• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
bobcxtc

Looking for Some Help with SEARCH NOW

17 posts in this topic

I still have this recurring problem with SEARCH NOW opening inside of Internet Explorer each time I click on search after I have restarted mty system. The following HJT log show the two problems referencing SEARCHXP.COM that exist in RO and R1. I delete both of these and the IE Search works as it did originally. I shut the machine down and restart it and the two entries are back in the HJT log file and my IE search defaults back to SEARCH NOW.

 

I have pushed this a bit and done some research/checking and the SEARCH NOW is direcrtly related to SEARCHXP.COM.

 

I do not find any other entries in the HJT log that point to SEARCHXP.COM but then, I may not be knowledgable enogh to reccognize them.

 

I did use REGEDIT to search the registry for SEARCHXP.COM and found multiple entries. I did not make any change to the registry as I am lookg for advice as to how to proceed.

 

Any suggestions and/or fixes will be appreciated.

 

Logfile of HijackThis v1.97.7

Scan saved at 6:51:06 PM, on 7/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE

C:\WINDOWS\System32\atievxx.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Spyware Tools\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.quicken.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

N3 - Netscape 7: user_pref("browser.startup.homepage", "quicken.com"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: Web Entry (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?307

O17 - HKLM\System\CCS\Services\Tcpip\..\{D891EA86-A0CF-418D-8192-45F5DDAF611B}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

Hello bobcxtc , Print out these instructions so you can read them while you clean your system.

 

Download CWShredder install, run and click fix.

Now close all open windows AND browsers and check these items for HJT to fix(a fair amount of these are likely to be gone because of CWShredder):

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

If you set these restrictions yourself, using a program like Spybot Search & Destroy or SpywareGuard, leave the following two 06 items; otherwise, FIX them both with HijackThis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

 

Please reboot and delete the file:

C:\WINDOWS\system32\searchbar.html

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted .

* C:\Windows\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet

 

content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Then disable your system restore

 

1 Right-click My Computer, and then click Properties.

2 Click the System Restore tab.

3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.

4 Click Apply

5 this will delete all existing restore points. Click Yes to do this.

6 Click OK.

 

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.

Share this post


Link to post
Share on other sites

Followed your instructions to the letter with the exception of not being able to locate searchbar.html in the system32 folder. In any event yiour suggested fixes did not work and SEARHNOW is back in full force. Following is thecurent log.

 

Logfile of HijackThis v1.98.0

Scan saved at 7:32:24 PM, on 7/16/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE

C:\WINDOWS\System32\atievxx.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Spyware Tools\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.quicken.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.10:3128

N3 - Netscape 7: user_pref("browser.startup.homepage", "quicken.com"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\LOTUS\ORGANIZE\BANDOBJS.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?307

Share this post


Link to post
Share on other sites

Sorry for the delay.

 

 

You still have a CWS infection.

Run CWShredder and click Check for update a couple of times.

 

Then click fix .

 

Now close all open windows AND browsers and check these items for HJT to fix(a fair amount of these are likely to be gone because of CWShredder):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

Please reboot into safe mode - How do I boot into "Safe" mode?

 

Now, delete this file:

C:\WINDOWS\system32\searchbar.html

You may need to show hidden files to delete them.How to show all hidden and system files

 

Restart and post a new log.

Share this post


Link to post
Share on other sites

OK, have followed your instructions. But, when I get to the part about dleeting C:\WINDOWS\system32\searchbar.html I cannot do same as the file is not present. I have searched System32 and My Computer for the file but it is not to be found. Following is currrent log - any additional suggestions?

 

Thanks for the help! :techsupport:

 

Logfile of HijackThis v1.98.0

Scan saved at 7:28:17 AM, on 7/22/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\WINDOWS\System32\atievxx.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Spyware Tools\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.10:3128

N3 - Netscape 7: user_pref("browser.startup.homepage", "quicken.com"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\LOTUS\ORGANIZE\BANDOBJS.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?307

Share this post


Link to post
Share on other sites

Now close all open windows AND browsers and check this item for HJT to fix:

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

 

Then restart in safe mode (tapping f8 when first booting):

 

And delete the folder:

C:\Program Files\Optimum Online

 

Restart and post a new log

Edited by mmxx66

Share this post


Link to post
Share on other sites

Thanks for your continued support in trying toresolve this situation.

 

OK, removed O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray and also deleted the Optimum On Line folder inside of Safe Mode. Rebooted and Search Now is still there. Following is current log.

 

Notice that:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

 

and

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

 

are both still present inside the log!

 

NEXT STEPS?

 

:scratchhead:

 

Logfile of HijackThis v1.98.0

Scan saved at 8:58:01 AM, on 7/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\atievxx.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Spyware Tools\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.quicken.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.10:3128

N3 - Netscape 7: user_pref("browser.startup.homepage", "quicken.com"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\LOTUS\ORGANIZE\BANDOBJS.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?307

 

:scratchhead:

Share this post


Link to post
Share on other sites

The www.searchxp.com is a CWS infection

Run CWShredder again .

Then click fix .

 

Now close all open windows AND browsers and check these items for HJT to fix(a fair amount of these are likely to be gone because of CWShredder):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

Please reboot into safe mode - How do I boot into "Safe" mode?

 

Now, delete this file:

C:\WINDOWS\system32\searchbar.html

You may need to show hidden files to delete them.How to show all hidden and system files

 

Restart and post a new log.

Share this post


Link to post
Share on other sites

OK, same fix you reccommended on 7/21. Didn't work then & didn't work this time either. The SEARCHNOWXP file must re hidden somewhere else in the system but I have had no succes searching for it!

