Homesearch sucks!!! need some help! 1

[knuckles04]

I am sooo close to giving my PC the axe treatment. I have tried in vain to remove Home Search/search extender/search wizard. I have used "hijack this" but i am not sure of all the things I can delete, can anyone help me with this??

thanks.

 

[vop]

Posting a HJT log would start the process off.

 

[Claudek]

have you tried the removal tool?

http://www.softpedia.com/public/cat/10/17/10-17-210.shtml

Claudius (What certifications??)

http://www.iteq.com.au

 

[knuckles04]

Logfile of HijackThis v1.98.0
Scan saved at 3:42:31 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\iers32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\addxz32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Chuck\My Documents\My eBooks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gotcx.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gotcx.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gotcx.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gotcx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gotcx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gotcx.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F58FA9D9-DEB6-E95C-8537-0CD8C38A2D86} - C:\WINDOWS\system32\sdkcp32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [addxz32.exe] C:\WINDOWS\system32\addxz32.exe
O4 - HKLM\..\RunOnce: [crpp.exe] C:\WINDOWS\system32\crpp.exe
O4 - HKLM\..\RunOnce: [apiqz32.exe] C:\WINDOWS\apiqz32.exe
O4 - HKLM\..\RunOnce: [javadm.exe] C:\WINDOWS\javadm.exe
O4 - HKLM\..\RunOnce: [appyy.exe] C:\WINDOWS\system32\appyy.exe
O4 - HKLM\..\RunOnce: [mfcyb.exe] C:\WINDOWS\mfcyb.exe
O4 - HKLM\..\RunOnce: [crkp32.exe] C:\WINDOWS\system32\crkp32.exe
O4 - HKLM\..\RunOnce: [addns32.exe] C:\WINDOWS\addns32.exe
O4 - HKLM\..\RunOnce: [netvh.exe] C:\WINDOWS\netvh.exe
O4 - HKLM\..\RunOnce: [sdkbv32.exe] C:\WINDOWS\sdkbv32.exe
O4 - HKLM\..\RunOnce: [appma32.exe] C:\WINDOWS\appma32.exe
O4 - HKLM\..\RunOnce: [javatd32.exe] C:\WINDOWS\javatd32.exe
O4 - HKLM\..\RunOnce: [nthd32.exe] C:\WINDOWS\system32\nthd32.exe
O4 - HKLM\..\RunOnce: [winyw32.exe] C:\WINDOWS\system32\winyw32.exe
O4 - HKLM\..\RunOnce: [addnr32.exe] C:\WINDOWS\system32\addnr32.exe
O4 - HKLM\..\RunOnce: [mfcjf32.exe] C:\WINDOWS\system32\mfcjf32.exe
O4 - HKLM\..\RunOnce: [iehj32.exe] C:\WINDOWS\iehj32.exe
O4 - HKLM\..\RunOnce: [mfcjp.exe] C:\WINDOWS\system32\mfcjp.exe
O4 - HKLM\..\RunOnce: [atlhq32.exe] C:\WINDOWS\system32\atlhq32.exe
O4 - HKLM\..\RunOnce: [addds.exe] C:\WINDOWS\addds.exe
O4 - HKLM\..\RunOnce: [winqj.exe] C:\WINDOWS\winqj.exe
O4 - HKLM\..\RunOnce: [apijf32.exe] C:\WINDOWS\system32\apijf32.exe
O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe
O4 - HKLM\..\RunOnce: [sdkas.exe] C:\WINDOWS\sdkas.exe
O4 - HKLM\..\RunOnce: [atlfm32.exe] C:\WINDOWS\atlfm32.exe
O4 - HKLM\..\RunOnce: [mseu.exe] C:\WINDOWS\mseu.exe
O4 - HKLM\..\RunOnce: [mfcvs.exe] C:\WINDOWS\system32\mfcvs.exe
O4 - HKLM\..\RunOnce: [addcc32.exe] C:\WINDOWS\system32\addcc32.exe
O4 - HKLM\..\RunOnce: [winmg.exe] C:\WINDOWS\winmg.exe
O4 - HKLM\..\RunOnce: [appgp.exe] C:\WINDOWS\system32\appgp.exe
O4 - HKLM\..\RunOnce: [mfclt32.exe] C:\WINDOWS\mfclt32.exe
O4 - HKLM\..\RunOnce: [ntid32.exe] C:\WINDOWS\system32\ntid32.exe
O4 - HKLM\..\RunOnce: [ieem32.exe] C:\WINDOWS\system32\ieem32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipwm32.exe] C:\WINDOWS\system32\ipwm32.exe
O4 - HKLM\..\RunOnce: [apiym32.exe] C:\WINDOWS\apiym32.exe
O4 - HKLM\..\RunOnce: [d3gn32.exe] C:\WINDOWS\system32\d3gn32.exe
O4 - HKLM\..\RunOnce: [d3ka.exe] C:\WINDOWS\system32\d3ka.exe
O4 - HKLM\..\RunOnce: [atlpw32.exe] C:\WINDOWS\atlpw32.exe
O4 - HKLM\..\RunOnce: [iers32.exe] C:\WINDOWS\iers32.exe
O4 - HKLM\..\RunOnce: [crmy32.exe] C:\WINDOWS\crmy32.exe
O4 - HKLM\..\RunOnce: [crcr.exe] C:\WINDOWS\system32\crcr.exe
O4 - HKLM\..\RunOnce: [apitp32.exe] C:\WINDOWS\apitp32.exe
O4 - HKLM\..\RunOnce: [atlpr.exe] C:\WINDOWS\atlpr.exe
O4 - HKLM\..\RunOnce: [sdkrv.exe] C:\WINDOWS\system32\sdkrv.exe
O4 - HKLM\..\RunOnce: [crnv.exe] C:\WINDOWS\crnv.exe
O4 - HKLM\..\RunOnce: [ipuz32.exe] C:\WINDOWS\system32\ipuz32.exe
O4 - HKLM\..\RunOnce: [javawu32.exe] C:\WINDOWS\javawu32.exe
O4 - HKLM\..\RunOnce: [javaun32.exe] C:\WINDOWS\system32\javaun32.exe
O4 - HKLM\..\RunOnce: [crse32.exe] C:\WINDOWS\crse32.exe
O4 - HKLM\..\RunOnce: [iegk.exe] C:\WINDOWS\system32\iegk.exe
O4 - HKLM\..\RunOnce: [atlbi.exe] C:\WINDOWS\atlbi.exe
O4 - HKLM\..\RunOnce: [iezk32.exe] C:\WINDOWS\system32\iezk32.exe
O4 - HKLM\..\RunOnce: [netjy.exe] C:\WINDOWS\netjy.exe
O4 - HKLM\..\RunOnce: [addoa32.exe] C:\WINDOWS\system32\addoa32.exe
O4 - HKLM\..\RunOnce: [sdksw.exe] C:\WINDOWS\sdksw.exe
O4 - HKLM\..\RunOnce: [winju32.exe] C:\WINDOWS\system32\winju32.exe
O4 - HKLM\..\RunOnce: [iefw.exe] C:\WINDOWS\iefw.exe
O4 - HKLM\..\RunOnce: [ntav.exe] C:\WINDOWS\ntav.exe
O4 - HKLM\..\RunOnce: [crrg32.exe] C:\WINDOWS\system32\crrg32.exe
O4 - HKLM\..\RunOnce: [crci32.exe] C:\WINDOWS\system32\crci32.exe
O4 - HKLM\..\RunOnce: [apifb.exe] C:\WINDOWS\apifb.exe
O4 - HKLM\..\RunOnce: [mfcct.exe] C:\WINDOWS\system32\mfcct.exe
O4 - HKLM\..\RunOnce: [addub32.exe] C:\WINDOWS\addub32.exe
O4 - HKLM\..\RunOnce: [javaie.exe] C:\WINDOWS\javaie.exe
O4 - HKLM\..\RunOnce: [appbd32.exe] C:\WINDOWS\appbd32.exe
O4 - HKLM\..\RunOnce: [addxs32.exe] C:\WINDOWS\addxs32.exe
O4 - HKLM\..\RunOnce: [sdkdh32.exe] C:\WINDOWS\system32\sdkdh32.exe
O4 - HKLM\..\RunOnce: [d3ij.exe] C:\WINDOWS\d3ij.exe
O4 - HKLM\..\RunOnce: [appjl.exe] C:\WINDOWS\appjl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\hocgvtpe.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

