STUPID SEARCH BAR!!

ok, how do i get rid of this stupid search bar....

im used to just typing my search in on the standard address bar.. but now when i do it, it comes up with something called "Search The Web" and instantally tries to download C2.lop, but luckly my spybot detects it and asks if i want to block it... but still its annoying

when i right click on my ie bar to where i can take off extra bars... it comes up as "reaaaoadooo"

its just stupid, and i have ran ad-aware and spybot and i dont know how to get rid of it.. so does anyone have any suggestions?

Thank you

 

Hello Heath

Download HijackThis! and run it. Do not change or delete anything yet. Simply post the whole outcome here and someone will advise on the next steps.

Best wishes

 

i swear i post one of theese every other day... lol


Logfile of HijackThis v1.97.3
Scan saved at 11:42:43 PM, on 11/7/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DLA\install\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Zxc4D.exe
C:\Documents and Settings\Owner\Desktop\tools to clean computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\Program Files\DLA\install\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [eezoul] C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe -QuieT
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

AH HA, i just saw it, so now i wont have much problems anymore, i finally understand... lol
thanx tho

 

AAAAAAHHHHHHHHH....

i told you it was a stupid search bar...

i got rid of ...
O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll

O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll



Thoes Two.. then opened the internet explorer.. and it was gone..!! but then my computer started messing up.. and i restarted it... and then i opened my interntet explorer... my homepage is yahoo... and DUM DUM DUM!!!!


THERE IT WAS!!!!!!!!!! IT CAME BACK!!!! WHAT DO I DO!!!

 

Hi Heath,

You were almost there

Have only HijackThis running while staying offline and fix the following :

O2 - BHO: (no name) - {d05fe4a0-c831-4730-aeca-c4e2013f5855} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll

O3 - Toolbar: reaaaoadooo - {eb8c7821-5e9e-4672-8e3d-bad2d0952fed} - C:\DOCUME~1\Owner\APPLIC~1\qulgljzouh.dll

O4 - HKLM\..\Run: [eezoul] C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe -QuieT

Reboot the PC after doing so and remove :

C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe <- this file

Hope this helps,

Cheers,

 

Okay, i did the first 3... then restarted, but then i ran it again... and that file wasnt there...

C:\DOCUME~1\Owner\APPLIC~1\steoeaae.exe

That File Just Wasnt There, So I Opened My Internet Explorer, and it was gone... so.. hopefully that took care of it..

Thanks

-Heath

 

Hi Heath,

Good job cleaning up

Just to make sure the steoeaae.exe file is really gone (it's not running anymore, but i'll feel better if it's cleaned as well )

Make sure you have enabled 'Show hidden files and folders'

Here's how to that in XP

Can you recheck after doing so, to see the file is there or not? If so, rightclick + delete.

Thanks!

Cheers,