-
Posts
-
@dave2020 wrote:
MY NORTON SAYS THE ADDRESS TO MY BUG IS
C:ProgramFilesAWSWeatherBugMINIBUGTRANSPORTER.DLL
AND YOUR LINK GUYS CLOSEST ONE WAS
http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab
Then go to your program files and delete the AWS file!
Click My Computer
Click Local Disk (C)
Click Program Files@dave2020 wrote:
grrrrrrrrrrrrrr
my pc is asking for which program to use to open the zip !!
Dave do you have winzip?
http://www.winzip.com/downwzeval.htm You can download Winzip (evaluation) from here.
@Ow£n Ka$h wrote:
@dave2020 wrote:
MY NORTON SAYS THE ADDRESS TO MY BUG IS
C:ProgramFilesAWSWeatherBugMINIBUGTRANSPORTER.DLL
AND YOUR LINK GUYS CLOSEST ONE WAS
http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab
Then go to your program files and delete the AWS file!
Click My Computer
Click Local Disk (C)
Click Program FilesOwen you can force an uninstal from the Minibug while it’s in use.
no AWS file there !!!!
@dave2020 wrote:
no AWS file there !!!!
No it’s a hidden file it has an extension of .cab you wont find it in the programs directory.
You need to download Winzip then download hijack this (make sure you save Hijack this to your desktop) and post the log Dave.
Logfile of HijackThis v1.98.2
Scan saved at 17:44:53, on 27/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:WINDOWSSYSTEMKB891711KB891711.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCEVTMGR.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCSETMGR.EXE
C:PROGRAM FILESNORTON ANTIVIRUSIWPNPFMNTOR.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMRESTORESTMGR.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSLOADQM.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESMICROSOFT HARDWAREMOUSEPOINT32.EXE
C:WINDOWSSYSTEME_S10IC2.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:PROGRAM FILESCOMMON FILESREALUPDATE_OBREALSCHED.EXE
C:PROGRAM FILESMSN APPSUPDATER1.02.3000.1001EN-GBMSNAPPAU.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCPD-LCSYMLCSVC.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCAPP.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSNDSRVC.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:PROGRAM FILESMSN MESSENGERMSNMSGR.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESWINZIPWZQKPICK.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXER0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.karoo.co.uk
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 – BHO: MSNToolBandBHO – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:PROGRAM FILESMSN APPSMSN TOOLBAR1.02.4000.1001EN-GBMSNTB.DLL
O2 – BHO: ST – {9394EDE7-C8B5-483E-8773-474BF36AF6E4} – C:PROGRAM FILESMSN APPSST1.02.3000.1002EN-XUSTMAIN.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 6.0READERACTIVEXACROIEHELPER.DLL
O2 – BHO: (no name) – {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} – (no file)
O2 – BHO: NAV Helper – {BDF3E430-B101-42AD-A544-FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: (no name) – {8E718888-423F-11D2-876E-00A0C9082467} – (no file)
O3 – Toolbar: MSN – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:PROGRAM FILESMSN APPSMSN TOOLBAR1.02.4000.1001EN-GBMSNTB.DLL
O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 – HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [LoadQM] loadqm.exe
O4 – HKLM..Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 – HKLM..Run: [POINTER] point32.exe
O4 – HKLM..Run: [QuickTime Task] “C:WINDOWSSYSTEMQTTASK.EXE” -atboottime
O4 – HKLM..Run: [EPSON Stylus C44 Series] C:WINDOWSSYSTEME_S10IC2.EXE /P23 “EPSON Stylus C44 Series” /O7 “EPUSB1:” /M “Stylus C44”
O4 – HKLM..Run: [TkBellExe] “C:Program FilesCommon FilesRealUpdate_OBrealsched.exe” -osboot
O4 – HKLM..Run: [msnappau] “C:Program FilesMSN AppsUpdater1.02.3000.1001en-gbmsnappau.exe”
O4 – HKLM..Run: [OmgStartup] C:Program FilesCommon FilesSony SharedOpenMGOmgStartup.exe
O4 – HKLM..Run: [Symantec Core LC] C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe start
O4 – HKLM..Run: [ccApp] “C:Program FilesCommon FilesSymantec SharedccApp.exe”
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMON.EXE
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe
O4 – HKLM..RunServices: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 – HKLM..RunServices: [KB891711] C:WINDOWSSYSTEMKB891711KB891711.EXE
O4 – HKLM..RunServices: [ccEvtMgr] “C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe”
O4 – HKLM..RunServices: [ccSetMgr] “C:Program FilesCommon FilesSymantec SharedccSetMgr.exe”
O4 – HKLM..RunServices: [NPFMonitor] C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O4 – HKLM..RunServices: [ScriptBlocking] “C:Program FilesCommon FilesSymantec SharedScript BlockingSBServ.exe” -reg
O4 – HKCU..Run: [EPSON Stylus C44 Series] C:WINDOWSSYSTEME_S10IC2.EXE /P23 “EPSON Stylus C44 Series” /M “Stylus C44”
O4 – Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZSXXXXXXXXGB
O8 – Extra context menu item: &Yahoo! Search – file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:Program FilesYahoo!Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:Program FilesYahoo!Common/ycdict.htm
O9 – Extra button: Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:PROGRAM FILESYAHOO!MESSENGERYHEXBMES0521.DLL
O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:PROGRAM FILESYAHOO!MESSENGERYHEXBMES0521.DLL
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:WINDOWSwebrelated.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:WINDOWSwebrelated.htm
O9 – Extra button: WeatherBug – {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} – C:Program FilesAWSWeatherBugWeather.exe (file missing) (HKCU)
O12 – Plugin for .mov: C:PROGRA~1INTERN~1PLUGINSnpqtplugin.dll
O16 – DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) – https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 – DPF: {556DDE35-E955-11D0-A707-000000521957} – http://www.xblock.com/download/xclean_micro.exe
O16 – DPF: Yahoo! Pool 2 – http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 – DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 – DPF: ChatSpace Full Java Client 3.1.0.235 – http://java.chatxplus.com:8000/Java/cfs31235.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 – DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) – http://f007.mail.lycos.co.uk/app/uploader/FileUploader.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 – DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) – http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 – DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) – https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 – DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) – https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 – DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 192.168.1.254Dave Hijack has found it but i need about half hour to pull this log apart dont delete anything untill i post.
It looks like you have deleted the file but still have the registry key.
Download this free program, it will find and delete any dead links in your
registry.
http://personal.inet.fi/business/toniarts/ecleane.htm
My Web Search is dodgy too! :wink:
http://www.free-web-browsers.com/support/remove-mysearch.shtml
http://www.spywareremove.com/mywebsearch.shtmlhey guys wouldnt it be an absolute pisser after all this and we finally get rid of the mini bug we find its not that what is causing the IE probs lol
Get involved in this discussion! Log in or register now to have your say!