Still trying to fix smartsearch
Results 1 to 6 of 6

Thread: Still trying to fix smartsearch

  1. #1
    Junior Member
    Join Date
    Jun 2004
    Posts
    4

    Still trying to fix smartsearch

    Iím still trying to fix my computer that has smartsearch. I have tried just about everything thatís been suggested to no avail. Was wondering if I configured my computer to the way I got new would that fix it?

    I have run CWSshredder and then Hijackthis and have posted the results if someone could please look at it and tell me what I should let Hijackthis Fix. It would be greatly appreciated. Thanks to all those who help.


    Logfile of HijackThis v1.97.7
    Scan saved at 5:59:39 PM, on 6/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\TPPALDR.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
    O4 - HKLM\..\Run: [NetSpyrotector] C:\Program Files\NetSpyProtector\NetSpyProtector.Exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
    O4 - Startup: radio@netscape.lnk = C:\Program Files\Radio@Netscape Plus\Program\radio@netscape.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/game.../y/t21t0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot7_x.cab
    O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/game...ts/y/ot0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/game...ts/y/wt0_x.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
    O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.100/winsearchie32.ch...searchie32.exe
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://jcsg-video2.sdsc.edu/activex/AxisCamControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
    O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    202
    **EDIT: Before you do anything make certain you have the most recent version of CWShredder by clicking the "update" button.

    Please boot into safe mode and run CWShredder. Make sure you select "fix" NOT "scan."

    ********************************

    Then select the following with HijackThis. With all windows (including this one!) closed, please select "fix.Ē



    1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
    O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.100/winsearchie32.c...nsearchie32.exe
    O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

    Next, find and delete the following file:

    C:\WINDOWS\System32\winupd.exe

    And since that entry is a sign of a Beagle infection please run at least one of the following online virus scanners:

    http://housecall.trendmicro.com/
    http://www.bitdefender.com/scan/licence.php
    http://www.ravantivirus.com/scan/
    http://us.mcafee.com/root/mfs/default.asp?affid=294
    http://www.pandasoftware.com/activescan/

    Lastly, reboot and post a fresh HijackThis log.


  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    You already posted on this subject...didn't you?

    http://www.antionline.com/showthread...hreadid=259059

    Yup! You did.

    Like I said in my previous post. Restart your computer in safe-mode and run the anti-virus proggies again it should take care of it for you.

    Also if you have posted something rather recently don't repost it. AO members have read your post they chose not to respond for a reason.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    202
    Well dang..... now I know why that log looked familiar.....



  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    After a while, they all start to look familiar....

  6. #6
    Junior Member
    Join Date
    Jun 2004
    Posts
    4
    Well it's fixed thanks meeeeeeeee your idea is the one that worked none of the others did.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides