I have had "a floating blue search Bar" appear on my desktop recently, also lots of popups and really slow performance. I ran "spy-bot SD",Ad Aware, and a few others. I found lots of things but couldn't get rid of that stupid bar! I also got to the point where the computer would logoff immedietly after logon and I had to re-install windows -w- the repair option at which point I lost my DSL connection, I'll fix that tomorrow but that search bar is still there.
I saw on DSL Reports where somebody got rid of the following for that problem:
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
There is also {C:\WINDOWS\wdskctl.exe} does it get removed to?
What about stuff like the following:
{O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz
.exe}
and {C:\WINDOWS\System32\xhapf
z.exe}
I can't find anything for those anywhere!
Here is the HijackThis Log which is full of who knows what, help please/THX.
Logfile of HijackThis v1.98.2
Scan saved at 9:07:27 PM, on 09/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\b
in\DAMon.e
xe
C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\hpz
tsb06.exe
C:\PROGRA~1\NORTON~1\navap
w32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\xhapfz
.exe
C:\Program Files\Java\j2re1.4.2_01\bi
n\jusched.
exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Christine L. Schmidt\Desktop\stinger.ex
e
C:\PROGRA~1\NORTON~1\navw3
2.exe
C:\PROGRA~1\NORTON~1\QServ
er.exe
C:\Virus Removal\HijackThis.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://smbusiness.dellnet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
32\userini
t.exe,C:\W
indows\Sys
tem32\wsau
pdater.exe
,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
09B6AD74AC
C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\b
in\DAMon.e
xe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\hpz
tsb06.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
w32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [ivopkck] C:\WINDOWS\System32\xhapfz
.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
n\jusched.
exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Innovations.lnk = C:\Program Files\Innovations\machinei
nterface.e
xe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
9046DEA8A2
1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
E40F83B1AD
F} (Live365Player Class) -
http://www.live365.com/players/play365.cab
http://www.lavasoftusa.com/software/adaware/ Ad-Aware
http://www.safer-networking.org/en/download/index.html Spybot S&D
download and run AVG anti-virus found here, http://free.grisoft.com/freeweb.php/doc/2/
configure Ad-Aware and Spybot according to the instructions found here
http://www.cjwd.demon.co.uk/spybot-adaware.html
also, you may try rebooting in Safe mode and running Ad-Aware, and Spybot. be sure to reboot between scans.
also, make sure you have the HJT program in it's own folder, so it can save backups.
when the above is done please rescan with HJT, and post a new log.