Options
Yet another HomeSearch... aeohp.dll/index.html#96676
I'm sorry to have to post another HomeSearch thread, but I've been at this for days... but still havn't managed to shake this....I've tried a bunch of ideas from this forum... I have ran the lastest versions of:
Spybot
Search & Destroy
AdAware
AboutBuster
HJT
One of the things that I run into is that when I try the fix involving services.msc, "Network Security Service" isn't an option for me
Any help would be greatly appreciated!!
Here's the HJT log..
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\mfcaj.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\WINDOWS\ntip32.exe
D:\Documents and Settings\Crack.CRACKED\My Documents\hijackthis\HijackThis.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\mmc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C97FF6D5-D8E9-6EAE-0F99-AC588DF99F9C} - D:\WINDOWS\system32\syszl32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ntip32.exe] D:\WINDOWS\ntip32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - D:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.greeneggsnsam.com
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll (file missing)
And…. Here’s the AboutBuster Log
-- Scan 1
About:Buster Version 2.11
Reference List : 11
Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Removed! : D:\WINDOWS\apisl32.exe
Removed! : D:\WINDOWS\flkqw.dll
Removed! : D:\WINDOWS\gdakk.dll
Removed! : D:\WINDOWS\idixz.dll
Removed! : D:\WINDOWS\ntip32.exe
Removed! : D:\WINDOWS\pomxh.dll
Removed! : D:\WINDOWS\qovyh.dll
Removed! : D:\WINDOWS\System32\buvks.dll
Removed! : D:\WINDOWS\System32\d3vm.exe
Removed! : D:\WINDOWS\System32\dovkq.dat
Removed! : D:\WINDOWS\System32\netag.exe
Removed! : D:\WINDOWS\System32\pgptt.dll
Removed! : D:\WINDOWS\System32\vpgpt.dat
Removed! : D:\WINDOWS\System32\zzxmu.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2
About:Buster Version 2.11
Reference List : 11
Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Removed! : D:\WINDOWS\netuk32.exe
Error Removing! : D:\WINDOWS\netuk32.exe.bak
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
Spybot
Search & Destroy
AdAware
AboutBuster
HJT
One of the things that I run into is that when I try the fix involving services.msc, "Network Security Service" isn't an option for me
Any help would be greatly appreciated!!
Here's the HJT log..
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\mfcaj.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\WINDOWS\ntip32.exe
D:\Documents and Settings\Crack.CRACKED\My Documents\hijackthis\HijackThis.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\mmc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C97FF6D5-D8E9-6EAE-0F99-AC588DF99F9C} - D:\WINDOWS\system32\syszl32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ntip32.exe] D:\WINDOWS\ntip32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - D:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.greeneggsnsam.com
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll (file missing)
And…. Here’s the AboutBuster Log
-- Scan 1
About:Buster Version 2.11
Reference List : 11
Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Removed! : D:\WINDOWS\apisl32.exe
Removed! : D:\WINDOWS\flkqw.dll
Removed! : D:\WINDOWS\gdakk.dll
Removed! : D:\WINDOWS\idixz.dll
Removed! : D:\WINDOWS\ntip32.exe
Removed! : D:\WINDOWS\pomxh.dll
Removed! : D:\WINDOWS\qovyh.dll
Removed! : D:\WINDOWS\System32\buvks.dll
Removed! : D:\WINDOWS\System32\d3vm.exe
Removed! : D:\WINDOWS\System32\dovkq.dat
Removed! : D:\WINDOWS\System32\netag.exe
Removed! : D:\WINDOWS\System32\pgptt.dll
Removed! : D:\WINDOWS\System32\vpgpt.dat
Removed! : D:\WINDOWS\System32\zzxmu.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2
About:Buster Version 2.11
Reference List : 11
Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Removed! : D:\WINDOWS\netuk32.exe
Error Removing! : D:\WINDOWS\netuk32.exe.bak
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
0
Comments
First, print this page so you have these instructions and your current HJT log on paper in front of you.
If you do not have that service, I want you to manually do a hard-power down or restart on your computer. Do not select shutdown from your menu, just reach over and shut it off, then back on, or hit the restart button on your case. When it starts to boot, tap the F8 key to get the boot options menu, and select SAFE MODE.
Once you are in SAFE MODE, run HijackThis, and FIX these entries:
***NOTE: This Hijack appears to have the ability to rename its files, apparently when the computer is shutdown or the task has been ended. If you have rebooted your computer since you posted this log, check Hijack This to make sure that the file names are indentical to what you have posted. Otherwise, you need to post a new log, and NOT SHUT DOWN YOUR COMPUTER until you have gotten a reply from one of us as to what files you need to remove.*****
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\system32\pgptt.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\pgptt.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C97FF6D5-D8E9-6EAE-0F99-AC588DF99F9C} - D:\WINDOWS\system32\syszl32.dll
O4 - HKLM\..\Run: [ntip32.exe] D:\WINDOWS\ntip32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - D:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll (file missing)
***If you do not find those exact entries in SAFE MODE, it means the processes have renamed themselves. Identify the new names by identifying the patterns:
- multiple R0 and R1 entries with the same dll name in them
- an 02 BHO entry with a random seeming dll name, usually 5 characters followed by a 32
- an 04 HKLM run entry with a random seeming exe name of either 4 or 5 chars, often with 32 in the name.
If the files have renamed themselves, compare your current log with the one you printed out earlier, to see which entries appear now that were not there before. If entries appear on your current scan that were not on the printed scan from earlier, FIX THEM.***
Next, stay in SAFE MODE, and locate all of the .exe files and .dll files mentioned above. Make sure you are set to show hidden files and folders on your system, instructions to do that are in the link above "Steps to take before posting a Hijack This log."
According to your log, these are the files you need to look for:
D:\WINDOWS\system32\pgptt.dll
D:\WINDOWS\system32\syszl32.dll
D:\WINDOWS\ntip32.exe
D:\WINDOWS\msopt.dll
If they have changed, note from the current log what they are named, and locate them.
Move these files to a new folder called :C:\Quarantine. Rename the the .exe's to .xxx. and the dll's to .ddd. That way you can always replace them if it somehow turns out that one or more of these are necessary files....which is not likely, but quarantining is safer than deleting them.
Now, reboot normally, and check things out. Come let us know how it worked. Run a new HJT scan, and post the log here for further review.
Dexter...
Here is the new log, and I will try my best not to restart the computer until I hear back from you guys.
Thanks!
Logfile of HijackThis v1.98.2
Scan saved at 11:06:24 PM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\mfcaj.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\winuw32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
D:\Documents and Settings\Crack.CRACKED\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\oeocu.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://D:\WINDOWS\oeocu.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://D:\WINDOWS\oeocu.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\oeocu.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {79648DFB-68DF-1E93-75CD-F0B0057CF46C} - D:\WINDOWS\appto.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [winuw32.exe] D:\WINDOWS\system32\winuw32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.greeneggsnsam.com
Thanks again,
Mike
Since you first posted, we have learned more about this problem, and written a Home Search Assistant Removal Guide.
Follow that guide, then come back to this thread and lt me know if it worked for you.
Dexter...