I tried everything it says here. It seem to work and the next day it came back.

Here is my log :

Logfile of HijackThis v1.98.2
Scan saved at 15:49:04, on 2004-09-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\ipvg32.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5B95B475-604B-AEC4-BABC-86E5229BEEA3} - C:\WINNT\system32\syskz32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr-ca\msnappau.exe"
O4 - HKLM\..\Run: [sysar.exe] C:\WINNT\system32\sysar.exe
O4 - HKLM\..\Run: [ipvg32.exe] C:\WINNT\ipvg32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20010730/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv


Thank-you

Please refer to Post # 2 (http://www.short-media.com/forum/showpost.php?p=174924&postcount=2) of the Home Search Assistant Removal Guide (http://www.short-media.com/forum/showthread.php?t=18846) to learn how to generate a log of your active services. Do that, post it here, and we will help you as soon as we can.

Dexter...

Here are my active services. Keep in mind that my system runs in french language.
I'm also posting my last hjt log:


These are the Current Active Services:

Ati HotKey Poller: Ati HotKey Poller
C:\WINNT\System32\Ati2evxx.exe

Service de transfert intelligent en arrière-plan: BITS
C:\WINNT\System32\svchost.exe -k BITSgroup

Explorateur d'ordinateur: Browser
C:\WINNT\System32\services.exe

Client DHCP: Dhcp
C:\WINNT\System32\services.exe

Gestionnaire de disque logique: dmserver
C:\WINNT\System32\services.exe

Client DNS: Dnscache
C:\WINNT\System32\services.exe

Journal des événements: Eventlog
C:\WINNT\system32\services.exe

Serveur: lanmanserver
C:\WINNT\System32\services.exe

Station de travail: lanmanworkstation
C:\WINNT\System32\services.exe

Service d'application d'assistance TCP/IP NetBIOS: LmHosts
C:\WINNT\System32\services.exe

Plug-and-Play: PlugPlay
C:\WINNT\system32\services.exe

Emplacement protégé: ProtectedStorage
C:\WINNT\system32\services.exe

Service d'exécution par délégation: seclogon
C:\WINNT\system32\services.exe

Client de suivi de lien distribué: TrkWks
C:\WINNT\system32\services.exe

Horloge Windows: W32Time
C:\WINNT\System32\services.exe

Extensions du pilote WMI: Wmi
C:\WINNT\system32\Services.exe

DefWatch: DefWatch
C:\Program Files\NavNT\defwatch.exe

Système d'événements de COM+: EventSystem
C:\WINNT\System32\svchost.exe -k netsvcs

Connexions réseau: Netman
C:\WINNT\System32\svchost.exe -k netsvcs

Médias amovibles: NtmsSvc
C:\WINNT\System32\svchost.exe -k netsvcs

Gestionnaire de connexions d'accès distant: RasMan
C:\WINNT\System32\svchost.exe -k netsvcs

Notification d'événement système: SENS
C:\WINNT\system32\svchost.exe -k netsvcs

Téléphonie: TapiSrv
C:\WINNT\System32\svchost.exe -k netsvcs

Ouverture de session réseau: Netlogon
C:\WINNT\System32\lsass.exe

Agent de stratégie IPSEC: PolicyAgent
C:\WINNT\System32\lsass.exe

Gestionnaire de comptes de sécurité: SamSs
C:\WINNT\system32\lsass.exe

Norton AntiVirus Client: Norton AntiVirus Server
C:\Program Files\NavNT\rtvscan.exe

Network Security Service (NSS): O?’ŽrtñåȲ$Ó
C:\WINNT\winhlp32.exe:dmmca /s

Service d'accès à distance au Registre: RemoteRegistry
C:\WINNT\system32\regsvc.exe

Appel de procédure distante (RPC): RpcSs
C:\WINNT\system32\svchost -k rpcss

Planificateur de tâches: Schedule
C:\WINNT\system32\MSTask.exe

Spouleur d'impression: Spooler
C:\WINNT\system32\spoolsv.exe

Still Image Service: StiSvc
C:\WINNT\system32\stisvc.exe

Infrastructure de gestion Windows: WinMgmt
C:\WINNT\System32\WBEM\WinMgmt.exe

WMDM PMSP Service: WMDM PMSP Service
C:\WINNT\System32\mspmspsv.exe

Mises à jour automatiques: wuauserv
C:\WINNT\system32\svchost.exe -k wugroup


Here is my last hjt log.

Logfile of HijackThis v1.98.2
Scan saved at 14:17:09, on 2004-09-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\atlpc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {94A3C8D3-83DF-21AD-0ADC-B7847DB29C94} - C:\WINNT\system32\winpx.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [atlpc.exe] C:\WINNT\system32\atlpc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20010730/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv

Thanks again

Hi.

You're going to want to try our alternative removal method (http://www.short-media.com/forum/showpost.php?p=187865&postcount=5).

The processes you must end are:

C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atlpc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

The files you must get rid of are:


C:\WINNT\system32\vfqgr.dll
C:\WINNT\system32\winpx.dll
C:\Program Files\Winad Client\Winad.exe
C:\WINNT\system32\atlpc.exe
internat.exe

The log entries you need to kill are:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {94A3C8D3-83DF-21AD-0ADC-B7847DB29C94} - C:\WINNT\system32\winpx.dll

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [atlpc.exe] C:\WINNT\system32\atlpc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe


After you do these things, PULL THE PLUG on your computer - do NOT properly shut it down.

Then when it comes back on, post a new log.

Here is my new log:


Logfile of HijackThis v1.98.2
Scan saved at 14:30:08, on 2004-09-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv


When looking in the program remove in the parameters, Home search is still there.
Is this normal ? Besides this, everything seems good.

Thanks again.

Your log looks good.

As for the Add/Remove Programs, it is most likely just a registry entry that did not get deleted. It's not harmful, and doing it yourself (if you don't have a high knowledge of computers--especially the registry) may cause certain parts of your computer to not work correctly, or not work at all. If I were you I'd just ignore that.