Jump to content


Photo

i have search extender


  • Please log in to reply
1 reply to this topic

#1 svlax20

svlax20

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 July 2004 - 01:42 PM

:grrr: i hate this search extender. it kicks me off AIM all the time. Would someone get rid of it.


Here is my hijack this:Logfile of HijackThis v1.97.7
Scan saved at 2:36:59 PM, on 7/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehSched.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apiug.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehmsas.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\pexjboyq.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\system32\addpk.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for AboutBuster[1].zip\AboutBuster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fqdeh.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fqdeh.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fqdeh.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fqdeh.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fqdeh.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fqdeh.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {8802D575-2570-17AE-4C7E-3E33A52CAA0E} - C:\WINDOWS\system32\mfcry.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [acezlaw] C:\WINDOWS\System32\pexjboyq.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [addpk.exe] C:\WINDOWS\system32\addpk.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [javajj32.exe] C:\WINDOWS\javajj32.exe
O4 - HKLM\..\RunOnce: [ipyz32.exe] C:\WINDOWS\system32\ipyz32.exe
O4 - HKLM\..\RunOnce: [d3cf.exe] C:\WINDOWS\d3cf.exe
O4 - HKLM\..\RunOnce: [msac32.exe] C:\WINDOWS\msac32.exe
O4 - HKLM\..\RunOnce: [atlib32.exe] C:\WINDOWS\atlib32.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\system32\ntxs32.exe
O4 - HKLM\..\RunOnce: [sdkud.exe] C:\WINDOWS\sdkud.exe
O4 - HKLM\..\RunOnce: [d3mu.exe] C:\WINDOWS\system32\d3mu.exe
O4 - HKLM\..\RunOnce: [crtj.exe] C:\WINDOWS\system32\crtj.exe
O4 - HKLM\..\RunOnce: [nettw.exe] C:\WINDOWS\system32\nettw.exe
O4 - HKLM\..\RunOnce: [winyg32.exe] C:\WINDOWS\winyg32.exe
O4 - HKLM\..\RunOnce: [appha32.exe] C:\WINDOWS\system32\appha32.exe
O4 - HKLM\..\RunOnce: [mscn.exe] C:\WINDOWS\system32\mscn.exe
O4 - HKLM\..\RunOnce: [appad32.exe] C:\WINDOWS\appad32.exe
O4 - HKLM\..\RunOnce: [d3vy32.exe] C:\WINDOWS\system32\d3vy32.exe
O4 - HKLM\..\RunOnce: [ieai32.exe] C:\WINDOWS\system32\ieai32.exe
O4 - HKLM\..\RunOnce: [javaul.exe] C:\WINDOWS\system32\javaul.exe
O4 - HKLM\..\RunOnce: [atlcx.exe] C:\WINDOWS\system32\atlcx.exe
O4 - HKLM\..\RunOnce: [crlg32.exe] C:\WINDOWS\crlg32.exe
O4 - HKLM\..\RunOnce: [ntlc.exe] C:\WINDOWS\system32\ntlc.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [iegj32.exe] C:\WINDOWS\iegj32.exe
