I need help removing searchv from my system This is what scanned: Logfile of HijackThis v1.97.7 Scan saved at 8:06:14 AM, on 12/19/2003 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe c:\Program files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\Cpqdiag\Cpqdfwag.exe C:\WINNT\SYSTEM32\DNTUS26.exe C:\WINNT\SYSTEM32\DWRCS.exe C:\WINNT\system32\drivers\KodakCCS.exe C:\OfficeScan NT\ntrtscan.exe C:\WINNT\system32\ofps.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ScsiAccess.exe C:\WINNT\system32\stisvc.exe C:\OfficeScan NT\tmlisten.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Compaq\Hotkey Software\hkss.exe C:\WINNT\system32\ltmsg.exe C:\OfficeScan NT\pccntmon.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINNT\system32\msrexe.exe C:\WINNT\svchost.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\WinZip\WZQKPICK.exe C:\Program Files\Infotriever\Agent\infoclient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\mharris2\Desktop\HJ\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.262.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hand-book.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hand-book.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hand-book.com/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hand-book.com/hp/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hand-book.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hand-book.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hand-book.com/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hand-book.com/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hand-book.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.hand-book.com/search/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.hand-book.com/search/ O1 - Hosts: 209.66.114.130 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\mharris2\Application Data\winshow\winshow.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" O4 - HKLM\..\Run: [SetupType] Portable O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe O4 - HKLM\..\Run: [sys] regedit /s C:\WINNT\sys.reg O4 - HKLM\..\Run: [System Service] C:\WINNT\system32\msrexe.exe O4 - HKLM\..\Run: [Online Service] C:\WINNT\svchost.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.exe" O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [AddClass] C:\WINNT\AddClass.exe O4 - Startup: Infotriever.lnk = C:\Program Files\Infotriever\Agent\infoclient.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Grand Vehicle Works LLC Cisco VPN Client V3.5.1.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - DefaultPrefix: http://ehttp.cc/? O13 - WWW Prefix: http://ehttp.cc/? O13 - WWW. Prefix: http://ehttp.cc/? O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/LightSurfUploadControl.cab O19 - User stylesheet: C:\WINNT\my.css O19 - User stylesheet: C:\WINNT\my.css (HKLM)

Go here for a tutorial on your Log file: http://www.spywareinfo.com/~merijn/htlogtutorial.html Then you can fix it yourself. Don

BTW, get rid of all the 013's and 019's. Check the links for the R items. Get rid of any R13's (didn't see any there). That's a quickie. It's worth visiting the link above and printing yourself a copy of the "cheat sheet". Don

Recommend the following: Download and run Spybot Search and Destroy: http://tomcoyote.org/SPYBOT/index1.php Download and run AdAware: http://www.lavasoftusa.com/support/download/ Next, use CWShredder: http://www.spychecker.com/program/cwshredder.html Run HijackThis! again to see what was cleaned up.