Searchbar problem

Status
Not open for further replies.

SRA

Posts: 8   +0
I am a bit virus paranoid, so I have Spoybot Search & Destroy, Norman Anti-Virus and the excellent WinPatrol, which detects any hint of a change to my PC start up programs.

And yet, when I log in, my toolbar has a search bar on it, it's not an adware one, I dont think (and nothings come up on Spybot S&D, neither has Norman or WinPatrol alerted me to any changes), its the official XP search bar, and my toolbar also has quick launch icons where before I just had a desktop toolbar.

No matter how many times I change it, when I re-start it still is there.
 
Ok, bit of an update.

The searchbar, when used, searches using blazefind.com

Now on the blazefind website it gives you directions as to how to remove blazefind searcbar from your toolbar, http://www.blazefind.com/index.php?section=help-bar here, I removed "Windows SA". Search Assistant then disapeared, I re-started my PC several times to make sure, it didnt come back.

The next day I turned on my PC, and it was there again!, I was on my PC past mid-night (I was working!) and restarted then and it didnt come back, so I cant explain why it's suddenly re-appeared again now. It is not, according to WinPatrol, one of my Startup Programs, so Im lost for explanations.

The paranoid side of me worries that its some kind of trojan that installs at a hackers disgression, but im hoping thats not the case.

Any help?
 
If you have a sofyware firewall, check on what programs are allowed to go on the web. Maybe you find something there?
Otherwise run Hijackthis and show the test-results here, BEFORE you do anything in that program.
 
It may be possible that a site you visit regularly is installing this.

Spybot doesn't seem to pick up as much as it used to. I would recommend using Ad-Aware or Webroot's Spysweeper.

Spysweeper always picks up tons of stuff that Spybot and Ad-aware seem to miss (could just be "fluff" too), but you can only update it once. It's payware if you want to update it regularly.

It's very important that all of your spyware programs are up to date too.
 
Ive removed the program, its no longer active, but for all i Know it could come back again!, as it did today. So i ran HiJack this...

ogfile of HijackThis v1.97.7
Scan saved at 13:29:37, on 25/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WindUpdates\WinKA.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM (HKLM)
O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

[the rest are just msnchat files etc., msn gaming etc., that id rather not share just for safety issue]

I've bolded the ones that, at a guess, maybe causing it to come back? Do I need to delete something from the registry?
 
Nope. That is the registry setting you deleted. :)

What's important now is to prevent it from coming back. I've never used any, but there are third party programs out there that will help protect your Internet Explorer from Active X and script based exploits.
 
Status
Not open for further replies.
Back