are looking for hp support assistant for windows 7 or 8 or vista then download the latest version from this link

http://http://h18021.www1.hp.com/helpandsupport/hp-support-assistant.html

-------------------------------------------------------

please reply soon.

Answer:Problem Wireless Assistant & Support Assistant, How Turn On manually WLAN & Bluetooth

Almost one weak passed away.... and still no reply to this post.

2 more replies
Relevance 45.92%
Question: adware.180search

Sometimes a new icon appears next to the clock, and when i click on it a window say my computer is infected, norton antivirus found this file infected: adware.180search but I can't delete it. I hope you can help me. Thanks.

Thi is my HijackLog file:

Logfile of HijackThis v1.99.1
Scan saved at 21:55:59, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\ARCHIV~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\ARCHIV~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\ARCHIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Archivos de programa\Archivos co... Read more

Answer:adware.180search

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before we do anything else, please ensure that you have already patch your system against the recent WMF exploit. Please refer to my sig. No point we fix anything only for it to return tomorrow.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

Download & extract it to it's own folder - smitRem.exe

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido


'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


HijackThis is able to create backups whenever if fixes ... Read more

1 more replies
Relevance 45.92%

Hi I think this needs looking at. i also have 180search in my add/remove programs and when i try and remove it, it says 180search unable to contact server please try again later. If any1 can help me with this problem i will be very grateful.

Logfile of HijackThis v1.98.2
Scan saved at 12:23:18, on 22/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Sha... Read more

Answer:HJT can sum take a look plz. 180search wont go!!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Ma... Read more

5 more replies
Relevance 45.51%

I have a bunch of ugly stuf that I can't get rid of. Adware found it but could not get rid of it all.
Hope someone can lend me a hand.
If you notice anything else lurking in there, let me know.
Here is the Hijack logfile

Logfile of HijackThis v1.97.7
Scan saved at 1:44:43 PM, on 11/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
.... Detail removed by user
 

Answer:180search bargain.exe cashback.exe

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\MYEMAC~1\LOCALS~1\Temp\MiniBug.exe 1
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d96da...ip/RdxIE601.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

Close all applications and browser windows before you click "fix checked".

Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Empty these folders:
Go to Start, Run, type %temp%, click OK
Completely delete the entire contents of this folder.
C:\Documents and Settings\MYEMAC(this is the first 6 letters of the profile\local settings\temp

Reboot.

Click on this link to download the new version of Hijackthis post a log using that version.
 

1 more replies
Relevance 45.51%

Hi,

For a few days now I have been having a blue screen as my desktop image and I keep getting pop-ups telling me about my system is at risk and I need to get anti-spyware and run scans.

After sscanning, AVG picked up a few trojans, they were located in %program files%180Search and %program files%180SearchAssistant folders aswell as in the %system32 folder.

My task manager was disabled, after re-enabling it, I found "sbwltbxa.exe" running.

I have read other forums that the users have similar problems, and they have ended up using Combofix.

I have downloaded Combofix and read all the instructions but havent run it.

Can you please help and suggest what I should do now.

many thanks
Michael

Answer:Sbwltbxa.exe - 180search Trojan

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update its... Read more

1 more replies
Relevance 45.51%

Hello

I got infected with the 180 Search assistant (also think saap is related), and i've got a lot of help through searching through past problems on the forum. Really wanted to see if anyone can put my mind to rest by telling me if my HijackThis log looks tidy and okay.

I Ran Ad-aware (SE with updates) and SpyBot (ditto) and deleted what came up.

The one entry i'm very confused about it 04 qzyrolmp.exe on my HT log I hope i've posted my log okay.....tried desperately to follow what should be done before i posted a log.

Many thanks in Advance to anyone who puts your time into helping me x
PB.


Logfile of HijackThis v1.99.0
Scan saved at 12:54:32, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\Pow... Read more

Answer:180Search / Saap glitch

Go to add and remove programs and remove uninstall 180search from your computer.
 

2 more replies
Relevance 45.51%

Hi, I need help deleting all of these, but i have no idea what to do.
I've already tried Ad-aware, spybot, and a bunch of others.
I really need help and i have to fix this computer ASAP
Thanks a lot
Btw, I attached my HKT log to the post, Thank again!
 

Answer:180Search, Win32.VB.ahq, SmitFraud

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 45.51%

I have read the 5 step program, but was unable to get panda to work. I was not blocking its pop-up, but I would get an error. I tried with IE and mozilla.

