Solved

XP Search Companion & IE 6 Freeze Up MY System

Posted on 2004-08-13
14
571 Views
Last Modified: 2010-08-05
About a month ago I had a rash or virus problems hit my machine.  I am running XP SP1 and IE 6 SP1 on a High Speed DSL Line.  I spent over a week getting rid of “Home Search Assistant”, “Shopping Wizard”, & “Search Extender”.  Just when I thought all was well or “better” it seems now I have a system that is nothing but trouble.
·      Search Companion doesn’t open from the “Start” bar, when selected the action just freezes the system for 30 seconds.  Search companion does work however from the “My Computer” icon.
·      When I open IE it either doesn’t open or takes over 60 seconds to open.
·      Hyper links won’t open.  They, like Search Companion just freeze up the system for 30 seconds.
·      I have Ad-aware 6, Spybot Search & Destroy 1.3, NoAdware v2.0, CWShredder v1.59.1, and I’m running Norton SystemWorks.  All are updated and when I run them they seem to be picking up  things but still I have problems.
·      When I run Netscape Communicator 7 (by backup browser) it seems to work ok.

Spybot always returns the same info:
DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-21-839522115-2142038339-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-07-09 Includes\Cookies.sbi
2004-07-28 Includes\Dialer.sbi
2004-07-27 Includes\Hijackers.sbi
2004-07-27 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-07-27 Includes\Malware.sbi
2004-07-09 Includes\Revision.sbi
2004-07-02 Includes\Security.sbi
2004-07-27 Includes\Spybots.sbi
2004-07-28 Includes\Tracks.uti
2004-07-27 Includes\Trojans.sbi


HiJACKTHIS LOG FOLLOWS:  It seems to have found a lot of things but I don't know what I should select to fix?

Logfile of HijackThis v1.98.2
Scan saved at 11:18:53 AM, on 8/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\PROGRA~1\NORTON~2\NORTON~2\navapw32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\Len Holmes\Desktop\VIRUS SOFTWARE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8403CB53-12B3-4537-9DEC-4F12F70A883D} - C:\WINDOWS\System32\anti-pp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~2\navapw32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Any HELP would really be appreciated I have far too many hours into this...
0
Comment
Question by:LenHolmes
  • 8
  • 6
14 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11795881
Hello LenHolmes =)

Try opening IE and Search assistant in Safemode
if u dotn feelt eh problems there then Create a New user
and login with that user
check for the problem there and post back results ??

coz it can be possible that only ur user profile has been corrupted and a new user will not have these problem.... in this case we can transfer ur user to the new one !!!!

How to copy data from a corrupted user profile to a new profile
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811151
0
 

Author Comment

by:LenHolmes
ID: 11806786
SheharyaarSaahil, both IE and Search work fine in safemode but when I create a new user and logon I have the same problems?
 
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11808262
try doing this now.....

goto Start>Run>msconfig>Startup
click on Disable All
reboot and dont connect to internet
now check for the problem for search assistant
if it has gone, then re-enable each application at a time and trace out the culprit !!!!!

otherwise we will try to repair IE and search assitant :)
0
 

Author Comment

by:LenHolmes
ID: 11811562
Tried to start Search from Start menu after disabling all Services and re-booting... No Change!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11811687
ok do this now....
goto Start>Run>type  C:\Windows\inf
look for the file srchasst.inf
right click it and click on Install
insert the WinXP cd and complete the installation
reboot ur system and look for the search assistant problem now ??
0
 

Author Comment

by:LenHolmes
ID: 11815987
Ran srchasst.inf  it asked for the XP CD and began to run. It asked for the SP1 CD {which I don't have} as it needed srchui.dl.  I ran a search on my machine and SRCHUI.DL_ showed up in C:\Documents and Settings\Len Holmes\Local Settings\Application Data\Microsoft\CD Burning\I386  but I was upable to enter that path ..  I assumed it was the CD, I redirected the search to the CD and it continuer to install srchasst.inf.  I rebooted and still no change.  I then went and reinstalled SP1a and still no change.  
Hijack log follows:
  Logfile of HijackThis v1.98.2
Scan saved at 4:00:31 PM, on 8/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\NORTON~2\NORTON~2\navapw32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Len Holmes\Desktop\VIRUS SOFTWARE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8403CB53-12B3-4537-9DEC-4F12F70A883D} - C:\WINDOWS\System32\anti-pp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~2\navapw32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11816069
it works in Safemode but not in Normal Mode !!!!!!

