• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Frustrated123

Home Search is frustrating me

5 posts in this topic

I have read the FAQ and some of the other tutorials in regards to HJT... Please forgive my lack of knowledge, but could really use some help. I have ran HJT (log pasted below). I'm hesitant to start fixing files that may or may not be the issue, though I do have a few suspects This is my work machine as well, so dumping the OS is not an option without a huge hastle from my IT dept.

 

When the log below was ran, I've already ran Adaware, Spybot, CWShredder, HSRemove, and About:Buster... all in safe mode with System Restore turned off and multiple attempts to restart with different combonations of the above mentioned programs.

 

The site that I keep getting reverted to is res://lqjcd.dll/index.html#96676.

 

Sorry for the novel and thanks in advance for any help that I receive.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 5:12:18 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\SRF1002\Desktop\Original Application Downloads\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lqjcd.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqjcd.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqjcd.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lqjcd.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqjcd.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lqjcd.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Stanley Works

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://stanleyatwork/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {CE5C452C-058A-9C91-01C2-9E4F99DB5962} - C:\WINDOWS\d3zy.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\eayluey.exe

O4 - HKLM\..\Run: [tfxpivxshcsp] C:\WINDOWS\System32\fqhpndjb.exe

O4 - HKLM\..\Run: [sysys32.exe] C:\WINDOWS\sysys32.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Rtob] C:\Documents and Settings\SRF1002\Application Data\patt.exe

O4 - HKCU\..\Run: [Zcngvr] C:\WINDOWS\System32\ksdd.exe

O4 - HKLM\..\RunOnce: [crxw32.exe] C:\WINDOWS\system32\crxw32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://stanleyatwork

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/192d1c64d07ee0...ip/RdxIE601.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37893.521087963

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab

Share this post


Link to post
Share on other sites

As I continue to try to get this figured out, I now have a different start page comming up. I could really use some help. I have all of my logs from all of the programs... let me know what can help you out.

 

Thanks again...

Share this post


Link to post
Share on other sites

Hey Frustrated,

Download AboutBuster. Unzip it to your desktop, but do not run it yet.

 

Post a fresh log here for review.

Share this post


Link to post
Share on other sites

:huh: The offending problem is HSA or Home Search Assitant

 

I found two way to fix this issue..

 

Microsoft page: http://support.microsoft.com/default.aspx?kbid=247501

 

or a utility at http://hsremove.bravehost.com and download hsremove.exe

 

run it and it seems to work...

 

***** New ***

 

This only fixed part of my issue... there still is something that wants to reload the redirecting software. Will get back

 

***** Update ****

 

ALL,

 

I had to disable spybot and run in safe mode, and this cleaned everything...

 

The only thing is when your done you have to reset your home and search pages as this utility changes them to a confirmation page that your system is clean...

Edited by kdallmer

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0