I installed zoned out, its blocked website list, and spyware blaster, and updated windows.

I have 3 folders in my C:/Program Files that reappear after I delete them. They are titled 180solutions/search/search assistant.

Thanks in advance!!

DSS log:
Deckard's System Scanner v20071014.68
Run by Big Tess on 2008-03-11 13:52:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-03-11 20:52:20 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Big Tess.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:20 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Syma... Read more

Answer:180search/solutions virus

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you're not receiving help elsewhere, and still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Run Deckard's System Scanner once more, and post it's log.

---------------------------------------------------------------------------------------------

Thank you.

1 more replies
Relevance 45.1%

Hi folks. I am new to this community, although I have searched through its archives every so often to glean information...Here's what happened. I have NO IDEA how since I do not surf the kind of sites that are rife with tihs kind of crap. Evidentally, it happened regardless of the cause.I have cleaned my PC with everything known to man, including SpyBot Search and Destroy, Spysweeper, smitfraud, etc.My latest scan still found the Virtumonde, 180search and rabio....I can only assume they are not truly being removed and are reinstalling themselves with each reboot.I am posting a hijackthis log in hopes someone can help me out, otherwise I will blow this HD and be done with it!Thanks in advance for any help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:08:09 PM, on 3/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\brss01a.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\P... Read more

Answer:Smitfraud, Virtumonde, 180search And Rabio Fun...

Hello swataz,Welcome to Bleeping Computer I don't think you'll have to blow the HDD. Let's just fix it!This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

13 more replies
Relevance 45.1%

Hi all..
I've got a pop_up to warn each time I start my pc!
- Xupiterstartup error
-180search assistant alert

I've tried to fix 180search prob. by downloading CWshredder.exe version 1.59.1 , i got the following mesage: '' You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) that has attempted to close CWShredder. To counter this, CWShredder is now starting with a random string of text in title bar. CWShredder is still functioning fine, it has not been corrupted. If you feel you should not be getting this error and you are not infected, restart CWShredder and this warning should not appear again ''.
If i click on '' Ok '' then the program run normaly but it remove all the time the same 2 things and the problem with trojan is still there!
I've used delcwssk.zip (miniremoval_coolwebsearch_smartkiller) but I've got the message '' CoolWWWSearch.SmartKiller (v1/v2) has not been found on your system ''!!!

Finally I've downloaded "hijackthis" Version 1.98.2 and I've saved my log file without doing any changes waitting for your advice

Logfile of HijackThis v1.98.2
Scan saved at 10:30:58 , on 10/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EX... Read more

Answer:Solved: PLZ help- 180search,xupiterstartup error

10 more replies
Relevance 45.1%

Hi -
WinMe, programs are constantly freezing; sometimes I can wait a few minutes and it unsticks, other times I have to hard-reboot and start all over again. I've had 180Search issues for months, keeps re-appearing but I can't uninstall/remove. Any help is really appreciated!
Thx in advance / fitzcalvin

Logfile of HijackThis v1.99.1
Scan saved at 9:33:44 PM, on 21/11/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt... Read more

Answer:Slow/freezing up, 180Search issues

bump BUMP

2 more replies
Relevance 43.87%

Hello! I would appreciate any help you can give me. I had a spyware attack that started with 180search, and somehow a lot more seemed to have gotten onto my computer. My computer is now running reaaallllllllyyyyy slowly. I went through all the steps in the tutorial except the steps that required an internet connection in safe mode, which I could not establish. However, I did run my antivirus scanner while in safe mode and came out completely clean. All other scans were completely clean except HSRemove, which removed all files. Now that I am back in normal mode, everything is still running slowly. Any suggestions would be greatly appreciated!

Thanks,

Julie
 

Answer:180search started it all, now computer running slowly -- Windows XP

The section for the online scanners tells you to run them in normal boot mode if for any reason they cannot be run in safe mode. Please run them in normal boot mode and continue witht the below if you still have problems. Why would you run HSremove? It is for HSA hijackers which is not what you are having a problem with?


