Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!
Learn how Concerto can help you.
Solved
floating blue search Bar
Posted on 2004-09-24
I have had "a floating blue search Bar" appear on my desktop recently, also lots of popups and really slow performance. I ran "spy-bot SD",Ad Aware, and a few others. I found lots of things but couldn't get rid of that stupid bar! I also got to the point where the computer would logoff immedietly after logon and I had to re-install windows -w- the repair option at which point I lost my DSL connection, I'll fix that tomorrow but that search bar is still there.
I saw on DSL Reports where somebody got rid of the following for that problem:
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
There is also {C:\WINDOWS\wdskctl.exe} does it get removed to?
What about stuff like the following:
{O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz
and {C:\WINDOWS\System32\xhapf
I can't find anything for those anywhere!
Here is the HijackThis Log which is full of who knows what, help please/THX.
Logfile of HijackThis v1.98.2
Scan saved at 9:07:27 PM, on 09/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\b
C:\WINDOWS\System32\spool\
C:\PROGRA~1\NORTON~1\navap
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\xhapfz
C:\Program Files\Java\j2re1.4.2_01\bi
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Christine L. Schmidt\Desktop\stinger.ex
C:\PROGRA~1\NORTON~1\navw3
C:\PROGRA~1\NORTON~1\QServ
C:\Virus Removal\HijackThis.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\b
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Innovations.lnk = C:\Program Files\Innovations\machinei
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
I saw on DSL Reports where somebody got rid of the following for that problem:
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
There is also {C:\WINDOWS\wdskctl.exe} does it get removed to?
What about stuff like the following:
{O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz
and {C:\WINDOWS\System32\xhapf
I can't find anything for those anywhere!
Here is the HijackThis Log which is full of who knows what, help please/THX.
Logfile of HijackThis v1.98.2
Scan saved at 9:07:27 PM, on 09/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\b
C:\WINDOWS\System32\spool\
C:\PROGRA~1\NORTON~1\navap
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\xhapfz
C:\Program Files\Java\j2re1.4.2_01\bi
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Christine L. Schmidt\Desktop\stinger.ex
C:\PROGRA~1\NORTON~1\navw3
C:\PROGRA~1\NORTON~1\QServ
C:\Virus Removal\HijackThis.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\b
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Innovations.lnk = C:\Program Files\Innovations\machinei
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +2
7 Comments
Please Update your Ad-Aware and Spybot S&D.
http://www.lavasoftusa.com/software/adaware/ Ad-Aware
http://www.safer-networking.org/en/download/index.html Spybot S&D
download and run AVG anti-virus found here, http://free.grisoft.com/freeweb.php/doc/2/
configure Ad-Aware and Spybot according to the instructions found here
http://www.cjwd.demon.co.uk/spybot-adaware.html
also, you may try rebooting in Safe mode and running Ad-Aware, and Spybot. be sure to reboot between scans.
also, make sure you have the HJT program in it's own folder, so it can save backups.
when the above is done please rescan with HJT, and post a new log.
http://www.lavasoftusa.com/software/adaware/ Ad-Aware
http://www.safer-networking.org/en/download/index.html Spybot S&D
download and run AVG anti-virus found here, http://free.grisoft.com/freeweb.php/doc/2/
configure Ad-Aware and Spybot according to the instructions found here
http://www.cjwd.demon.co.uk/spybot-adaware.html
also, you may try rebooting in Safe mode and running Ad-Aware, and Spybot. be sure to reboot between scans.
also, make sure you have the HJT program in it's own folder, so it can save backups.
when the above is done please rescan with HJT, and post a new log.
Put your log here and it will be analyzed for you.
http://www.hijackthis.de/index.php?langselect=english
http://www.hijackthis.de/index.php?langselect=english
Jvuz, there is a problem with that auto scanner. there is a new Variant of CWS, if you delete the parts in HJT that that program tells you to, this Variant, Replicates, mutates, and basically is a pain to remove to begin with.
deleting entries prematurely will not accomplish anything.
deleting entries prematurely will not accomplish anything.
I found a program called Spy Sweeper by Webroot that fixed the search bar and other junk.
Also found a link on Microsoft that said to re-install Service pack 1, I did and the internet was back.
Case Closed, Thanks
Also found a link on Microsoft that said to re-install Service pack 1, I did and the internet was back.
Case Closed, Thanks
Featured Post
With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses
Course of the Month7 days, 22 hours left to enroll
715 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.