Searchbar problem

Jul 24, 2004
  1. I am a bit virus paranoid, so I have Spoybot Search & Destroy, Norman Anti-Virus and the excellent WinPatrol, which detects any hint of a change to my PC start up programs.

    And yet, when I log in, my toolbar has a search bar on it, it's not an adware one, I dont think (and nothings come up on Spybot S&D, neither has Norman or WinPatrol alerted me to any changes), its the official XP search bar, and my toolbar also has quick launch icons where before I just had a desktop toolbar.

    No matter how many times I change it, when I re-start it still is there.
  2. SRA

    SRA TS Rookie Topic Starter

    Ok, bit of an update.

    The searchbar, when used, searches using

    Now on the blazefind website it gives you directions as to how to remove blazefind searcbar from your toolbar, here, I removed "Windows SA". Search Assistant then disapeared, I re-started my PC several times to make sure, it didnt come back.

    The next day I turned on my PC, and it was there again!, I was on my PC past mid-night (I was working!) and restarted then and it didnt come back, so I cant explain why it's suddenly re-appeared again now. It is not, according to WinPatrol, one of my Startup Programs, so Im lost for explanations.

    The paranoid side of me worries that its some kind of trojan that installs at a hackers disgression, but im hoping thats not the case.

    Any help?
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    If you have a sofyware firewall, check on what programs are allowed to go on the web. Maybe you find something there?
    Otherwise run Hijackthis and show the test-results here, BEFORE you do anything in that program.
  4. Rick

    Rick TechSpot Staff Posts: 4,573   +65

    It may be possible that a site you visit regularly is installing this.

    Spybot doesn't seem to pick up as much as it used to. I would recommend using Ad-Aware or Webroot's Spysweeper.

    Spysweeper always picks up tons of stuff that Spybot and Ad-aware seem to miss (could just be "fluff" too), but you can only update it once. It's payware if you want to update it regularly.

    It's very important that all of your spyware programs are up to date too.
  5. SRA

    SRA TS Rookie Topic Starter

    Ive removed the program, its no longer active, but for all i Know it could come back again!, as it did today. So i ran HiJack this...

    ogfile of HijackThis v1.97.7
    Scan saved at 13:29:37, on 25/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM (HKLM)
    O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
    O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    [the rest are just msnchat files etc., msn gaming etc., that id rather not share just for safety issue]

    I've bolded the ones that, at a guess, maybe causing it to come back? Do I need to delete something from the registry?
  6. Rick

    Rick TechSpot Staff Posts: 4,573   +65

    Nope. That is the registry setting you deleted. :)

    What's important now is to prevent it from coming back. I've never used any, but there are third party programs out there that will help protect your Internet Explorer from Active X and script based exploits.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...