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

1 more replies
Relevance 43.46%

Logfile of HijackThis v1.99.1Scan saved at 3:59:40 PM, on 11/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exec:\windows\system32\dwdsregt.exeC:\WINDOWS\system32\rwintoem.exeC:\Program Files\Internet Optimizer\optimize.exeC:\WINDOWS\elitemediapop.exeC:\WINDOWS\system32\mmxvdt.exeC:\Program Files\180search Assistant\180sa.exeC:\Documents and Settings\Jamal\Local Settings\Temporary Internet Files\Content.IE5\MTGG47F5\ucmoreiex[1].exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Jamal\Desktop\HijackThis.exeR3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -... Read more

Answer:Infected With Think Adz Ucmore 180search Internet Optimizer Deluxcommunications Elitemedia

Hello,It is important you don't miss a step and perform everything in the right order!!I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.That's why I want you to install them first!!Avira, AVG OR Avast OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!Agnitum Outpost Free, ZoneAlarm Free OR Kerio are FREE firewalls. Understanding and using firewalls* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:Think-Adz Search AssistantEnhanced Ads by Think-AdzBrowserUpdateSchedExploreUpdSchedInternet Optimizer180search AssistantDeluxeCommunicationsTheSearchAcceleratorReboot afterwards.. really important!* Download Brute Force Uninstaller.Unzip it to a folder of it?s own (c:\BFU).Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlStart the Brute Force Uninstaller by doubleclicking BFU.exeNext to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'In the field, copy and paste next URL:http://metallica.geekstogo.com/alcanshorty... Read more

6 more replies
Relevance 41.41%

it's no mystery. My kids have aim on their computer and zango has come to visit. I spybotted several times and removed all but 2 zangos. How can i remove the last two? Until then their media center runs about as fast as type setting the guttenburg bible.
 

Answer:Can't get rid of zango

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 41.41%
Question: Zango, etc. ?

Despite using Xsoft, AVG, Spybot, Adware and Registry Cleaner. I still seems to have problems with my PC. Every time I run a scan it finds the same spyware and removes, immunises etc. but when I run these spyware programs again, there back ? Am I doing something wrong! Zango is not the only spyware that keeps appearing time again.

I enclose the results of a Xsoft scan I run and quarantined. I would appreciate your advise. Thanks
 

Answer:Zango, etc. ?

7 more replies
Relevance 41.41%
Question: Zango

accidentally downloaded malware known as zango. I did the unistall but it keeps popping up in my "windows defender". I ran various spyware removal software but can't seem to get rid of it. Thought it may have just been an error on windows defender but it showed up on "Exterminate It!"

I installed "hijack this" ran and saved the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:00 AM, on 7/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Fil... Read more

More replies
Relevance 41.41%

Ive picked this thing up(Zango) and cant get rid of it,it keeps converting all zip files into media files .SOMEONE HELP ME!!!!
 

Answer:ZANGO how do i get rid!!!!!

Should be in add/remove programs, in the control panel.
David
 

1 more replies
Relevance 41.41%
Question: Zango

okay, so there's this thing that says Zango toolbar when i look in my list of programs in the add/remove programs thing in control panel.

When I try to uninstall it, it freezes and freezes my whole comp,

My question is, how do I get rid of it ?
 

Answer:Zango

spyware.... post this in the security forum.
 

2 more replies
Relevance 41.41%
Question: zango (log)

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:35:51 PM, on 10/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\nvsvc32.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\ZuneBusEnum.exeE:\WINDOWS\Explorer.EXEE:\WINDOWS\system32\wuauclt.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\SOUNDMAN.EXEE:\Program Files\Java\jre1.5.0_09\bin\jusched.exeE:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exeE:\Program Files\ScanSoft\OmniPageSE\opware32.... Read more

Answer:zango (log)

bump

3 more replies
Relevance 41.41%
Question: Zango?

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:28 PM, on 12/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\WINDOWS\system32\CTHELPER.... Read more

Answer:Zango?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum JD717My name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmYour version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save ... Read more

1 more replies
Relevance 41.41%
Question: zango help

somehow i got zango entries in my log but i cant find any files related to it i uninstalled it and ca antispyware say i still have it what do i do?

Answer:zango help

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

1 more replies
Relevance 41.41%
Question: **** Zango

Well my brother just "accidently" installed Zango to my comp he always has to use mine but anyway he installed it and i tried to remove it with my spyware software, which did'nt work. So I tried to manually remove it and a error message came up tellin me i needed to be an andmin for the comp but I am. Help meeeee

Answer:**** Zango

Go through Warez Monster's 4-step Spyware Removal process, conveniently located in my signature.

