Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Please help. I am using HijackThis to find the appropriate files to delete in order to get rid of a nasty hotpopup search bar that always launches after I open IE. I deleted all files with the hotpopup name segment, however it still occurs after restart ... they even get written back in. WHich files do I need to delete? THX!
Logfile of HijackThis v1.97.3
Scan saved at 1:44:10 AM, on 10/26/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\svcpack.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\Netropa\Smart Keyboard\Smartkbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\wjview.exe
C:\WINDOWS\iedll.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
C:\Program Files\Netropa\Smart Keyboard\MEDIACTR.exe
C:\winnt\winlogon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\LimeShop\LimeShop.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Aladdin Systems\StuffIt Standard\stuffit.exe
C:\Documents and Settings\Administrator.CPI-II\Application Data\Aladdin Systems\StuffIt\Temp\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.xmlsweb.socalmls.com/Login.asp
R3 - URLSearchHook: (no name) - - (no file)
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINNT\System32\DReplace.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Netropa\Smart Keyboard\Smartkbd.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spp] regedit -s C:\spp.reg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EarthLink Installer] "C:\DOCUME~1\ADMINI~1.CPI\LOCALS~1\Temp\EarthLinkTotalAccess2004\Windows\access\program files\EarthLink TotalAccess\_Setup.exe" /C
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - HKCU\..\Run: [loader] C:\WINDOWS\loader.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.xmlsweb.socalmls.com/XMLSearch/XMLCache.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/252ac35d6dc10bc31005/netzip/RdxIE6.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
Hi there,
I'm a visitor from techguy.forums. I was just googling for info on svcpack.exe. It seems to be a new variant on CWS's [b]svcinit.exe[/b], and determining the removal of it when the DLREPLACE BHO shows up is severely affecting other systems.
There's an ongoing thread at the forum...
http://forums.techguy.org/t174516/s.html
...so if anyone finds a fix, I'd appreciate it if you'd let me know there. I will of course, update any info I get on this to the above link, and you're welcome to try it out here... if it works let us know.
Thanks for your time,
Cheers
Liam
0 
look here for your toolbar popup: http://www.mvps.org/inetexplorer/Darnit.htm
Sometimes it is not enough to uninstall it but remove it from the registry altogether.
Hope this helps
0
Hey Liam, my computer got assulted and I ended up with SVCPACK.exe as well. I cleared it out of win.ini and deleted it in dos mode. It's gone. Im running 98 on this machine.
AJ
0
hey aj, i also have a lot of problems with svcpack.exe. i don't no how to delete it... clear it out of wini.? how? en when i'm in dosmode there is no option to delete it...
hope you can help me
0
Jay: you must start computer in dos mode.
change directory to system (or where ever svcpack is at)
C:\WINDOWS>cd system
C:\WINDOWS\SYSTEM del svcpack.exerestart computer
Then just edit WIN.INI in notepad and save.
Dont delete the whole line that contains svcpack in win.ini.. just delete svcpack. Leave run= or whatever is in front of it!
Good luck
AJ
0
AJ
Tried to delete the file in ms dos but shows bad command.
Found the file svcpack.exe in msconfig and removed everything except 'run='. Have not had any problems since.
To delete it this way, click start\run, type msconfig, press enter, click win.ini tab and double click windows. Highlight the line and click edit, delete all but run= and click apply.
Greenhorn
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
