1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Spyware.Iwantsearch

Discussion in 'Virus & Other Malware Removal' started by wongmg, Sep 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. wongmg

    wongmg Thread Starter

    Joined:
    Sep 20, 2004
    Messages:
    33
    Can u help me with a problem reported by Norton Anti-virus 2004. After a virus scan I get a threat message that says
    'Spyware.Iwantsearch' has been detected and the following file are infected: 'C:\WINDOWS\Downloaded Program Files\rundlg32.dll' and 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YDT2BQLS\rundlg32.dll'
    Norton cannot delete these files and their site gives no information as how to remove it. i have attached my log file for u to analyse. Thank you.

    Scan initialized on 9/21/2004 8:23:55 PM
    ========================================

    Started memory scan
    ====================
    Running processes:
    1: \SystemRoot\System32\smss.exe
    2: \??\C:\WINNT\system32\csrss.exe
    3: \??\C:\WINNT\system32\winlogon.exe
    4: C:\WINNT\system32\services.exe
    5: C:\WINNT\system32\lsass.exe
    6: C:\WINNT\system32\svchost.exe
    7: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    8: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    9: C:\WINNT\system32\spoolsv.exe
    10: C:\WINNT\System32\svchost.exe
    11: C:\Program Files\Norton AntiVirus\navapsvc.exe
    12: C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    13: C:\WINNT\system32\nvsvc32.exe
    14: C:\WINNT\system32\regsvc.exe
    15: C:\Program Files\Norton AntiVirus\SAVScan.exe
    16: C:\WINNT\system32\MSTask.exe
    17: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    18: C:\WINNT\system32\stisvc.exe
    19: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    20: C:\WINNT\system32\ZoneLabs\vsmon.exe
    21: C:\WINNT\System32\WBEM\WinMgmt.exe
    22: C:\WINNT\System32\mspmspsv.exe
    23: C:\WINNT\system32\svchost.exe
    24: C:\WINNT\Explorer.EXE
    25: C:\WINNT\system32\rundll32.exe
    26: C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    27: C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    28: C:\WINNT\system32\NotifyPhoneBook.exe
    29: C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    30: C:\Program Files\Winamp\Winampa.exe
    31: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    32: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    33: C:\WINNT\system32\RUNDLL32.EXE
    34: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    35: C:\Program Files\Internet Explorer\iexplore.exe
    36: C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    37: C:\WINNT\msagent\AgentSvr.exe
    38: C:\PROGRA~1\SpyBlocs\SpyBlocs.exe

    Identified Process:

    1: WIN-SPY - Trial Version - Spy - SEVERE

    Memory scan result:
    Total modules found:38
    Suspicious modules found: 1

    Started registry scan
    ====================
    Real Spy Monitor Trial Version
    Spy - SEVERE
    Registry scan result:
    Suspicious keys found: 1

    Started folder scan
    ====================
    BDE Trial Version
    Adware - SEVERE


    Folder scan result:
    Folder processed: 0
    Suspicious folders found: 1

    Started file scan
    ====================

    File scan result:
    Suspicious files found: 11

    Scanning finished
    ====================
    Suspicious modules found: 1
    Suspicious keys found: 1
    Suspicious folders found: 1
    Suspicious files found: 11
    ====================

    Components ignored:0
    Total components found:14
     
  2. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Please go to the link below and downloadHiJackThis by Merijn Bellekom:

    Save it to a permanent folder.

    ***NOTE***Do not FIX anything without a log analyzer's guidance. MOST of what's listed is necessary for your computer to operate normally.

    http://www.majorgeeks.com/download3155.html


    Alternate download links:

    http://www.spychecker.com/program/hijackthis.html

    HiJackThis download link


    Under "Official Downloads" HiJackThis. It's the 2nd one down.

    Download and unzip to a permanent folder of your own creation.

    Open HiJackThis. Click "Scan". Then, in the lower left corner, click "Save Log".

    Save it to your permanent HiJackThis folder (or floppy disk if necessary).

    The log will open in Notepad. Click "Edit" then "Select All".

    Copy and paste the log back to this thread.



    After that's done, open HiJackThis. Click "Config" and put a checkmark in the "Make backups before fixing items" box.
     
  3. wongmg

    wongmg Thread Starter

    Joined:
    Sep 20, 2004
    Messages:
    33
    Logfile of HijackThis v1.98.2
    Scan saved at 5:53:24 PM, on 9/25/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\WINNT\system32\NotifyPhoneBook.exe
    C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\wongmg\temp2\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Unsd Class - {0CA6C3EA-2054-4011-BC9F-8BBC017A169C} - C:\Documents and Settings\Administrator\Application Data\SBSoft\uns.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [won update] wapdate.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [KsgUpdateRun] E:\Common\kingsoft\KSG\client.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [won update] wapdate.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [won update] wapdate.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCCABAD9-0E1F-48DB-837E-4D9147812359}: NameServer = 165.21.83.88 165.21.100.88
     
  4. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Open HiJackThis. Click "Scan". Put a checkmark next to these:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O2 - BHO: Unsd Class - {0CA6C3EA-2054-4011-BC9F-8BBC017A169C} - C:\Documents and Settings\Administrator\Application Data\SBSoft\uns.dll (file missing)


    O4 - HKLM\..\Run: [won update] wapdate.exe


    O4 - HKLM\..\RunServices: [won update] wapdate.exe

    O4 - HKCU\..\Run: [won update] wapdate.exe



    Any clue what the lines below are?

