• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kelemvor

SEARCHX on Win 2000? Any walkthroughs?

3 posts in this topic

I've seen some various walkthroughs for win98 and xp but nothing for Win2k. I have the stupid CWS.SearchX bug that keeps changing my home page to about:blank and every time I remove it it comes back.

 

I aready checked for the yellowpages thing but it didn't find it.

 

Can anyone else walk me through what to look for?

 

Here's my Hijack This log. When I remove all the sp.html and related items they keep coming back so I'm kind of stuck.

 

Thanks!

 

Logfile of HijackThis v1.97.7

Scan saved at 10:29:12 AM, on 7/8/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\Ati2evxx.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\NavNT\DefWatch.exe

C:\WINNT\System32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe

C:\Program Files\NavNT\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe

C:\WINNT\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINNT\system32\PRPCUI.exe

C:\PROGRA~1\NavNT\vptray.exe

C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe

C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iss\BlackICE\blackice.exe

C:\Clarify\eFrontOffice11.2\ClarifyClient\clarify.exe

C:\Program Files\Lotus\Sametime Client\Connect.exe

C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Docs\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MSA604~1.GEM\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\MSA604~1.GEM\LOCALS~1\Temp\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://med.home.ge.com/DesktopServlet

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MSA604~1.GEM\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MSA604~1.GEM\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\MSA604~1.GEM\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MSA604~1.GEM\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Medical Systems

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O1 - Hosts: 3.184.16.24 globalapp04.ge.com

O1 - Hosts: 3.184.200.15 geshare.ge.com GESHARE.GE.COM

O1 - Hosts: 3.184.16.21 globalapp01.ge.com GLOBALAPP01.GE.COM

O1 - Hosts: 3.184.16.22 sametime01.ge.com SAMETIME01.ge.com

O1 - Hosts: 3.184.124.202 medmeeting01.ge.com MEDMEETING01.GE.COM

O1 - Hosts: 3.184.124.203 medmeeting01c.ge.com MEDMEETING01C.GE.COM

O1 - Hosts: 3.184.112.21 admeeting01.ge.com AEMEETING01.GE.COM

O1 - Hosts: 3.184.156.21 HKSHRPL01RSGE

O1 - Hosts: 3.184.156.22 HKSHSTM01RSGE

O1 - Hosts: 3.184.156.23 HKSHSTC01RSGE

O1 - Hosts: 3.184.160.22 TKSHSTM01RSGE

O1 - Hosts: 3.184.160.23 TKSHSTC01RSGE

O1 - Hosts: 3.184.168.5 UKSHRPL01RSGE

O1 - Hosts: 3.184.168.10 ukmeeting01c UKSHSTC01RSGE

O1 - Hosts: 3.184.168.15 ukmeeting01 UKSHSTM01RSGE

O1 - Hosts: 3.184.168.20 UKSHQPC01RSGE

O1 - Hosts: 3.184.124.171 medquickplace01.ge.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\open\UTILIT~1\SPYWAR~1\Apps\Spybot\SDHelper.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe

O4 - HKLM\..\Run: [sMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe

O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun

O4 - Startup: Clarify Client for Oracle 8i.lnk = C:\Clarify\eFrontOffice11.2\ClarifyClient\clarify.exe

O4 - Startup: Sametime Connect.lnk = C:\Program Files\Lotus\Sametime Client\Connect.exe

O4 - Global Startup: RealSecure Desktop Protector.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O13 - FTP Prefix:

O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://medmeeting01.ge.com/sametime/stmeet...gRoomClient.cab

O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://medmeeting01.ge.com/sametime/stmeet...STJNILoader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.med.ge.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.med.ge.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = med.ge.com,euro.med.ge.com,asia.med.ge.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.med.ge.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = med.ge.com,euro.med.ge.com,asia.med.ge.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = med.ge.com,euro.med.ge.com,asia.med.ge.com

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0