Solved

floating blue search Bar

Posted on 2004-09-24
7
723 Views
Last Modified: 2010-08-05
I have had "a floating blue search Bar" appear on my desktop recently, also lots of popups and really slow performance. I ran "spy-bot SD",Ad Aware, and a few others. I found lots of things but couldn't get rid of that stupid bar! I also got to the point where the computer would logoff immedietly after logon and I had to re-install windows -w- the repair option at which point I lost my DSL connection, I'll fix that tomorrow but that search bar is still there.

I saw on DSL Reports where somebody got rid of the following for that problem:
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

There is also {C:\WINDOWS\wdskctl.exe} does it get removed to?

What about stuff like the following:
{O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz.exe}
and {C:\WINDOWS\System32\xhapfz.exe}
I can't find anything for those anywhere!

Here is the HijackThis Log which is full of who knows what, help please/THX.

Logfile of HijackThis v1.98.2
Scan saved at 9:07:27 PM, on 09/22/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\xhapfz.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Christine L. Schmidt\Desktop\stinger.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\PROGRA~1\NORTON~1\QServer.exe
C:\Virus Removal\HijackThis.exe
C:\Program Files\Microsoft Money\System\urlmap.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Innovations.lnk = C:\Program Files\Innovations\machineinterface.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
0
Comment
Question by:TRUSPRO
7 Comments
 
LVL 2

Expert Comment

by:Shattuc
Comment Utility
Please Update your Ad-Aware and Spybot S&D.
http://www.lavasoftusa.com/software/adaware/ Ad-Aware
http://www.safer-networking.org/en/download/index.html Spybot S&D

download and run AVG anti-virus found here, http://free.grisoft.com/freeweb.php/doc/2/

configure Ad-Aware and Spybot according to the instructions found here
http://www.cjwd.demon.co.uk/spybot-adaware.html

also, you may try rebooting in Safe mode and running Ad-Aware, and Spybot. be sure to reboot between scans.

also, make sure you have the HJT program in it's own folder, so it can save backups.
when the above is done please rescan with HJT, and post a new log.





0
 
LVL 21

Expert Comment

by:jvuz
Comment Utility
Put your log here and it will be analyzed for you.

http://www.hijackthis.de/index.php?langselect=english
0
 
LVL 2

Expert Comment

by:Shattuc
Comment Utility
Jvuz, there is a problem with that auto scanner. there is a new Variant of CWS, if you delete the parts in HJT that that program tells you to, this Variant, Replicates, mutates, and basically is a pain to remove to begin with.

deleting entries prematurely will not accomplish anything.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:TRUSPRO
Comment Utility
I found a program called Spy Sweeper by Webroot that fixed the search bar and other junk.
Also found a link on Microsoft that said to re-install Service pack 1, I did and the internet was back.

Case Closed, Thanks
0
 
LVL 29

Expert Comment

by:blue_zee
Comment Utility

Quick footnote:

Update your Internet Explorer!!

Zee
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
Comment Utility
Question answered by asker or dialog valuable.
Closed, 250 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now