search@hand problem

**guibuni** · 23-10-2008

search@hend is bloking my downloads need help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:39:48, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\BitComet\BitComet.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &MSN.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dl l
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Arquivos de programas\Google\Update\1.2.131.11\GoopdateBho.dll
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddtx.exe] C:\WINDOWS\system32\kddtx.exe
O4 - HKCU\..\Run: [BitComet] C:\Arquivos de programas\BitComet\BitComet.exe /tray
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{081A33C2-0431-4ACF-A889-91EB79EBC22A}: NameServer = 85.255.112.145;85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{081A33C2-0431-4ACF-A889-91EB79EBC22A}: NameServer = 85.255.112.145;85.255.112.150
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV ~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c934779aa9d506) (gupdate1c934779aa9d506) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

--
End of file - 4146 bytes

**VopThis** · 23-10-2008

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure ”Run fixit” is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads, post the text that will open (report.txt).

POSSIBLE ERROR MSG:
C:\WINDOWS\system32\AUTOEXEC.NT not there

You are missing a file which is preventing you from running the wareoutfix tool.

Go to the link below and select your operating system and click the link on that site and follow instructions for obtaining the missing file and try the wareoutfix tool again please.

fixautont.html: [C:windows\system32\autoexec.nt Fix] - Computer Technology Forums

* Now download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked , and click Remove Selected.
When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Please post any current revised observations.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

**guibuni** · 23-10-2008

here the report

Username "Guilherme" - 23/10/2008 12:30:55 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{081A33C2-0431-4ACF-A889-91EB79EBC22A}
"DhcpNameServer"="85.255.112.70" <Value cleared.

Não foi possível liberar o cache do DNS Resolver:A função falhou durante a execução.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kddtx.ren 69632 04/08/2004

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVP"="\"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.ex e"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.ex e"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"TkBellExe"="\"C:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitComet"="\"C:\\Arquivos de programas\\BitComet\\BitComet.exe\" /tray"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

search@hand problem

search@hand problem

Similar Threads

I.D a 2nd hand Hardrive

search @ hand problem

Search @ Hand Annoying

Anyone have these drives second hand?