Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-13-2004, 07:26 PM   #1
Beta Member
 
Join Date: Mar 2004
Posts: 1
Default enjoysearch.info

I have Windows XP and recently found porn sites listed under my favorites in Internet Explorer. I have repeatedly run Ad-aware 6.0 and Spybot and deleted the sites from my favorites, but each time I reboot my computer and log on to the internet, they're back. I have my hijackthis.log below. Can anyone help?

Logfile of HijackThis v1.97.7
Scan saved at 5:51:32 PM, on 3/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [xvwiz32] C:\Documents and Settings\Owner\My Documents\xvwizard32.hta
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Access Manager Client.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9544C3B0-1B93-47E2-9A14-617B0962402C}: NameServer = 205.171.3.65 205.171.27.251
__________________

truer is offline   Reply With Quote
Old 03-13-2004, 09:23 PM   #2
Fully Optimized
 
Slayer's Avatar
 
Join Date: Mar 2003
Posts: 3,111
Send a message via AIM to Slayer Send a message via MSN to Slayer Send a message via Yahoo to Slayer
Default Re: enjoysearch.info

Ok - As I see you have Norton Antivirus, scan your computer with that. Chances are, you have a small program in your Internet Cache that is doing all this, especially since it is repeatedly listing utter crap in your favourites. It may not be able to get rid of some of the bad crap, if they are found in your Internet cache, simply clear it out, and that should solve your problem.

- Rocker -
__________________

Slayer is offline   Reply With Quote
Old 03-14-2004, 04:04 AM   #3
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default Re: enjoysearch.info

Well, you have a lot of exes running. Try to trim them down and as Rocker said, run Norton and see what it comes out with.
__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Old 03-15-2004, 04:51 AM   #4
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Quote:
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\System32\wuauclt.exe
Personally they all look a bit dodgey unless you know what they are. You could also try getting rid of:

Quote:
C:\PROGRA~1\AIM\aim.exe
but thats a different matter!

Norton sounds like the best idea; try that and see what it does and if it does nothing then I have no idea. EnjoySearch.info looks very wierd; PerfectNav does that too sometimes but I have no idea about the Porn in your Favourites. Not very nice at all.
__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 03-17-2004, 05:22 AM   #5
Beta Member
 
Join Date: Mar 2004
Posts: 1
Default enjoysearch

I had the same problem.

You should delete these files:

C:\WINDOWS\system32\xvwizard32.hta
C:\Documents and Settings\Owner\My Documents\xvwizard32.hta

And remove these from your registry:

O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKCU\..\Run: [xvwiz32] C:\Documents and Settings\Owner\My Documents\xvwizard32.hta

I also suggest to update Internet Explorer with the latest security update.

Cheers,

Niels
nstout is offline   Reply With Quote
Old 03-17-2004, 12:37 PM   #6
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Yeah, always go on Windows Update on a regular basis.
__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 03-17-2004, 02:06 PM   #7
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default Re: enjoysearch

Quote:
Originally Posted by nstout
I had the same problem.

You should delete these files:

C:\WINDOWS\system32\xvwizard32.hta
C:\Documents and Settings\Owner\My Documents\xvwizard32.hta

And remove these from your registry:

O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKCU\..\Run: [xvwiz32] C:\Documents and Settings\Owner\My Documents\xvwizard32.hta

I also suggest to update Internet Explorer with the latest security update.

Cheers,

Niels
Thanks for the help.
__________________

__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 09:44 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0