1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] help removing searchv

Discussion in 'Web & Email' started by mullethead, Oct 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. mullethead

    mullethead Thread Starter

    Joined:
    Oct 19, 2003
    Messages:
    2
    My default web page is getting reset to searchv.com. I found spybot and ad-aware a few months ago when I had a simiular problem - and they resolved it - great stuff. This time though, they didn't. I found similar posts regarding this, and am posting my hijackthis log in the hopes that you can help please!


    Logfile of HijackThis v1.97.3
    Scan saved at 8:05:48 PM, on 10/19/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\mnmsrvc.exe
    F:\Oracle\iSuites\bin\dbsnmp.exe
    F:\Oracle\iSuites\bin\vppdc.exe
    F:\Oracle\iSuites\Apache\Apache\Apache.exe
    F:\Oracle\iSuites\BIN\TNSLSNR.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    F:\Oracle\iSuites\Apache\jdk\bin\java.exe
    F:\Oracle\iSuites\Apache\Apache\Apache.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\BellSouth\Connection Manager\CManager.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.com/w/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/w/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/w/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.the-huns-yellow-pages.com/hp.html
    O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\copeh.COPEH\Application Data\winshow\winshow.dll
    O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINNT\System32\askbarAB.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [sys] regedit /s C:\WINNT\sys.reg
    O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll"
    O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll"
    O4 - HKLM\..\RunOnce: [driversV2.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll"
    O4 - HKLM\..\RunOnce: [Cdbootable.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll"
    O4 - HKLM\..\RunOnce: [cdDataPS.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll"
    O4 - HKLM\..\RunOnce: [cdExtra.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll"
    O4 - HKLM\..\RunOnce: [cdmp3.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll"
    O4 - HKLM\..\RunOnce: [database.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll"
    O4 - HKLM\..\RunOnce: [ISO9660.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll"
    O4 - HKLM\..\RunOnce: [Joliet.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll"
    O4 - HKLM\..\RunOnce: [Udf.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll"
    O4 - HKLM\..\RunOnce: [creator.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll"
    O4 - HKLM\..\RunOnce: [Translator.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll"
    O4 - HKLM\..\RunOnce: [CDEngine.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll"
    O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINNT\inf\unregmp2.exe /FixUps
    O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
    O4 - Global Startup: MSupdater.exe
    O8 - Extra context menu item: Ask Jeeves Search - javascript:external.menuArguments.location.href="javascript:AskBarcommand='cmd-search-selection'"
    O8 - Extra context menu item: Dictionary Search - javascript:external.menuArguments.location.href="javascript:AskBarcommand='cmd-search-selection-word'"
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.2054976852
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tridentad.org
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0DD62B14-E953-4540-9B81-A7B5A5B995BD}: NameServer = 10.0.20.57,10.0.20.58
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tridentad.org
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0DD62B14-E953-4540-9B81-A7B5A5B995BD}: NameServer = 10.0.20.57,10.0.20.58
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tridentad.org
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0DD62B14-E953-4540-9B81-A7B5A5B995BD}: NameServer = 10.0.20.57,10.0.20.58
     
  2. kiwiguy

    kiwiguy

    Joined:
    Aug 17, 2003
    Messages:
    17,584
  3. mullethead

    mullethead Thread Starter

    Joined:
    Oct 19, 2003
    Messages:
    2
    thanks a bunch. a lot of good info in the reference you provided. The searchv entries are pretty clear - 'fix' them all. thanks!
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You've got something way wrong in that Scanlog.

    None of those "runonce" items should be there. They are designed to do just that, runonce and not again.

    Something went wrong with that Adaptec install. Perhaps you didn't reboot before running HijackThis?

    They should be removed.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/173190

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice