Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > public.searchbarcash.com in IE

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

public.searchbarcash.com in IE

Reply to Message Icon

Name: lewis
Date: August 28, 2003 at 13:36:47 Pacific
OS: Windows 98
CPU/Ram: 344MB
Comment:

I am having trouble getting rid of spyware. Spysweeper and Symantec anti-virus find backdoor.trojan and some other traces, but popups keep coming back every time I open IE. Before IE loads my home page, I see in the bottom left corner "finding site: public.searchbarcash.com." I ran Hijack This but do not know which files to delete. Here is my log -- can anyone tell me which files to delete? Thanks.

Logfile of HijackThis v1.96.2
Scan saved at 1:20:41 PM, on 8/28/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.exe
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.exe
C:\OPLIMIT\OCRAWARE.exe
C:\OPLIMIT\OCRAWR32.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.exe
C:\PALM\HOTSYNC.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\HPWPSW.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.exe
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSACCESS.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\MSYSS\MSYS.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfcasa.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfcasa.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
F1 - win.ini: load=hpwhrc.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sih55y97.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sih55y97.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msys lptt01] "c:\program files\msyss\msys.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37859.6183333333




Sponsored Link
Ads by Google

Response Number 1
Name: TekGirl
Date: August 28, 2003 at 15:25:06 Pacific
Reply:

I don't see anything off-hand that would be causing that, but I've found that running Ad-Aware and Spybot takes care of pretty much all spyware on my computer.


0
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: public.searchbarcash.com in IE
Whataboutadog.com in my IE History www.computing.net/answers/security/whataboutadogcom-in-my-ie-history/21815.html

System32 problems & gibberish exe's www.computing.net/answers/security/system32-problems-amp-gibberish-exes/8612.html

Help removing some spyware www.computing.net/answers/security/help-removing-some-spyware/7735.html