Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 21 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 ·
i'm having trouble with search in the ie explorer. if i wanted to search into google.. it used to be that i could just enter the search term and it would go to http://www.google.com/search?q=search+term but now if i try that, it goes to something like http:///? search term and i have no idea why. i've checked to see that i have no ad/spy ware, and no viruses.. and i've tried resetting the settings from the side panel search->customize, but nothing works.
 

·
Retired Moderator
Joined
·
72,109 Posts
Download Hijackthis.
Save it to a folder on your hard drive.
Unzip the file.
Scan your machine, then click on Save Log.

Post a copy back here and someone will be happy to review it.

Don't make any changes until instructed to do so.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #4 ·
rebon> nah i'e been doing a whole bunch of other configs lately on my system too.. system restore would be a BAD THING

but here's my log*:

Logfile of HijackThis v1.97.5
Scan saved at 1:56:52 PM, on 3/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\CheckIt86\CheckIt86.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Gaurav\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zing.com/new_index2.asp?browser=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http:///
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt86\CheckIt86.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt86\CheckIt86.exe
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKI~1\AddToTrustList.js
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab

i bolded and highlighted the two keys that i THINK are the problemos
 

·
Registered
Joined
·
3,181 Posts
I highly recommend you get rid of Kazaa. It is full of spyware and the source of many problems. A lot of the problems you have now are from the garbage that comes bundled with Kazaa and is installed on your PC without your knowledge.

Go here and get KazaaBegone and run it to get rid of Kazaa:

http://www.majorgeeks.com/download.php?det=3446

Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

Spybot - Search & Destroy from http://security.kolla.de

AdAware 6 from http://www.lavasoft.de/software/adaware/

Than

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again

then post a new hijackthis log to check what is left

You will also need to go to safe mode to delete some files. we will do that after your next post
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #7 ·
i checked over the log again, and can't seem to find any spyware, or anything for that matter.. i do have ad-aware, and i run it quite frequently.. and i also have diet k so all the ads and stuff from kazaa have been deleted and disabled...

UPDATE: i went into hijackthis again, and selected the registry keys i highlighted previously in my log--and "fixed" them.. and NOW IT WORKS!!!! except you know how you can make another addres bar toolbar in the taskbar; it still won't work in that. i've tried closing it and reopening it as well.


and when i use the address bar toolbar in the taskbar, and put in a url, it also seems to open the url in ie windows that already have content inside them.. like say, i've got a zing.com window open and in the taskbar's addressbar i put in tucows.com, it loads tucows.com in the zing.com window.



^---hope that's not too confusing..:(
 

·
Registered
Joined
·
3,181 Posts
biocrite

This is on your system which is not a good thing to have.

Abetterinternet adware related

As I stated above you need to get rid of Kazaa.. It has spyware all over it and will continue to cause you grief Your log states Kazaa not Kazaa lite..

I can tell you what items that need to be remove but if you have Kazaa still on your system they will come back

It is your choice Kazaa or a spyware free computer!!!!

We would also need to boot in safe mode to remove some of the items that are causing you the spyware
 

·
Registered
Joined
·
3,181 Posts
Run Hijacksthis and fix the following items. Be sure all windows are closed except for Hijackthis

R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

As far as what you can use for a P2P I can not give you any advise on that. I do not know how dietK would should up on your log but I do know that Kazaa lite will show up as lite and Kazaa shows up as Kazaa.

Post a new hijackthis log when done
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #11 ·
like i said, it's all fixed now...

but while i have so many readers here anyway... umm.. how can i completely remove windows messenger? everytime i run outlook express, it starts itself in tray icon mode.. and i've set AIM as the default messenger--- aol when i go into the tools menu of outlook express, it says aol instant messenger, but the two options that open from the popup window (login and options) are aplied to windows messenger.
 

·
Registered
Joined
·
385 Posts
i hope it's ok for me to answer this.. just go to start > control panel > add/remove programs , click on the windows setup tab, you can remove windows messenger from there. ( i think under system tools? ) click on it and go to details, then uncheck windows messenger ONLY. you can also go to start > run > msconfig, click the startup tab and uncheck it under there to disable it from startup.
 

·
Registered
Joined
·
385 Posts
no msconfig is not listed, you go to start > run, and type in msconfig to access it. Unless I misunderstand what your saying, when you say it isn't listed, do you mean that it (windows messenger) isn't in startup or you don't see msconfig...
 

·
Retired Administrator
Joined
·
103,703 Posts
Originally posted by biocrite:
YESS!!! I Rebooted and the other address bar works as well now!!!

*dietK, not kazaa lite
oh okay, i'll remove it, but i mean what else can i use for file share besides kazaa then?
You've been advised of this in another thread, please read the forum rules, we do not assist, support, etc. in the illegal use of copyrighted material.
 
1 - 20 of 21 Posts
Status
Not open for further replies.
Top