Smileyworld Toolbar - still in Outlook!?!

[Gizmo75]

I've just read the last topic about the f***** SmileyWorld Toolbar, managed to delete the uninstall entry since the deinstallation didnot work and the smileywolrd website itself does not work either, but still I get the toolbar in all emails I open ... HELP!?!?

Does anyone have an idea, what I can do to completely uninstall it??
Would it be possible to just delete it on C:\programms ?
(I don't find it there!!!)

Thanks a lot in advance!

 

[2scoops0406]

You could try this thread, if no joy, get back to us

http://www.diynot.com/forums/viewtopic.php?t=18205

 

[Gizmo75]

Hi Eddi!

So far it worked, that I don't have the option to uninstall the toolbar anymore.

But nevertheless the programm is obviously still there, although it seems to be damaged, because
1. when I open Outlook I get a question, if I want to switch the standard e-mail format to html
2. opening an email always shows the smiley world toolbar in the message window
3. if I cklick on any of the buttons of the toolbar they do not work properpy (e.g. smilys just opens a new box, but that is empty)

Do you have any idea, how I can get rid of the toolbar in my email programm, without having to manually delete it every single time?!

thx again

 

[2scoops0406]

Do you mean outlook or Outlook Express ?

 

[Gizmo75]

it is outlook - and I have windows 2000 professional

 

[Igorian]

Follow the link Eddie posted earlier. It references a free tool called Hijack This. If you can run it on your system and then post a copy of the log, one of us can point you at the registry elements you need to remove.

Cheers

Ian

 

[Gizmo75]

here it is ...

Logfile of HijackThis v1.99.0
Scan saved at 16:16:57, on 04.01.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Programme\netinst\niagnt32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\Project Selector\projselector.exe
C:\Programme\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINNT\system32\internat.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\iFinger\iFinger.exe
C:\Programme\Microsoft Office\Office\1031\msoffice.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Programme\Gemeinsame Dateien\System\MAPI\1031\nt\MAPISP32.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\WINZIP32.EXE
C:\DOKUME~1\paesi01\LOKALE~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet-de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ACN049FFMPROXYARRAY01.acn049ffmproxy.acnielsen.de.org:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ACN049FFMPROXYARRAY01.acn049ffmproxy.acnielsen.de.org:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet-de;10.*.*.*;*.enterprisenet.org;138.108.*.*;194.12.8.*.*;acn*.*.*.*;vnu*.*.*.*<local>
O1 - Hosts: 172.24.40.4 acnddb02.acn.external.hp.com acnddb02
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: iFinger - {1624F640-49AC-11D3-8ABD-00C04FA95EE0} - C:\Programme\iFinger\iFingerBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [projselector] "C:\Programme\Gemeinsame Dateien\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programme\Gemeinsame Dateien\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programme\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: iFinger.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: iFinger.lnk = C:\Programme\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINNT\System32\SHDOCVW.DLL
O16 - DPF: EmailImport - http://www.openbc.com/importtool/openBC.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {B80F9FCE-DFDD-4A2A-8AA9-E05C6B7D4ED3} (SWToolBar Class) - http://www.smileyworld.com/toolbar/SmileyWorld.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = enterprisenet.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EAA195C-4D68-491E-B339-B108D1ED02AE}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = enterprisenet.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = enterprisenet.org,de.enterprisenet.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = enterprisenet.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = enterprisenet.org,de.enterprisenet.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = enterprisenet.org,de.enterprisenet.org
O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NetInstall Service - NetSupport GmbH - C:\Programme\NetInst\NiAiServ.exe
O23 - Service: NetInstall Executive - NetSupport GmbH - C:\Programme\NetInst\NiExServ.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

 

[Gizmo75]

and still in outlook as soon as I open any mail the toolbar is shown

 

[Igorian]

Ok, the smileyworld toolbar is listed:

O16 - DPF: {B80F9FCE-DFDD-4A2A-8AA9-E05C6B7D4ED3} (SWToolBar Class) - http://www.smileyworld.com/toolbar/SmileyWorld.cab[/QUOTE]

First, take a system restore point, just in case.

Run the scan again and then put a check next to this entry and click 'Fix Checked'. When prompted to take a backup, click the YES button. When fixed, reboot the machine and check that it's gone. You can easily restore the backup if need be.

You appear to have other 'spyware' looking stuff too. Have you tired using a tool like Spybot or Pestpatrol?

Cheers

Ian

 

[Gizmo75]

Hi!

What do you mean with : First, take a system restore point, just in case.
(and how do I do this?)

Sounds like we're coming closer to getting the toolbar our of my systems

I have Adaware and used it, but it didn't report anything about the smileyworld toolbar.

Thanks again!!

Mone

 

[Igorian]

Ok, so I assumed XP , but I notice you are using 2K.

IMHO, I think you could probably leave the restore point as long as you do the backup within HJT.

If you want a trial version of a system restore tool for Win2K, you could try this. (Make sure you select the Win2K version from the left menu)

Give it a blast.

 

[Gizmo75]

I tried everything, deleted the line you pointed out with hjack, deleted also the line where it says "email import" (even if it was from openbc), restarted the computer ... but still the toolbar appears when I open mails!

Where else can it be??

Is there a chance to find out, where it is installed? Since when you go on the homepage of smileyworld the toolbar is installed directly and not just first downloaded, so I don't know how to find it on my harddrive!?

greetings from Germany,

Gizmo

 

[Igorian]

Try running HJT again to make sure the entry has been deleted. Some of these toolbars have persistent installers which reload themselves on startup. I would assume you are looking for a cabinet file called smileyworld.cab.

Smileys always come wit some unwanted payload.

 

[Gizmo75]

Nothing in the log file that would help me identify where it is ... YES, I learned that lesson very well!!

I'll write to their support, maybe that will solve the problem, even if I'm not that optimistic

Thanks a lot for your help so far!! If I get a solution, I will let you know!

Gizmo

 

[Igorian]

Another thing to look at (from the SW site):

3. How do I uninstall the Toolbar Toolbar?

Step 1


Click Start > Settings > Control Panel

Open Add/Remove Programs

Click on Smiley World Toolbar

Click on Change/Remove
The program will then be uninstalled, restart your computer.

Step 2


Open Internet Explorer
Click on Tools > Internet Options
Click on Settings
Click on View Objects (window/folder pops open)
Close Internet Explorer down, but do not close the Downloaded Program FIle window (window that opened after you clicked on view objects)
In the windows that was opened right click on SWToolBar Class and click remove.
Go back to Step 1 and follow the steps.

Let us know if you find anything else.