• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
clemson13

Home Search Assistant

6 posts in this topic

Our Browser has been taken over by Home Search Assistant. It resets our browser every time we open Interent Explorer. I have run Ad-aware, Spy-bot, and Aluria Spyware Eliminator. I have also read the FAQ and the page on browser hijackings. When I try to "Add/Remove Programs," I see Home Search Assistant, Search Extender, and Shopping Wizard. They all say they cannot be reomved because "the file http://looking-for.cc/uninstall" cannot be found. Any help would eb greatly appreciated! Thanks.

 

I ran HiJack this, and the log follows:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:31:41 PM, on 6/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Borland\Interbase\Bin\IBGuard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\sysmv32.exe

C:\Program Files\Borland\Interbase\Bin\IBServer.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\sysof32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Palm\HOTSYNC.EXE

C:\Palm\AlarmApp.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Documents and Settings\Nick Franzese\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lwbty.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lwbty.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lwbty.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lwbty.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lwbty.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lwbty.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.se1.attbb.net;<local>

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nick Franzese\Application Data\Mozilla\Profiles\default\su17yjge.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {CE9596F4-6291-9D52-7126-1963BA99D795} - C:\WINDOWS\sdkbz.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sysof32.exe] C:\WINDOWS\sysof32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKLM\..\RunOnce: [sysmv32.exe] C:\WINDOWS\system32\sysmv32.exe

O4 - HKLM\..\RunOnce: [added.exe] C:\WINDOWS\added.exe

O4 - Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.ofoto.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8004.6144791667

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab

Share this post


Link to post
Share on other sites

Free at last, Free at last. Thank God almighty i'm free at last!!!!!!!!!!!!!!!

 

I finally got rid of the res://apeuh.dll/index.html#96676

Took some of the posts here and it worked.

Uninstalled IE, rebooted to safe mode and ran every virus checker

Ad-aware, hijackthis, spysweeper,spybot S&D, Trojan hunter and did the trend micro website.

I deleted every task manager exe that wasn't supposed to be there.

All of this in safe mode

Restarted and re-installed IE

 

Now about the home search assistant and shopping assistant.

 

Found a post on google for that

 

Run the Registry Editor (REGEDIT.EXE). Open HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall. Click on the [+] next to Uninstall and a branch will expand under it, revealing all of the applications currently listed under Control Panel - Add/Remove Programs. Simply highlight any unwanted entries (with a single left-click) and hit Delete. One note about looking for your application in the Registry. It may not have the same name you see in the Add/Remove Programs dialog. If you're unsure about which entry to delete, you can usually click on a likely suspect in the list in the left pane to see a more thorough description in the right pane,

 

 

I think I'm in the clear and virus free. The add/remove programs that couldn't be deleted are GONE GONE GONE!!!!!!!!!!!!!!!!!!!

 

Good luck to you all

 

Dave

Share this post


Link to post
Share on other sites

That's the one I believe, thx for referring it.

I haven't had any pop ups or referred pages all day today.

Did all that at about 2am last night so it's been all good so far

Share this post


Link to post
Share on other sites

Thanks for the links. I have tried the suggestions on all three links regarding this problem, but it seems to keep coming back. Even after I delete it from the registry and through Hijack This, it remains on my computer. Any more ideas?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0