http://chat.msn.com/bin/msnchat45.cab

 

[vop]

According to the basic FAQ on HJT:

"a general rule of thumb is that there shouldn't be anything in the RunOnce category at all unless you have just installed a software package that needed a reboot after finishing and you haven't yet done so."

On reboot, is that category of items still apparent? Kill any iffy running apps, first. If you fix the above entries, do they come back or are new ones created?


There might be an apparent issue of a delivery or contributing agent, maybe one or all of the following. Google reports nothing on any of the following items.

Since a BHO is generally optional - 'fix' that one. See if you can kill the two (2) running EXEs without adverse consequences (IE: test your internet connection/email). Thereafter 'fix' those entries too (recoverable). Subsequently, delete or uninstall the affected EXEs and their folders when all appears to be well:


O2 - BHO: (no name) - {F58FA9D9-DEB6-E95C-8537-0CD8C38A2D86} - C:\WINDOWS\system32\sdkcp32.dll

O4 - HKLM\..\Run: [addxz32.exe] C:\WINDOWS\system32\addxz32.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\hocgvtpe.exe

 

[diogenes10]

C:\WINDOWS\gotcx.dll/sp.html#37049

This is one of the newer coolwebsearch variants that is troublesome to remove. You need to try a tool called About Buster.

Comments here;

http://ntcompatible.com/story31763.html

And a thread here:

http://forum.gladiator-antivirus.com/index.php?showtopic=16939

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[knuckles04]

Ok, after many attempts to manually delete the troublesome files, and using about buster, this is my new hjt log after reboot. it looks good now, so now I will see how she runs, thanks very much for all the help!!


Logfile of HijackThis v1.98.0
Scan saved at 5:39:19 PM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Chuck\Desktop\AboutBuster.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chuck\My Documents\My eBooks\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5