Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads, will be removed once you have signed in.

Create an Account Login to Account


Window Search Problem


  • This topic is locked This topic is locked
5 replies to this topic

#1 Guest_David Worrell_*

Guest_David Worrell_*
  • Guests

Posted 10 November 2003 - 04:40 PM

I've got a user that's having problems with IE - the application will not start. I cleaned loads of things off with Spybot, but that didn't fix the problem. There's one suspicious entry in add/remove programs called "Window Search." When I click change/remove, a box pops up with the following message: "To Verify you are a human and not a computer script, please type the 7 numbers you see above:"

There's a box to enter the numbers and an uninstall button. Unfortunately, the 7 numbers you're supposed to type never appear. If I hit uninstall without typing the 7 numbers, I get an "Incorrect, Try Again?" box with a yes and a no button.

Assistance would be greatly appreciated.

Logfile of HijackThis v1.97.5
Scan saved at 5:33:43 PM, on 11/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
X:\Support\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hiltonnet.hilton.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hiltonnet.hilton.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hilton Hotels Corporation
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://enet.hilton.c...g/ie6/HOTEL.INS
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://hiltonnet.hilton.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4c34801d-d2f4-419a-9e52-ea83b28724c7} - C:\DOCUME~1\user\APPLIC~1\hglqobrsts.dll
O2 - BHO: (no name) - {A7E0B754-B2AD-4A3D-9080-2CE13883BB41} - C:\WINNT\System32\itpxrtmgr.dll
O2 - BHO: (no name) - {F4A645D0-D4D5-439E-9DBC-B31BBD9CB890} - C:\WINNT\System32\BPV2s.dll
O3 - Toolbar: oosssskvfst - {d4d063f3-adbb-4fbe-8d26-769863aa5340} - C:\DOCUME~1\user\APPLIC~1\hglqobrsts.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\RunOnce: [Register OCX] regsvr32.exe /s msdxm.ocx
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://hiltonnet.hilton.com
O15 - Trusted Zone: http://*.americanexpress.com
O15 - Trusted Zone: http://*.BPSNet
O15 - Trusted Zone: http://www.bristolonline.com
O15 - Trusted Zone: http://support.ca.com
O15 - Trusted Zone: http://support.cai.com
O15 - Trusted Zone: http://*.cbpssrv1
O15 - Trusted Zone: http://www.cheyenne.com
O15 - Trusted Zone: http://*.cisdev
O15 - Trusted Zone: http://www.clubhotels.com
O15 - Trusted Zone: http://*.cntsdms1
O15 - Trusted Zone: http://www.compaq.com
O15 - Trusted Zone: http://*.corp_install01
O15 - Trusted Zone: http://*.criticalpath.net
O15 - Trusted Zone: http://www.dimdev.com
O15 - Trusted Zone: http://*.doubletree.com
O15 - Trusted Zone: http://www.doubletreehotels.com
O15 - Trusted Zone: http://www.embassy-suites.com
O15 - Trusted Zone: http://www.embassyvacationresorts.com
O15 - Trusted Zone: http://*.extranet
O15 - Trusted Zone: http://*.forrester.com
O15 - Trusted Zone: http://www.grandtheme.com
O15 - Trusted Zone: http://www.hampton-inn.com
O15 - Trusted Zone: http://www.hamptonvacationresorts.com
O15 - Trusted Zone: http://eis.hilton.com
O15 - Trusted Zone: http://enet.hilton.com
O15 - Trusted Zone: http://hiltonnet.hilton.com
O15 - Trusted Zone: http://*.hiltoninets.com
O15 - Trusted Zone: http://www.homewood-suites.com
O15 - Trusted Zone: http://www.hoovers.com
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.ibm.net
O15 - Trusted Zone: http://*.inet
O15 - Trusted Zone: http://*.intradev_temp
O15 - Trusted Zone: http://*.it
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://ntbugtraq.ntadvice.com
O15 - Trusted Zone: http://www.plansoft.com
O15 - Trusted Zone: http://corp.pmhs.com
O15 - Trusted Zone: http://download.pointcast.com
O15 - Trusted Zone: http://www.pointcast.com
O15 - Trusted Zone: http://www.promus-hotels.com
O15 - Trusted Zone: http://www.promus-inc.com
O15 - Trusted Zone: http://cis.promus.com
O15 - Trusted Zone: http://eis.promus.com
O15 - Trusted Zone: http://enet.promus.com
O15 - Trusted Zone: http://inet.promus.com
O15 - Trusted Zone: http://*.PromusCore.com
O15 - Trusted Zone: http://hilton.purchasepro.com
O15 - Trusted Zone: http://rl2k.rci.com
O15 - Trusted Zone: http://www.rfpexpress.com
O15 - Trusted Zone: http://www.rfsmgmt.com
O15 - Trusted Zone: http://*.techsmith.com
O15 - Trusted Zone: http://www.tharaldson.com
O15 - Trusted Zone: http://www.w3.org
O15 - Trusted Zone: http://la.xceed.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak02.picture...oad.9.0.0.2.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.micro...jects/ocget.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ewrhg.local
O17 - HKLM\Software\..\Telephony: DomainName = ewrhg.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BCD027A-694B-408B-AEA2-C3E343835E53}: NameServer = 172.18.74.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ewrhg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ewrhg.local

Advertisement


#2 DroidC

DroidC

    New Member

  • New Member
  • Pip
  • 18 posts

Posted 10 November 2003 - 04:50 PM

I would fix the following lines if you are positive they are not associated with any applications you are running: R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank O2 - BHO: (no name) - {4c34801d-d2f4-419a-9e52-ea83b28724c7} - C:\DOCUME~1\user\APPLIC~1\hglqobrsts.dll O2 - BHO: (no name) - {A7E0B754-B2AD-4A3D-9080-2CE13883BB41} - C:\WINNT\System32\itpxrtmgr.dll O2 - BHO: (no name) - {F4A645D0-D4D5-439E-9DBC-B31BBD9CB890} - C:\WINNT\System32\BPV2s.dll O3 - Toolbar: oosssskvfst - {d4d063f3-adbb-4fbe-8d26-769863aa5340} - C:\DOCUME~1\user\APPLIC~1\hglqobrsts.dll Also, run an IE repair From the RUN line: rundll32 setupwbv.dll,IE6Maintenance Run the repair Reboot when prompted

#3 Guest_David Worrell_*

Guest_David Worrell_*
  • Guests

Posted 10 November 2003 - 04:51 PM

Ignore the bit about Window Search - I had Remote Desktop's display settings set too low to display the numbers.

#4 OlTramp

OlTramp

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 10 November 2003 - 04:56 PM

Hi- You also need to go thru your 015's and make sure you haven't had any added without your wanting them to be there.

#5 Guest_David Worrell_*

Guest_David Worrell_*
  • Guests

Posted 10 November 2003 - 04:56 PM

That did it, droid. I was suspicious of the hglqobrsts.dll file, but didn't feel safe removing it without a concurring opinion. Thanks

#6 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 10 November 2003 - 07:06 PM

Glad we could help. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Advertisement




Similar Topics: Window Search Problem     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users