1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] is this web enhancer ?

Discussion in 'Earlier Versions of Windows' started by ree, Feb 7, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    Hi, my daughter accidentally visited a site or downloaded this not sure how this was added to my computer, or what it is other than spyware when I try to do a search i get an annoying query with about 5 other suggestions with a divider seperating it from my initial query it will either say :recommended firsts or enhanced help: making it hard to read my selection without having to move the bottom slider back and forth I have tried using adaware and spybot to no avail and its not in add and remove I would appreciate any help please. I have downloaded my start up list
    . Thank you CSINJECT.EXE c:\program files\norton systemworks\norton cleansweep\csinject.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    NAV Agent c:\progra~1\norton~1\norton~1\navapw32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NPROTECT c:\program files\norton systemworks\norton utilities\nprotect.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NPROTECT c:\program files\norton systemworks\norton utilities\nprotect.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    PE2CKFNT SE c:\program files\ulead systems\ulead photo express 2 se\chkfont.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    QD FastAndSafe c:\program files\norton systemworks\norton cleansweep\qdcsfs.exe /scheduler All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ScanRegistry c:\windows\scanregw.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ScriptBlocking "c:\program files\common files\symantec shared\script blocking\sbserv.exe" -reg All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    SymTray - Norton SystemWorks c:\program files\common files\symantec shared\symtray.exe "norton systemworks" All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    TaskMonitor c:\windows\taskmon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe -quiet .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
     
  2. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    When you do a search? This isn't spyware, it's more of a slightly mean and unsophisticated trick. It has set the search facility to "use one service for all searches" (click on "search => customise" to do this yourself) and then changed the registry entry at -

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    - to the sites own URL. Change it to the you're choice of search engine. I'm assuming you are fairly comfortable about delving into the registry, so I won't bother patronising you here. However, if you are unsure, post back and ask. We are all willing to help.

    Oh, and welcome to TSG!
     
  3. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    Thanks for the reply i'm not sure I asked the question correctly I still get the query I asked for so my search isn't completely hijacked I still have internet explorer as my main search engine, I went to customize but not sure what to do there ? I'm really new at this if it takes going to into the registry to be rid of this I will try it and once again thank you
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Download, unzip and run the HijackThis application from the site below. Click the 'scan' tab and then copy/paste the log it creates to a reply.

    http://www.lurkhere.com/~nicefiles/

    The info you posted is not a full 'startuplist' file. Startuplist is also integrated into HijackThis and can be run by clicking 'config' > 'misc tools' > 'generate startuplist'

    Posting a full startuplist would be helpful also.
     
  5. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    Sorry I couldn't get back sooner I had to leave for awhile . Here is my startup list I hope this will help . Thank you for helping and the welcoming.StartupList report, 2/7/2003, 9:36:29 PM
    StartupList version: 1.51
    Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v5.50 (5.50.4134.0100)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\PROGRAM FILES\KAZAA LITE\KAZAA.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    PE2CKFNT SE = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    QD FastAndSafe = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
    TaskMonitor = C:\WINDOWS\taskmon.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    CSINJECT.EXE = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Yahoo! Pager = C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:
    (Created 7/2/2003, 21:12:22)

    [rename]

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 7/2/2003, 3:23:26)

    [rename]
    NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
    NUL=C:\PROGRA~1\WEBHAN~1\PROGRAMS\WHIEHLPR.DLL
    NUL=C:\PROGRA~1\WEBHAN~1\PROGRAMS\WHIESHM.DLL
    [Rename]
    NUL=C:\WINDOWS\TEMP\A~NSISU_.EXE

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\WINDOWS\SYSTEM\SBSRCH_V2.DLL - {4C4871FD-30F6-4430-8834-BC75D58F1529}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Symantec NetDetect.job
    Norton SystemWorks One Button Checkup.job
    Norton AntiVirus - Scan my computer.job
    Norton AntiVirus 2002.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37614.5666319444

    [RdxIE Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
    CODEBASE = http://207.188.7.150/297a8f782d795cf4fe19/netzip/RdxIE601.cab

    [{53E10C2C-43B2-4657-BA29-AAE179E7D35C}]
    CODEBASE = http://207.44.176.11/auth/IE_InstllC.exe

    --------------------------------------------------
    End of report, 6,043 bytes
    Report generated in 0.097 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I think we see part of the search problem illustrated here:

    (no name) - C:\WINDOWS\SYSTEM\SBSRCH_V2.DLL - {4C4871FD-30F6-4430-8834-BC75D58F1529}

    This is what is known as a "Browser Helper Object" or BHO. If you run the HijackThis application as suggested and post the SCAN log I should be able to tell you exactly how to remove it and a couple of ActiveX objects from the Downloaded Programs folder as well.
     
  7. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    Rolling Rog i'm still working on the hijacked browser you told me to run the program pertaining to web enhancer, which is actually a hijacker and then a scan log to post here ok not sure what i'm suppose to do to run it, could you help please or anyone ? thank you
     
  8. rugrat

    rugrat

    Joined:
    Dec 16, 2001
    Messages:
    1,869
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    ree, I've merged your two threads...keep replying back to this one...otherwise Rog won't be notified by email that you've tried to request more help.
     