1 more replies
Relevance 41.41%
Question: Had Zango...

Had Zango on my computer but am wondering if it is clean from any other stuff.

Here's a HJT Logfile... thanks for any assistance.
Logfile of HijackThis v1.99.0
Scan saved at 12:56:39 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/
O2 - BHO: Zango Search Assistant Helper
/fleok=1D8A83A5C7E1137A9BAA75760EA83FA5EF80752B94E3D67D5D7C472C38C1 -
{56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program
files\zango\zangohook.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab3126... Read more

Answer:Had Zango...

16 more replies
Relevance 41.41%
Question: Zango

have a zango how do i get rid

Answer:Zango

What is a Zango?

5 more replies
Relevance 41.41%
Question: Zango

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:40 PM, on 10/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZuneBusEnum.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Two Pilots\Document2PDF Pilot 2.4 TRIAL\printer\d2pdfagent.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\WDBtnMgr.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\MSN Messenge... Read more

Answer:Zango

Hi there Project

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Opt... Read more

12 more replies
Relevance 41.41%

I have a zango virus that I can't get rid of. I also tried taking your advice on cleaning up my start menu and I have a couple of trojans according to bleepingcomputer. I couldn't understand their instructions for removal, so I'm hoping you can help. Here's my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:38 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\S... Read more

Answer:Can't get rid of Zango

You need to continue in the thread where you were being helped with this instead of starting a new thread.

http://forums.techguy.org/malware-r...723-another-zonebak-trojan-2.html#post5739606
 

1 more replies
Relevance 41.41%
Question: zango

how do i get ride of this parasite for good?,i go to add and remove, but it comes back the next day, it,s icon is a green circle with the letter g in the middle.thank tony

Answer:zango

Try running Ewido click hereand a2 click here

4 more replies
Relevance 41%

Hi, I hope you can help me. Norton has shown that I have Adaware.Zango. I have run Adaware & Ewido bit they have not found it. I have gone in to my add/remove programmes as I was initially told but nothing is in there. Is there any easy way to get rid of it.

Mny thanks in advance

Woody

Answer:I Cannot Get Rid Of Adaware.zango - Please Help!

Download and scan with SUPERAntiSypware Free for Home Users * Double-click SUPERAntiSypware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) * When done, select "Scan for Harmful Software". * There are three scanning options. Choose "Perform Complete Scan" and click "Next". * When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK". * Make sure they all have a checkmark next to them and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * Click Preferences and then click the statistics/logs tab. * Click the dated log and press View log. A text file will appear so you can see the results. * Select close to exit the program. * Scan in SAFE MODE

3 more replies
Relevance 41%

I have this program installed in error. Advice from one site was to use add/remove progs. but it doesn't appear there so that's no help. Any ideas?

Answer:how to remove zango

The free version of this should do it for you click hereDuring the un-install process you may be asked if you want to re-start your computer, DO NOT re-start at this point, let Revo continue. You will eventually get the option to Select All and to Delete - DO SO. You may be given the same options a second time, again DO SO, do not be picky, just accept all that Revo chooses.After clicking on Finish, re-start your computer.

8 more replies
Relevance 41%
Question: zango toolbar

My kid was using my laptop and now my computer is running slow and open videos only play part way before starting over. I found zango as a program and removed it but I think it is still there. How do I get rid of it.
 

Answer:zango toolbar

9 more replies
Relevance 41%

I'm experiencing problems with spontaneous URLs (usually gambling sites) appearing as new tabs (I'm running BT / Yahoo browser on XP).

Also, IE boots up unpredictably and undemanded whlst online with the browser above followed by similar attempts to direct to such sites. The initial URL is http://70.87.13.77/uk22SS22/zango_y_uk.html

Perhaps unconnected, IE has been hijacked by the ISP Orange (whose software I've failed to remove despite using the control panel add/remove tool which, ostensibly, deletes the Orange toolbar). This a result of installing Orange from a (legit) CD - service was no good and now can't get rid of the software.