    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

    O4 - HKLM\..\Run: [KsgUpdateRun] E:\Common\kingsoft\KSG\client.exe


    Delete your temporary internet files (TIF)

    In the Tools menu, open Internet Options.... In the General tab, in the Temporary Internet files section, click on Delete Files.

    Restart your computer.

    ***NOTE*** Disable any active resident Anti-virus program before running the scans

    Run at least one of these two on-line anti-virus programs.

    As applicable, make sure the "heuristics" and "Auto Clean" boxes are checked.

    If anything's found, allow it to clean the file. If it's "uncleanable" DELETE everything the virus scan finds.

    Re-start the computer between each scan.


    Trend Micro's free on-line scan

    Panda's free on-line scan

    Restart and post another HiJackThis log.
     
  5. wongmg

    wongmg Thread Starter

    Joined:
    Sep 20, 2004
    Messages:
    33
    Thank you for ur quick reply. i have followed ur instruction and i had gone through the Panda's free on-line scan, however it couldn't find out anything wrong and my Norton Antivirus still detected Spyware.iwantsearch at 'C:\WINDOWS\Downloaded Program Files\rundlg32.dll'.
    Below is my latest Hijack Log File. Pls help.
    Logfile of HijackThis v1.98.2
    Scan saved at 1:41:01 PM, on 9/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\WINNT\system32\NotifyPhoneBook.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\wongmg\temp2\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [KsgUpdateRun] E:\Common\kingsoft\KSG\client.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCCABAD9-0E1F-48DB-837E-4D9147812359}: NameServer = 165.21.83.88 165.21.100.88
     
  6. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Uninstall Instructions:
    To uninstall newest version of IWantSearch plugin
    please go to START -> Settings -> Control Panel -> ADD/Remove Programs and Uninstall "SBSoft"
    To uninstall the older version of IwantSearchPlugin please click on the following link http://www.iwantsearch.com/uninstall/remove.exe
     
  7. wongmg

    wongmg Thread Starter

    Joined:
    Sep 20, 2004
    Messages:
    33
    To: LD Tate
    Spyware.iwantsearch still couldn't clear away even after i'd done what u had mentioned. I attached with my log file again. Pls help
    Logfile of HijackThis v1.98.2
    Scan saved at 4:29:49 PM, on 9/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\WINNT\system32\NotifyPhoneBook.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\mshta.exe
    D:\wongmg\temp2\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [KsgUpdateRun] E:\Common\kingsoft\KSG\client.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCCABAD9-0E1F-48DB-837E-4D9147812359}: NameServer = 165.21.83.88 165.21.100.88
     
  8. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Search for these two files. If you have them they should show up in.
    Downloaded Program Files. Delete them if found.
    RUNDLG32.DLL
    REGDLG32.INF
     
  9. wongmg

    wongmg Thread Starter

    Joined:
    Sep 20, 2004
    Messages:
    33
    Hi, Once again i would like to inform you that the files RUNDLG32.DLL and
    REGDLG32.INF couldn't find in my PC. Whatelse can i do next to delect spyware.iwantsearch. Thank you.
     
  10. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Download CWShredder from my signature below. Unzip it on the desktop.
    Open CWShredder and with ALL other windows closed, click fix.
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    The rundlg32.dll file is there, but you are not able to see it. Do this:

    Go to start>Run
    Paste in this command and press enter:
    regsvr32 /u occache.dll

    Boot to safe mode:

    How to start your computer in safe mode

    Now go to the Downloaded Program Files Folder and find the rundlg32.dll file and delete it .
    When you finish go back to start>Run
    Paste in this command:
    regsvr32 occache.dll
     
  12. wongmg

    wongmg Thread Starter

    Joined:
    Sep 20, 2004
    Messages:
    33
    Hi,
    Thank you flrman1, After following the instructions given by you. I was able to get rid the spyware in my PC. Besides that i would like to thanks FinestRanger and LDTate for giving me some others useful methods to help me clear the spyware.

    Regards
    Wongmg
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Glad we could help! :)

    Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Spyware Iwantsearch
  1. jennys95
    Replies:
    1
    Views:
    445
  2. rjay13
    Replies:
    0
    Views:
    275
  3. dano_61
    Replies:
    14
    Views:
    884
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/276415

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice