Need Help Removing SearchWeb2

Note HijackThis should only be posted when requested.

Part of your problem is due to Messenger Plus.

You should uninstall Messenger Plus if you have it installed. It put a bunch of bad stuff on your PC including a LOP infection. I see an O20 line with a DLL related to Messenger Plus so it does appear to be on your PC.

Let me know what you find.

 

Do you use a program name Spector? I believe it is a keylogging program. The line I'm questioning is:

O21 - SSODL: WebExtLocation - {FE2DB5FF-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\system32\lrluser.dll

 

I need answers for my previous messages before a complete fix can be made but let's at least do the below.

Download LSP - Fix

Now run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the newdotnet6_38.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move newdotnet6_38.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

If it is already in the Remove section, just click Finish.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lqfgzcjqjd.com//1KgrFn7/08Z6Ny1slaLSGiw95AZ0wkmLL1_zkmM7EwW1DACq5hlDEhifGlvdAFH.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0A22023D-7C25-6471-F22A-046F905AA934} - C:\DOCUME~1\CATHER~1\APPLIC~1\WAYBYT~1\Cool plan.exe
O2 - BHO: (no name) - {89044184-F260-4FDD-8FAB-2662814846E5} - (no file)
O4 - HKLM\..\Run: [OBJ HTM PHONE DEAF] C:\Documents and Settings\All Users\Application Data\support32objhtm\show rule.exe
O4 - HKCU\..\Run: [Barb Type] C:\DOCUME~1\Dean\APPLIC~1\USEREL~1\idlewait.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\CATHER~1\Application Data\WAYBYT~1\Cool plan.exe <--- deleting the whole WAYBYT~1 folder would be best
C:\Documents and Settings\All Users\Application Data\support32objhtm\show rule.exe <--- deleting the whole support32objhtm folder would be best
C:\Documents and Settings\Dean\Application Data\USEREL~1\idlewait.exe <--- deleting the whole USEREL~1 folder would be best
c:\program files\newdotnet <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome.

I still don't like the idea of the below being in your log:
O20 - AppInit_DLLs: MsgPlusLoader.dll

As I asked before, are you using Messenger Plus. It must be an older version. This program could have been responsible for some of your problems. It is know to put LOP infections of PCs.

 

Okay! Let me know what happens. It may take some manual removal steps.