Hijack Log-What to Remove

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
I went here to delete Search Squire.....I see multiple entries with that name in it...do I delete all these? Also, anything else need deleting? Thanks and take care! angel :)

Have no idea where Search Squire came from! I found it when I ran SpyBot because TSG kept on freezing up on me. I have the feeling I got it when I checked out a site posted in random in the thread "off subject but it affects all of us". :rolleyes: Won't be checking links anymore in random! :)

Logfile of HijackThis v1.96.1
Scan saved at 2:57:18 AM, on 9/28/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
C:\PROGRAM FILES\FIND-A-DRUG\SERVER.EXE
C:\PROGRAM FILES\FIND-A-DRUG\THINK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\FIND-A-DRUG\TRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSCONFIG.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OH2VSTER\HIJACKTHIS196[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\angelize56\prefs.js)
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O2 - BHO: (no name) - {11990E9F-2A4D-11D6-9507-02608CDD2841} - (no file)
O2 - BHO: SearchSquire3 - {907CA0E5-CE84-11D6-9508-02608CDD2841} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Global Startup: think.lgo
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .mid: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .rmf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPBeatSP.dll
O12 - Plugin for .mpg: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {0CEC7E32-884C-11D4-86EC-00105AD18ACB} (DFRun Class) - http://www.gator.com/download/1800/iegator.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www103.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20000128/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {ED4E6F97-FA1A-4634-B550-AABFEB8DA009} (TulipPlayer Class) - http://abc.go.com/primetime/movies/rosered/gargoyle/TulipPlayer2.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37605.1060416667
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://powe45.vwh.net/downloads/upgradefinder.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...mer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...bar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...bar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
O2 - BHO: (no name) - {11990E9F-2A4D-11D6-9507-02608CDD2841} - (no file)
O2 - BHO: SearchSquire3 - {907CA0E5-CE84-11D6-9508-02608CDD2841} - (no file)
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {0CEC7E32-884C-11D4-86EC-00105AD18ACB} (DFRun Class) - http://www.gator.com/download/1800/iegator.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www103.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {ED4E6F97-FA1A-4634-B550-AABFEB8DA009} (TulipPlayer Class) - http://abc.go.com/primetime/movies/...ulipPlayer2.cab
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://powe45.vwh.net/downloads/upgradefinder.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB


then reboot & delete the entire C:\PROGRAM FILES\SVA PLAYER\ folder

then open IE/tools/options/programs and press reset web settings, that will give you M$ default setings and you can then set your hoem/search pages of choice
 

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
I removed the following:

O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836}
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O2 - BHO: (no name) - {11990E9F-2A4D-11D6-9507-02608CDD2841} - (no file)
O2 - BHO: SearchSquire3 - {907CA0E5-CE84-11D6-9508-02608CDD2841} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {0CEC7E32-884C-11D4-86EC-00105AD18ACB} (DFRun Class) - http://www.gator.com/download/1800/iegator.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www103.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB

I did a backup before removing...but in HJT the backup text box is now empty. :confused:

Anything else I can safely remove? Also in start-up there is still a SearchSquire3....how do I remove that from start-up? I unchecked it but want it gone! :) Take care. angel :)
 

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
And these you said:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...mer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...bar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...bar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

Going on to your next step and thanks!!! :) Take care. angel :)
 

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
Thanks again Derek! :) Just waiting now to hear how to remove SearchSquire3 from my start-up. :) Take care! angel :)
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
it shouldn't be in your start up now

if you mean it's still listed in msconfig, don't worry often orphaned entries stay listed but don't do anything
 

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
Ok then! That's where it is...in msconfig. Thanks again and headed to bed happy! :) Take care. angel :)
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
About the following:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX


The first is the SpyBot S&D Browser helper, and the second the Internet Explorer Radio bar, an integral part of IE.

You may want to restore those items from the HT backups.
 

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
Tony: Oh oh! I went to the backup in HJT and there is nothing there! There was earlier this morning. Now how do I get back the 2 items removed in your post??? :) Take care. angel

$teve: Thanks for the pm! (y) :)
 

angelize56

Thread Starter
Always remembered in our hearts
Joined
Apr 17, 2002
Messages
82,163
I just did a repair on IE...would that bring back the IE radio bar? Take care. angel
 
Joined
Oct 9, 2001
Messages
9,396
The radio bar is for media player and the O2 is for spybot.
Nothing seriously deleted......you can re-download SSD and get the latest media player.

;)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top