 

Anything elase you can think of???? :bounce:

Share this post


Link to post
Share on other sites

can you post a fresh log?

please.

Share this post


Link to post
Share on other sites

OK, here is the revised log. Sory, forgot to add it to the last post. :eek:

 

Logfile of HijackThis v1.98.0

Scan saved at 5:07:35 PM, on 7/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\atievxx.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Spyware Tools\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.quicken.com

N3 - Netscape 7: user_pref("browser.startup.homepage", "quicken.com"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\LOTUS\ORGANIZE\BANDOBJS.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?307

O17 - HKLM\System\CCS\Services\Tcpip\..\{D891EA86-A0CF-418D-8192-45F5DDAF611B}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

This log looks prety clean :D

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

 

Good luck :D

Share this post


Link to post
Share on other sites

Your help is appreciated but SEARCHXP is still around. I can eliminate the R0 and R1 entries with Hijack This but each time I restart good ole SEARCHXP is back.

 

Searched the registry and found multiple instances of SEARCHXP.

 

Any further suggestions? :techsupport::ph34r::grrr::gack::rofl::wtf:

 

Latest Log follows:

Logfile of HijackThis v1.98.0

Scan saved at 8:30:17 PM, on 7/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\WINDOWS\System32\atievxx.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Spyware Tools\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.quicken.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxp.com/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.10:3128

N3 - Netscape 7: user_pref("browser.startup.homepage", "quicken.com"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Robert Cooper\Application Data\Mozilla\Profiles\default\l2unjmrc.slt\prefs.js)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Subscribe to this feed - file://C:\Documents and Settings\Robert Cooper\Application Data\AOL Fanfare\subscribe.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\LOTUS\ORGANIZE\BANDOBJS.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?307

Share this post


Link to post
Share on other sites

Ok, let´s check a few things.

 

Please download and install the program Registry Lite from here:

 

http://www.resplendence.com/reglite

 

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

 

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.

Share this post


Link to post
Share on other sites

Downloaded, installed & opened but I did not get the result you outlined in your last post.

 

The left side frame takes me to the following which also show in the address bar:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

The description reads:

 

Configuration data used by 16-bit Windows 3.x applications running on Windows 2000 and earlier.

 

and the rights side pane shows:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\(default)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\DeviceNotSelectedTimeout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\GDIProcessHandleQuota

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Spooler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\swapdisk

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\TransmissionRetryTimeout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\USERProcessHandleQuota

 

What do I do next? :bounce::wtf::gack: ;D :bangbang:

Share this post


Link to post
Share on other sites

Download: "StartDreck", from here:

http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

 

Unzip to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select the location to save the log file

(default is the same folder as the application)

 

Post the log in this thread.

Share this post


Link to post
Share on other sites

Your ongoing help and support with this pain in the neck problem are appreciated.

:wave:

 

Instructions followed. This is the log file from Start Dreck

 

StartDreck (build 2.1.5 public BETA) - 2004-08-01 @ 10:16:13

Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)

 

»Registry

»Run Keys

»Current User

»Run

*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

»RunOnce

»Default User

»Run

»RunOnce

»Local Machine

»Run

*SystemTray=SysTray.Exe

*Logitech Utility=Logi_MwX.Exe

*SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

*SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

*ccRegVfy="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

*KernelFaultCheck=%systemroot%\system32\dumprep 0 -k

*AOLDialer=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime

*AOL Spyware Protection="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

*zSPGuard=c:\program files\pjw\spguard\spguard.exe /s /r

*MPFExe=C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

*WinampAgent="C:\Program Files\Winamp\Winampa.exe"

*Pure Networks Port Magic="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

*Installed=1

*Installed=1

*NoChange=1

*Installed=1

»RunOnce

»RunServices

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»Files

»System/Drivers

»Running Processes

*00000000=<unkown>

*00000004=<unkown>

*00000138=\SystemRoot\System32\smss.exe

*00000168=<unkown>

*00000180=\??\C:\WINDOWS\system32\winlogon.exe

*000001AC=C:\WINDOWS\system32\services.exe

*000001B8=C:\WINDOWS\system32\lsass.exe

*00000254=C:\WINDOWS\system32\svchost.exe

*0000026C=C:\WINDOWS\System32\svchost.exe

*000002E4=<unkown>

*00000310=<unkown>

*0000039C=C:\WINDOWS\Explorer.EXE

*000003F0=C:\WINDOWS\system32\spoolsv.exe

*00000418=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

*000004BC=<unkown>

*0000052C=C:\WINDOWS\System32\atievxx.exe

*00000560=C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

*00000568=C:\WINDOWS\Logi_MwX.Exe

*00000570=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

*00000584=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

*00000598=C:\Program Files\Common Files\Symantec Shared\ccApp.exe

*000005B4=C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

*000005D8=C:\Program Files\QuickTime\qttask.exe

*000005F4=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

*0000060C=C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

*00000634=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

*00000648=C:\Program Files\Winamp\Winampa.exe

*00000654=C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

*00000678=C:\Program Files\Messenger\msmsgs.exe

*000006C0=C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

*000006EC=C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

*00000754=C:\WINDOWS\System32\MsPMSPSv.exe

*000000B0=C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

*00000EA8=C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

*00000840=C:\WINDOWS\System32\taskmgr.exe

*00000D80=C:\Program Files\America Online 9.0a\waol.exe

*00000CF4=C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

*00000E7C=C:\Program Files\America Online 9.0a\shellmon.exe

*00000410=C:\Program Files\Internet Explorer\iexplore.exe

*000008D4=C:\Lotus\organize\org6.exe

*00000668=C:\Spyware Tools\StartDreck\StartDreck.exe

»Application specific

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0