O4 - HKLM\..\RunOnce: [mfcam.exe] C:\WINDOWS\system32\mfcam.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINDOWS\system32\javaeb32.exe
O4 - HKLM\..\RunOnce: [appyl.exe] C:\WINDOWS\system32\appyl.exe
O4 - HKLM\..\RunOnce: [msys32.exe] C:\WINDOWS\system32\msys32.exe
O4 - HKLM\..\RunOnce: [crxw32.exe] C:\WINDOWS\crxw32.exe
O4 - HKLM\..\RunOnce: [mfcfu32.exe] C:\WINDOWS\mfcfu32.exe
O4 - HKLM\..\RunOnce: [appqk32.exe] C:\WINDOWS\system32\appqk32.exe
O4 - HKLM\..\RunOnce: [javalz.exe] C:\WINDOWS\javalz.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [sysey32.exe] C:\WINDOWS\system32\sysey32.exe
O4 - HKLM\..\RunOnce: [mfcwd32.exe] C:\WINDOWS\mfcwd32.exe
O4 - HKLM\..\RunOnce: [atllz32.exe] C:\WINDOWS\system32\atllz32.exe
O4 - HKLM\..\RunOnce: [appoj.exe] C:\WINDOWS\appoj.exe
O4 - HKLM\..\RunOnce: [appal32.exe] C:\WINDOWS\appal32.exe
O4 - HKLM\..\RunOnce: [ipey.exe] C:\WINDOWS\ipey.exe
O4 - HKLM\..\RunOnce: [appjz32.exe] C:\WINDOWS\system32\appjz32.exe
O4 - HKLM\..\RunOnce: [ipwo32.exe] C:\WINDOWS\ipwo32.exe
O4 - HKLM\..\RunOnce: [iesu32.exe] C:\WINDOWS\iesu32.exe
O4 - HKLM\..\RunOnce: [sdkao32.exe] C:\WINDOWS\system32\sdkao32.exe
O4 - HKLM\..\RunOnce: [apigv.exe] C:\WINDOWS\system32\apigv.exe
O4 - HKLM\..\RunOnce: [apptg32.exe] C:\WINDOWS\apptg32.exe
O4 - HKLM\..\RunOnce: [javabm32.exe] C:\WINDOWS\system32\javabm32.exe
O4 - HKLM\..\RunOnce: [javapb32.exe] C:\WINDOWS\system32\javapb32.exe
O4 - HKLM\..\RunOnce: [d3jr.exe] C:\WINDOWS\d3jr.exe
O4 - HKLM\..\RunOnce: [adduk32.exe] C:\WINDOWS\system32\adduk32.exe
O4 - HKLM\..\RunOnce: [ieqk.exe] C:\WINDOWS\ieqk.exe
O4 - HKLM\..\RunOnce: [ipzo.exe] C:\WINDOWS\system32\ipzo.exe
O4 - HKLM\..\RunOnce: [ietk.exe] C:\WINDOWS\system32\ietk.exe
O4 - HKLM\..\RunOnce: [mfcqj.exe] C:\WINDOWS\mfcqj.exe
O4 - HKLM\..\RunOnce: [ntth32.exe] C:\WINDOWS\system32\ntth32.exe
O4 - HKLM\..\RunOnce: [mfcqe.exe] C:\WINDOWS\system32\mfcqe.exe
O4 - HKLM\..\RunOnce: [mstb.exe] C:\WINDOWS\mstb.exe
O4 - HKLM\..\RunOnce: [msgs.exe] C:\WINDOWS\msgs.exe
O4 - HKLM\..\RunOnce: [apprq32.exe] C:\WINDOWS\system32\apprq32.exe
O4 - HKLM\..\RunOnce: [nethr.exe] C:\WINDOWS\system32\nethr.exe
O4 - HKLM\..\RunOnce: [ipmn32.exe] C:\WINDOWS\system32\ipmn32.exe
O4 - HKLM\..\RunOnce: [crgk.exe] C:\WINDOWS\system32\crgk.exe
O4 - HKLM\..\RunOnce: [atlpf32.exe] C:\WINDOWS\system32\atlpf32.exe
O4 - HKLM\..\RunOnce: [sysor.exe] C:\WINDOWS\sysor.exe
O4 - HKLM\..\RunOnce: [mssa.exe] C:\WINDOWS\mssa.exe
O4 - HKLM\..\RunOnce: [apids.exe] C:\WINDOWS\apids.exe
O4 - HKLM\..\RunOnce: [atljd32.exe] C:\WINDOWS\system32\atljd32.exe
O4 - HKLM\..\RunOnce: [ipbu32.exe] C:\WINDOWS\ipbu32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\mssx32.exe