in safemode msconfig>startup applications dont run >> which has been tested already
in safemode msconfig>services dont run
in safemode sound and video cards dont load
in safemode ur external devices dont load

means any of them shud be culprit..... hmmmmmmm ready to trace out :)
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:LenHolmes
ID: 11816247
READY!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11816333
hmmmmmmm here we go.......

1. in Normal Mode goto Start>Run>Services
click on Disable All
reboot and DONT Do Anything else
just open Search Assistant and notice if any difference
if u can notice then u know how the trace out the culprit service ;-)
otherwise Re-Enable all services again and restart !!!

3. try disconnecting all external devices like printers, scanners and webcams etc etc
restart and check now for the problem ??

2. this is a bit hecting thing to do....
try swapping out the video and sound cards one by one to trace out which one is creating problem ??

and GOD forbid if u will still have problems after doing all these troubleshooting,,,, then buy an AK-47 and shoot ur system or me =|
0
 

Author Comment

by:LenHolmes
ID: 11816860
Well that was fun!

OK> 1. in Normal Mode goto Start>Run>{msconfig}Services click on Disable All reboot and DONT Do Anything else
just open Search Assistant and notice if any difference if u can notice then u know how the trace out the culprit service ;-)
otherwise Re-Enable all services again and restart !!!

OK> 3. try disconnecting all external devices like printers, scanners and webcams etc etc
restart and check now for the problem ??

OK>2. this is a bit hecting thing to do....
try swapping out the video and sound cards one by one to trace out which one is creating problem ??
 
Tried Start>Search after each attempt.  As always...Start Window goes away >Start Button stays in > and machine freezes for 30 seconds > and then Start Button comes back out and all is normal.

Ran the machine in Safe Mode W/ Networking just now and Start > Search works fine!  Also ran IE and opened every Hyperlink I selected without any delay!

New Point Value!!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11822980
hmmmmmmm so where is the AK-47 :-P

anywayz,,,,, lets have a look at ur LOG files.....
hmmmmmm so DSO Exploits, that a bug in spybot, and u need to follow some instructions here >> http://forums.net-integration.net/index.php?showtopic=15308&st=0&hl=dso+exploits

then Fix the follwoing files in hijackthis.....
===========================================
O2 - BHO: (no name) - {8403CB53-12B3-4537-9DEC-4F12F70A883D} - C:\WINDOWS\System32\anti-pp.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
===========================================

then run a Repair on IE....

Repair or Reinstall Internet Explorer in Windows XP:
http://www.theeldergeek.com/repair_ie6.htm
(First run the SFC scan, and then reinstall using ie.inf method)

then try running this tool:
http://www.mvps.org/sramesh2k/IEFIX.htm

restart and check now =\
0
 

Author Comment

by:LenHolmes
ID: 11826530
Put the AK-47 away for another time!

After Fixing the files you indicated in hijackthis, I rebooted and checked Search and Hyperlinks .................. YEAH BABY!
They work fine now...
Do you want me to continue with the Repair of IE & Run the Tool  ???
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 11831892
>> YEAH BABY! They work fine now...

reallyyyyyyyyyyyyyyyyy :-o
can u see my BigMac Smile :D

lol...... leave those repair tools.... if they are working fine now, then go and Partyyyyyyyyyyyyyyyyyyyyyyyy :D
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11831987
and becoz u are a new user, im just trying to clearify it, if u dont know it already, dont take me wrong ;-)

when ur problem get solved, u have to Accept the answer by hitting the Accept button(which u can see infront of each comment) infront of the comment which solved ur problem,,,,, and then assign a grade, that's all :)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5

!! Thanx !!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now