I've run Adaware SE & SpyBot S&D. Spybot deletes some threats/cookies left behind after these attacks but not long after going back on line I end up re-infected. Some of the sites S&D identifies are;

advertising.com
BlueStreak
CasinoPopupStuff (with cookies to goldenpalace.com and banner.goldenpalace.com)
Cassava
DoubleClick
TagASaurus (cookie for ad.yieldmanager.com)
Zedo

I've run a HiJack this log which I include as text below (attachment process seemed to fail)

Any help would be very gratefully recieved

Many thanks

Logfile of HijackThis v1.99.1
Scan saved at 01:29:30, on 09/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\W... Read more

Answer:possible zango hijack

7 more replies
Relevance 41%

I know this forum is for those people who require the need of experts in removing viruses and other such things from their computers. I hope that it is appropriate for me to post here an incident that I encountered at 'AirDisasters.com'. In doing so, I hope to help others from inadvertently downoading viruses and then having to come to this forum to remove them.

I enjoy looking at aircraft photos, and 'AirDisasters.com' is a site I had safely visited before. Tonight I visited it once again and noticed at the top of their page a strip of thumbnail photos titled "OUCH Thats gotta hurt! / Wanna see more insane videos?". So like a dummy, I clicked on it. I was taken to the 'Zango.com' website - an advertising distrubutor. The name even sounds sinister. Am I being unnecessarily paranoid here? On their page was a grouping of thumbnails purporting to be short videos of unusual incidents. I decided to click on one thumbnail video and my download manager picked it up and sent it to my downloads folder. I opened up my downloads folder and AVG immediately detected a generic virus. Could this have been an unintended anomaly? Heaven forbid! I decided to try a different thumbnail video. And sure enough, AVG once again detected the same friendly virus. I sent them to the virus vault and deleted them. I can't praise AVG enough, it has been a lifesaver for me! Having just downloaded two nasties I wasn't about to strike out by downloading a t... Read more

Answer:Zango.com Contains Viruses

Read about this "Legal" company of Spyware here > http://en.wikipedia.org/wiki/180_Solutions

Under the paragraph heading "2002-2005" read line:
"November: Announced an ongoing partnership with the FBI in breaking up a botnet ring in the Netherlands." (October 2005)

This planned collaborative effort bolstered the respectability of this company.
The companys' programs and offerings are a hidden double edged sword.

This companys' program enabled affliates to "resulted in millions of illegal non-consensual installs" and "In 2004 Benjamin Edelman of Harvard University analysed the network behaviour of 180solutions applications and discovered they redirected commissions to itself that were properly due to affiliates, and additionally caused merchants to pay commissions when affected users clicked on merchant sites directly."

There is a lot more to this company and it's connections to certain entities.
So much so, that it would not be healthy for me to relate them here.

I have digressed too much already and am off topic. I apologise to the Moderator.

'Zongo' is spyware and some of it's "affiliates" install spyware through them for commercial reasons and for monitoring and intelligence gathering. Parts of it and it's "affiliates" programs are difficult to remove and other parts are hidden and impossible to remove. This company restructured and changed it's name ... Read more

1 more replies
Relevance 41%

Aquired a used desktop that needed a new motherboard to only discover it was full of adware. All logs are attached.
 

Answer:Zango and Gamevance to name a few

5th log
 

2 more replies
Relevance 41%

Hi, I hope you can help me. Norton has shown that I have Adaware.Zango. I have run Adaware & Ewido bit they have not found it. I have gone in to my add/remove programmes as I was initially told but nothing is in there. I have attached my Hijack This log below in the hope that you can help me.Mny thanks in advanceWoodyLogfile of HijackThis v1.99.1Scan saved at 21:49:25, on 01/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NP... Read more

Answer:Cannot Get Rid Of Adaware.zango - Please Help!

Hello and welcome to BC If you've not received help elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to help you.

2 more replies
Relevance 41%
Question: Zango on Spybot

I've got a strange one here. Today my Spybot picked up 8 Zango registry keys. I've tried to delete them with Spybot but I always get an error message saying:

"Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory)."

My Ad-Aware got rid of 4 registry keys, but doesn't notice the other 4, nor do Nortan 360, AVG 9, Malwarebytes or VIPERescue. The Spybot report is as follows:

Zango: [SBI $9DB49993] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Zango: [SBI $689E03A0] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $411F0828] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $9432A0E4] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

And nope, I've got absolutely no sign of Zango in my program files, so a simple program delete is out of the question. Any idea of how to delete this pest and why it only shows up on Spybot?

Answer:Zango on Spybot

Hi, Chips.

Try removing in Safe Mode.

Restart your computer in SafeMode by doing the following: Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

3 more replies