jacour Premium Member join:2001-12-11 Matthews, NC |
jacour
Premium Member
2004-Apr-21 5:21 pm
Restoring IE6 address bar searchingLast week I discovered that I had been hit with two nasties, VX2.betterinternet and Winpup to be exact. All traces of these have been scrubbed at this point, and I have run multiple scanners. However, when I try to use the address bar searching in IE6, it doesn't work. For example, if I try to search in the address bar using this string:
" ? modem "
I get
" http:///?%20modem " along with a Page Not Found warning.
There must be something missing / corrupted in the registry, but I can't figure out what. If anybody can help, it would be greatly appreciated.
Below is my HijackThis log, I recognize ever single running process so I don't think I need to remove anything, but maybe I need to add something back that was overwritten by the hijackers?
Logfile of HijackThis v1.97.7 Scan saved at 4:13:19 PM, on 4/21/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\StartupMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TrayDevil\traydevil.exe C:\Program Files\AnalogX\CookieWall\cookie.exe C:\WINDOWS\System32\WISPTIS.EXE C:\Program Files\AnalogX\POW\pow.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\James Cour\Desktop\HijackThis.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.EXE O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [TrayDevil] C:\Program Files\TrayDevil\traydevil.exe O4 - Startup: CookieWall.lnk = C:\Program Files\AnalogX\CookieWall\cookie.exe O4 - Startup: Intelligent.lnk = C:\Program Files\Utility\Intelligent.bat O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe O16 - DPF: Contains - O16 - DPF: DownloadInformation - O16 - DPF: InstalledVersion - O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB O16 - DPF: {1171A62F-05D2-11D1-83FC-00A0C9089C5A} (FlashProp Class) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {3E68E405-C6DE-49ff-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38074.3963194444 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab |
|
|
You might try a "repair" of IE. Find it in the add remove panel and you get the option to repair it, at least in 98 and 2k. |
|
jacour Premium Member join:2001-12-11 Matthews, NC |
jacour
Premium Member
2004-Apr-21 9:33 pm
Not that easy in XP (you can't remove or repair as IE is an integral part of XP).
This looks to be a tough one, I did a full repair of windows, manually hacked the registry to show IE6 as not installed, and then downloaded the IE6 package and reinstalled. Same behavior at every step.
Any other ideas? |
|
PortmonkeyMy watch stopped Premium Member join:2004-04-09 Southern IL |
to jacour
I know this is not the proper way to fix your problem, and it might not even work, but as a temporary solution you could maybe try installing the Google Toolbar. About seven months ago or so I was up late one night and was deleting things I thought were unnecessary, but the next morning my address bar in IE6 was gone and nothing I could do would bring it back. Two days earlier I had downloaded the Google Toolbar, so it looked like a good time to give it a try, and it has worked fine ever since. I actually like it better than the address bar I had, and plan to keep it this way. |
|
|
to jacour
you might want to use TweakUI and setup up some search strings for IE - (like goo: "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF8&q=%s " - then you can type "goo fooey", and it will to a search on "fooey" in google) and pretend your problem doesn't exist...;)
Does the section "Search from the Address bar" appear in the Advanced tab in ie properties?? |
|
jacour Premium Member join:2001-12-11 Matthews, NC |
jacour
Premium Member
2004-Apr-22 9:17 am
Yes, Address Bar searching is enable in Advanced Properties. The TWEAKUI idea is interesting, but that gives the same result. I think there is a problem with where the search strings are directed from the address bar, so it doesn't matter how you have your search engines configured.
About ready to use the Goggle toolbar! |
|
Zupe MVM join:2001-11-29 New York, NY |
to jacour
Download IEFix.reg from here and save it to your desktop - » www.spywareinfo.com/down ··· EFIX.reg . Close all browser windows, then double-click the IEFix.reg file and allow it to merge to the registry, then reboot. That should reset all of IE's search features to their defaults. |
|
|
jacour Premium Member join:2001-12-11 Matthews, NC |
jacour
Premium Member
2004-Apr-22 12:04 pm
Zupe,
You are da man!!! That was exactly the cure I was looking for. Thanks for taking the time to reply. |
|