Options
Can't get rid of Home Search
I tried everything it says here. It seem to work and the next day it came back.
Here is my log :
Logfile of HijackThis v1.98.2
Scan saved at 15:49:04, on 2004-09-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\ipvg32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5B95B475-604B-AEC4-BABC-86E5229BEEA3} - C:\WINNT\system32\syskz32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr-ca\msnappau.exe"
O4 - HKLM\..\Run: [sysar.exe] C:\WINNT\system32\sysar.exe
O4 - HKLM\..\Run: [ipvg32.exe] C:\WINNT\ipvg32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20010730/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv
Thank-you
Here is my log :
Logfile of HijackThis v1.98.2
Scan saved at 15:49:04, on 2004-09-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\ipvg32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jgsor.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\jgsor.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5B95B475-604B-AEC4-BABC-86E5229BEEA3} - C:\WINNT\system32\syskz32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr-ca\msnappau.exe"
O4 - HKLM\..\Run: [sysar.exe] C:\WINNT\system32\sysar.exe
O4 - HKLM\..\Run: [ipvg32.exe] C:\WINNT\ipvg32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20010730/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv
Thank-you
0
Comments
Dexter...
I'm also posting my last hjt log:
These are the Current Active Services:
Ati HotKey Poller: Ati HotKey Poller
C:\WINNT\System32\Ati2evxx.exe
Service de transfert intelligent en arrière-plan: BITS
C:\WINNT\System32\svchost.exe -k BITSgroup
Explorateur d'ordinateur: Browser
C:\WINNT\System32\services.exe
Client DHCP: Dhcp
C:\WINNT\System32\services.exe
Gestionnaire de disque logique: dmserver
C:\WINNT\System32\services.exe
Client DNS: Dnscache
C:\WINNT\System32\services.exe
Journal des événements: Eventlog
C:\WINNT\system32\services.exe
Serveur: lanmanserver
C:\WINNT\System32\services.exe
Station de travail: lanmanworkstation
C:\WINNT\System32\services.exe
Service d'application d'assistance TCP/IP NetBIOS: LmHosts
C:\WINNT\System32\services.exe
Plug-and-Play: PlugPlay
C:\WINNT\system32\services.exe
Emplacement protégé: ProtectedStorage
C:\WINNT\system32\services.exe
Service d'exécution par délégation: seclogon
C:\WINNT\system32\services.exe
Client de suivi de lien distribué: TrkWks
C:\WINNT\system32\services.exe
Horloge Windows: W32Time
C:\WINNT\System32\services.exe
Extensions du pilote WMI: Wmi
C:\WINNT\system32\Services.exe
DefWatch: DefWatch
C:\Program Files\NavNT\defwatch.exe
Système d'événements de COM+: EventSystem
C:\WINNT\System32\svchost.exe -k netsvcs
Connexions réseau: Netman
C:\WINNT\System32\svchost.exe -k netsvcs
Médias amovibles: NtmsSvc
C:\WINNT\System32\svchost.exe -k netsvcs
Gestionnaire de connexions d'accès distant: RasMan
C:\WINNT\System32\svchost.exe -k netsvcs
Notification d'événement système: SENS
C:\WINNT\system32\svchost.exe -k netsvcs
Téléphonie: TapiSrv
C:\WINNT\System32\svchost.exe -k netsvcs
Ouverture de session réseau: Netlogon
C:\WINNT\System32\lsass.exe
Agent de stratégie IPSEC: PolicyAgent
C:\WINNT\System32\lsass.exe
Gestionnaire de comptes de sécurité: SamSs
C:\WINNT\system32\lsass.exe
Norton AntiVirus Client: Norton AntiVirus Server
C:\Program Files\NavNT\rtvscan.exe
Network Security Service (NSS): O?’ŽrtñåȲ$Ó
C:\WINNT\winhlp32.exe:dmmca /s
Service d'accès à distance au Registre: RemoteRegistry
C:\WINNT\system32\regsvc.exe
Appel de procédure distante (RPC): RpcSs
C:\WINNT\system32\svchost -k rpcss
Planificateur de tâches: Schedule
C:\WINNT\system32\MSTask.exe
Spouleur d'impression: Spooler
C:\WINNT\system32\spoolsv.exe
Still Image Service: StiSvc
C:\WINNT\system32\stisvc.exe
Infrastructure de gestion Windows: WinMgmt
C:\WINNT\System32\WBEM\WinMgmt.exe
WMDM PMSP Service: WMDM PMSP Service
C:\WINNT\System32\mspmspsv.exe
Mises à jour automatiques: wuauserv
C:\WINNT\system32\svchost.exe -k wugroup
Here is my last hjt log.
Logfile of HijackThis v1.98.2
Scan saved at 14:17:09, on 2004-09-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\atlpc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {94A3C8D3-83DF-21AD-0ADC-B7847DB29C94} - C:\WINNT\system32\winpx.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [atlpc.exe] C:\WINNT\system32\atlpc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20010730/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv
Thanks again
You're going to want to try our alternative removal method.
The processes you must end are:
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atlpc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
The files you must get rid of are:
C:\WINNT\system32\vfqgr.dll
C:\WINNT\system32\winpx.dll
C:\Program Files\Winad Client\Winad.exe
C:\WINNT\system32\atlpc.exe
internat.exe
The log entries you need to kill are:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vfqgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {94A3C8D3-83DF-21AD-0ADC-B7847DB29C94} - C:\WINNT\system32\winpx.dll
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [atlpc.exe] C:\WINNT\system32\atlpc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
After you do these things, PULL THE PLUG on your computer - do NOT properly shut it down.
Then when it comes back on, post a new log.
Logfile of HijackThis v1.98.2
Scan saved at 14:30:08, on 2004-09-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pml.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pml.prv
When looking in the program remove in the parameters, Home search is still there.
Is this normal ? Besides this, everything seems good.
Thanks again.
As for the Add/Remove Programs, it is most likely just a registry entry that did not get deleted. It's not harmful, and doing it yourself (if you don't have a high knowledge of computers--especially the registry) may cause certain parts of your computer to not work correctly, or not work at all. If I were you I'd just ignore that.