  10. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    I'm sorry I hate to keep beating a dead horse to death but I don't know exactly what you're asking me to do : run the application: "Hijack This" please explain . Thank you
     
  11. rugrat

    rugrat

    Joined:
    Dec 16, 2001
    Messages:
    1,869
    You need to download "Hijack This" from the website Rog gave you and run it as per his instrutions.

    http://www.lurkhere.com/~nicefiles/

    HijackThis 1.91 : A first of it's kind, general browser hijacker detector and removal tool. Merijn is continually updating HijackThis, to stay abreast of this ever expanding exploit that takes over your prefered Home page and Search features. HijackThis includes a copy of StartupList v1.51, that can be run from the HijackThis interface. Updated January 16th, 2003


    Let us know
     
  12. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    * HijackThis v1.91 *
    Written by Merijn - [email protected]
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    http://www.spywareinfo.com/~merijn/index.html

    * Version history *
    [v1.91] Added rd.yahoo.com to the Nonstandard But Safe Domains list. Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).Added listing of programs/links in Startup folders (O4).Fixed 'Check for Update' not detecting new versions.
    [v1.9] Added check for Lop.com 'Domain' hijack (O17). Bugfix in URLSearchHook (R3) fix. Improved O1 (Hosts file) check. Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys. Added AutoConfigURL and proxyserver checks (R1). IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected. Added check for extra protocols (O18).
    [v1.81] Added 'ignore non-standard but safe domains' option. Improved Winsock LSP hijackers detection. Integrated StartupList updated to v1.4.
    [v1.8] Fixed a few bugs. Adds detecting of free.aol.com in Trusted Zone. Adds checking of URLSearchHooks key, which should have only one value. Adds listing/deleting of Download Program Files. Integrated StartupList into the new 'Misc Tools' section of the Config screen!
    [v1.71] Improves detecting of O6. Some internal changes/improvements.
    [v1.7] Adds backup function! Yay! Also adds check for default URL prefix, changing of IERESET.INF and changing of Netscape/Mozilla homepage and default search engine.
    [v1.61] Fixes Runtime Error when Hosts file is empty.
    [v1.6] Adds enumerating of MSIE plugins, and extra options in 'Advanced' tab of 'Internet Options'.
    [v1.5] Adds 'Uninstall & Exit' and 'Check for update online' functions. Also expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
    [v1.4] Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer, plus a few bugfixes/enhancements
    [v1.3] Adds detecting of extra MSIE context menu items, extra 'Tools' menu items and extra buttons, and 'Confirm deleting/ignoring items' checkbox
    [v1.2] Adds 'Ignorelist' and 'Info' functions
    [v1.1] Supports BHO's, some default URL changes
    [v1.0] Original release

    A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

    The different sections of hijacking possibilities have been separated into these groups:
    R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols

    You can get more detailed information about an item by selecting it from the list of found items or highlighting the relevant line above, and clicking 'Info on selected item'.
    Thank you Rug Rat is this what you mean if not let me know ?
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Not quite there yet Ree, you posted the "help file". What we need is for you to run HijackThis and then click scan

    Once you do that you will see a display of numbered entries (it will look somewhat like what you just posted, but will be specific to your computer). Click Save Log (save it to the desktop by selecting the desktop icon).

    Once it is on the desktop, click it to open it. Then click Edit>Select All>Edit> Copy.

    Now you can right click on a message window here and select "paste". Then you will see the entire log displayed in the message window.
     
  14. ree

    ree Thread Starter

    Joined:
    Oct 18, 2002
    Messages:
    33
    I hope this works fingers crossed or is it still scrambled ?






    Logfile of HijackThis v1.91.2
    Scan saved at 11:08:04 PM, on 2/8/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.rr.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.rr.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=http=proxy-server:8080;https=proxy-server:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=ams-server*
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {4C4871FD-30F6-4430-8834-BC75D58F1529} - C:\WINDOWS\SYSTEM\SBSRCH_V2.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: Yahoo! Spades (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Literati (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Gin (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/nt0_x.cab
    O16 - DPF: Yahoo! Pool 2 (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37614.5666319444
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/297a8f782d795cf4fe19/netzip/RdxIE601.cab
    O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://207.44.176.11/auth/IE_InstllC.exe
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, that's what we wanted to see.

    Run HijackThis again if you've closed it out and once again click 'scan'

    put a check in this item and then click 'fix checked'.

    O2 - BHO: (no name) - {4C4871FD-30F6-4430-8834-BC75D58F1529} - C:\WINDOWS\SYSTEM\SBSRCH_V2.DLL

    >> make sure you check the right entry, the one with sbsrch_V2.dll in it.

    Then reboot the computer and let me know if you still have the problem. I think we can just leave everything else as is.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/117558

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice