TechSpot

Cannot submit search queries (adware related)

By MoNi
Jan 31, 2005
  1. Hi everyone! =)
    im on my computer at the moment but i have my dad's here, and im trying to figure out whats wrong with it.The problem sounds very familiar to another thread on here but for some reason it won't let me post a website in this post lol

    i can connect to the net but i cannot search any web pages or connect to msn, etc. Explorer comes up with page not found. i have used ad aware and spybot to remove spyware and such.

    I noticed a couple of times that when I would try to go to a web page, down the bottom it has sometimes added on an extra com or net etc to the web address. Someone mentioned it may be the windows firewall doing this but it isnt enabled.

    i downloaded hijackthis and here is the log file. i fixed a few things on there so some arent there anymore but i thought id ask here before doing anything too rash as i don't want 2 stuff anything up! lol

    so, does anyone have any suggestions to what i should do?? any help will be greatly appreciated! :grinthumb
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Install your HJT program in a permanent directory, e.g. \program files\hjt

    Boot in Safe Mode.
    Uninstall (if you can) anything to do with:
    C:\Program Files\RegFreeze\rfsearchhandler.dll

    Now run HJT and let it 'fix':
    Look at the spelling of the program names, when you tick them!

    C:\WINDOWS\System32\winlogin.exe
    C:\WINDOWS\System32\spoolvse.exe
    C:\WINDOWS\System32\svhost.exe
    C:\WINDOWS\System32\svhost.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop3:110
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - {BB4DB883-2C25-401C-B4CE-D4286153C409} - C:\WINDOWS\System32\afpebg.dll
    O4 - HKLM\..\Run: [NConfiguration] winlogin.exe
    O4 - HKLM\..\Run: [start extracting] spoolvse.exe
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkpz32.exe
    O4 - HKLM\..\Run: [MSM] svhost.exe
    O4 - HKLM\..\RunServices: [blah service] svchosts.exe
    O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
    O4 - HKLM\..\RunServices: [MSM] svhost.exe
    O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\RunServices: [NConfiguration] winlogin.exe
    O4 - HKCU\..\Run: [start extracting] spoolvse.exe
    O4 - HKCU\..\Run: [MSM] svhost.exe
    O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
    O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
    O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
    O18 - Filter: text/html - {B514E9EA-448B-4897-95A1-042498E4DE18} - C:\WINDOWS\System32\afpebg.dll
    O18 - Filter: text/plain - {B514E9EA-448B-4897-95A1-042498E4DE18} - C:\WINDOWS\System32\afpebg.dll
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
     
  3. MoNi

    MoNi TS Rookie Topic Starter

    I tried this and internet explorer still isn't working, im running out of things to try. Maybe i should just reformat the computer & start fresh. I have no idea what the hell my dad has done to this poor computer!
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Show us the new HJT-log.
    What did you delete in your first attempt, before you came here?
     
  5. MoNi

    MoNi TS Rookie Topic Starter

    just some reg but it keeps coming bak... something to do with about:blank in ie.

    i have my friend coming around 2morrow to have a look at it, he has a lot more knowledge than me in this area of computers. if we still can't figure out what's wrong i'll post back here...

    thanks for your help so far though! =)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...