O4 - HKLM\..\RunOnce: [sysqz.exe] C:\WINDOWS\sysqz.exe
O4 - HKLM\..\RunOnce: [mfclx.exe] C:\WINDOWS\system32\mfclx.exe
O4 - HKLM\..\RunOnce: [sdkvb.exe] C:\WINDOWS\sdkvb.exe
O4 - HKLM\..\RunOnce: [sdkry.exe] C:\WINDOWS\sdkry.exe
O4 - HKLM\..\RunOnce: [ipah32.exe] C:\WINDOWS\ipah32.exe
O4 - HKLM\..\RunOnce: [neton.exe] C:\WINDOWS\system32\neton.exe
O4 - HKLM\..\RunOnce: [ntxe32.exe] C:\WINDOWS\ntxe32.exe
O4 - HKLM\..\RunOnce: [crxq32.exe] C:\WINDOWS\system32\crxq32.exe
O4 - HKLM\..\RunOnce: [nttg32.exe] C:\WINDOWS\system32\nttg32.exe
O4 - HKLM\..\RunOnce: [winpt32.exe] C:\WINDOWS\winpt32.exe
O4 - HKLM\..\RunOnce: [syseq.exe] C:\WINDOWS\syseq.exe
O4 - HKLM\..\RunOnce: [iecr32.exe] C:\WINDOWS\iecr32.exe
O4 - HKLM\..\RunOnce: [ipty.exe] C:\WINDOWS\ipty.exe
O4 - HKLM\..\RunOnce: [mfcvt.exe] C:\WINDOWS\mfcvt.exe
O4 - HKLM\..\RunOnce: [atlri32.exe] C:\WINDOWS\system32\atlri32.exe
O4 - HKLM\..\RunOnce: [iplb32.exe] C:\WINDOWS\iplb32.exe
O4 - HKLM\..\RunOnce: [addai.exe] C:\WINDOWS\system32\addai.exe
O4 - HKLM\..\RunOnce: [netlb32.exe] C:\WINDOWS\system32\netlb32.exe
O4 - HKLM\..\RunOnce: [iprk.exe] C:\WINDOWS\system32\iprk.exe
O4 - HKLM\..\RunOnce: [atllb32.exe] C:\WINDOWS\system32\atllb32.exe
O4 - HKLM\..\RunOnce: [sdkvh32.exe] C:\WINDOWS\sdkvh32.exe
O4 - HKLM\..\RunOnce: [sysec.exe] C:\WINDOWS\sysec.exe
O4 - HKLM\..\RunOnce: [crao.exe] C:\WINDOWS\crao.exe
O4 - HKLM\..\RunOnce: [sysif32.exe] C:\WINDOWS\sysif32.exe
O4 - HKLM\..\RunOnce: [nthh32.exe] C:\WINDOWS\system32\nthh32.exe
O4 - HKLM\..\RunOnce: [crle.exe] C:\WINDOWS\system32\crle.exe
O4 - HKLM\..\RunOnce: [wincr32.exe] C:\WINDOWS\system32\wincr32.exe
O4 - HKLM\..\RunOnce: [iecv.exe] C:\WINDOWS\iecv.exe
O4 - HKLM\..\RunOnce: [msnd.exe] C:\WINDOWS\msnd.exe
O4 - HKLM\..\RunOnce: [ietz.exe] C:\WINDOWS\ietz.exe
O4 - HKLM\..\RunOnce: [mfcvd.exe] C:\WINDOWS\system32\mfcvd.exe
O4 - HKLM\..\RunOnce: [syszi32.exe] C:\WINDOWS\system32\syszi32.exe
O4 - HKLM\..\RunOnce: [apivc32.exe] C:\WINDOWS\system32\apivc32.exe
O4 - HKLM\..\RunOnce: [ipym32.exe] C:\WINDOWS\ipym32.exe
O4 - HKLM\..\RunOnce: [mfcpu32.exe] C:\WINDOWS\system32\mfcpu32.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive.../cab/p3a23a.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8C6CED34-E352-4ED2-B405-25E121DECBFF} (PreContrl Class) - http://www.plan3d.com/PreControl.dl_
O16 - DPF: {9F839FFB-6295-4A71-8C61-2EB0646B73BE} (Floorplanner Class) - http://www.plan3d.com/P3DFloorplan.dl_
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab :whistle: :wtf:

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 04 September 2004 - 07:27 PM

Sorry for the delay, if you still have problems post a fresh log please




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button