STUPID SEARCH BAR!!

Discussion in 'adware, spyware & hijack cleaning' started by Heath, Nov 8, 2003.

Thread Status:
Not open for further replies.
  1. Heath

    Heath Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    60
    Location:
    Paris, Texas
    ok, how do i get rid of this stupid search bar....

    im used to just typing my search in on the standard address bar.. but now when i do it, it comes up with something called "Search The Web" and instantally tries to download C2.lop, but luckly my spybot detects it and asks if i want to block it... but still its annoying

    when i right click on my ie bar to where i can take off extra bars... it comes up as "reaaaoadooo"

    its just stupid, and i have ran ad-aware and spybot and i dont know how to get rid of it.. so does anyone have any suggestions?

    Thank you
     
  2. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Heath

    Download HijackThis! and run it. Do not change or delete anything yet. Simply post the whole outcome here and someone will advise on the next steps.

    Best wishes
     
  3. Heath

    Heath Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    60
    Location:
    Paris, Texas
    i swear i post one of theese every other day... lol


    Logfile of HijackThis v1.97.3
    Scan saved at 11:42:43 PM, on 11/7/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\DLA\install\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe
    C:\Program Files\Norton Utilities\SYSDOC32.EXE
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Zxc4D.exe
    C:\Documents and Settings\Owner\Desktop\tools to clean computer\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
    O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\Program Files\DLA\install\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [eezoul] C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe -QuieT
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  4. Heath

    Heath Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    60
    Location:
    Paris, Texas
    AH HA, i just saw it, so now i wont have much problems anymore, i finally understand... lol
    thanx tho
     
  5. Heath

    Heath Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    60
    Location:
    Paris, Texas
    AAAAAAHHHHHHHHH....

    i told you it was a stupid search bar...

    i got rid of ...
    O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll

    O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll



    Thoes Two.. then opened the internet explorer.. and it was gone..!! but then my computer started messing up.. and i restarted it... and then i opened my interntet explorer... my homepage is yahoo... and DUM DUM DUM!!!!


    THERE IT WAS!!!!!!!!!! IT CAME BACK!!!! WHAT DO I DO!!!
     
  6. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Heath,

    You were almost there :)

    Have only HijackThis running while staying offline and fix the following :

    O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll

    O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll

    O4 - HKLM\..\Run: [eezoul] C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe -QuieT

    Reboot the PC after doing so and remove :

    C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe <- this file

    Hope this helps,

    Cheers,
     
  7. Heath

    Heath Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    60
    Location:
    Paris, Texas
    Okay, i did the first 3... then restarted, but then i ran it again... and that file wasnt there...

    C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe

    That File Just Wasnt There, So I Opened My Internet Explorer, and it was gone... so.. hopefully that took care of it..

    Thanks

    -Heath
     
  8. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Heath,

    Good job cleaning up :)

    Just to make sure the steoeaae.exe file is really gone (it's not running anymore, but i'll feel better if it's cleaned as well ;) )

    Make sure you have enabled 'Show hidden files and folders'

    Here's how to that in XP

    Can you recheck after doing so, to see the file is there or not? If so, rightclick + delete.

    Thanks!

    Cheers,
     
Thread Status:
Not open for further replies.