Can't get rid of searchweb2. Includes hijack this Log.

Re: Can't get rid of searchweb2. Includes hijack this Log.
Fix = use HJT to fix

Uninstall = Use the control panel to uninstall

Delete = Manually delete the file, backup to removable media in case I am wrong




This looks fishy, I'd:

1) try to uninstall
2) If not possible delete the file.



This looks fishy, I'd:

1) try to uninstall
2) If not possible delete the file.



Fix



Bloat, I'd fix




Fix, I'd also delete the files



I'd investigate (run, see if they are legiut, see if I really have IOMEGA drives) and probably fix




Fix




Fix




Fix




Fix



Fix

Reboot, and see if there are any problems. Let us know either way as it helps us help others.

Initial results
I followed the recommendations except I left the Finepix and iomega entries. Finepix is the digital camera software and I have an Iomega zip drive.
Here's the interesting one:

C:\PROGRA~1\Openamok\armyelse.exe
This file and its directory could not be deleted even though it was not listed as read only. So I rebooted in safe mode and then was able to delete the directory.

I checked the new hijack this log and none of the items reappeared and the redirect of my home page is gone. Norton AV still comes up disabled but over all this looks better. I will give an update when I am more sure this is gone (searchweb2 has a habit of re-appearing after a while).

Thanks for the help.

still good
Still no sign of reappearing. I think we got it. Thanks again.

question?
I'm having the same problem. How did you get a list of all the running processes? I would do almost anything to get this off my computer?

Thanks.

go to this site and download the program

http://www.adwareaway.com/

it will fix all of your problems

searchweb2
no such luck. looks worse the pop up blocker is not working as well.

any other suggestions

pkc, use your own thread, posting to a resolved thread is ignored by most.

i have the same problem wid searchweb2 pop up n here is my hijackthis log


Logfile of HijackThis v1.97.7
Scan saved at 6:52:50 PM, on 8/8/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\WINUPIE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ELITECORE\CYBEROAM CLIENT FOR 24ONLINE\CYBEROAMCLIENT.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\JAVASOFT\JRE\1.3.1_04\BIN\JAVAW.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\PROGRAM FILES\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
C:\PROGRAM FILES\LIME_SHOP\LIMESHOP1.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LIME_SHOP\LIMESHOP0.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.529\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.google.co.in/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.azahznjfjvgzijwiu.info/XE9kQMPvkXnYEQRKdPChpuGRbuJScmftYe97Y5PGtRIvPRsOlNqO9yCEUkpD47Bt.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: (no name) - {08BB91CB-9283-65BE-E78E-F7579C44C249} - C:\PROGRAM FILES\WAYRECTGREAT\ONLINE SOFTWARE.EXE
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Limeshop0] "C:\PROGRAM FILES\LIME_SHOP\Limeshop0.exe"
O4 - HKLM\..\Run: [okay default] C:\PROGRA~1\MODEFU~1\title second.exe
O4 - HKLM\..\Run: [software setup bash dupe] C:\WINDOWS\Application Data\16MULTISOFTWARESETUP\Gram Trust.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe
O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\navpmc\NAVPMC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: LimeWire 4.0.7.lnk = C:\Program Files\LimeWire\LimeWire 4.0.7\LimeWire.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: LimeShop Preferences - file://C:\PROGRAM FILES\LIME_SHOP\Sy700\Tp700\scri700a.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .txt: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} (Installer Class) - http://www.tradeexit.com/Config.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38169.3849768518
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = manage.cyberoam
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.250.250

rag138,

please read the post immediately prior to yours.

the websearch2 solution
1. Uninstall any version of RealOne and RealPlayer from the Control Panel
2 Go to SEARCH in Windows XP (click START in XP, then go to SEARCH or press the F3 key while viewing your DESKTOP). Search in your hard drive for REALSCHED.EXE and REALEVENT.EXE only.
3. Find them? You should, they'll be in a folder, usually located at "C:\Program Files\Common\Real\Update_OB" (please keep in mind I just updated Real Player from version 1 to version 2 on November 20, 2003. The files to delete were originally in common\real folder, but the above folder is the new one now)
4. Delete the 3 files - yes I said DELETE them! Delete these: REALSCHED.EXE, REALEVENT.EXE and RNATHCHK.EXE. You're done. No, this wont affect Real Player - but now you can surf quietly online, without Real Networks tracking you This is not illegal to do, either, since you are NOT "reverse engineering" the files - you're merely deleting them! It's your PC anyhow, you may delete what you wish.



Edit [Moderator]: Link removed