Thread: Isearch registry entries can not be cleaned
View Single Post
Old 04-13-2005, 03:49 AM   #1 (permalink)
geesan
Registered User
 
Join Date: Apr 2005
Posts: 8
OS: W2K


Isearch registry entries can not be cleaned
Hi,

I'm always being redirected to other sites with ringtones,... I scanned everything on my PC using a number of tools in orde to solve this problem but I was not able to clean everything out. I used spybot, spyware doctor, spysubstract, swshredder, spysweeper and pestpatrol.

One thing that can not be cleaned out is Isearch. Some of these tools find a number of registry entries but they are not able to clean them out. I even looked for some manual solutions on the net but again, it doesn't work. The only thing strange is that I never saw the isearch toolbar but perhaps one of these tools has already fixed that problem

I'll first give you the entries the tools find and then I 'll give you the log of hijackthis.

I hope you can help me cause I'm at the end of my wits.

Entries found by Spysubtract:

'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Class'
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\ClassGUID
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\ConfigFlags
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\DeviceDesc
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Legacy
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\NextInstance
'HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Service

Hijackthis logfile

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
c:\centenn.ial\audit\CAgent32.exe
c:\centenn.ial\audit\xferwan.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\MsiExec.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\gl\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.101.4:3128
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Download Images by Picture Finder - C:\Program Files\Super Picture Finder Grabber\pf_link.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://quickplace1.emea.gweb.eds.com/qp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSTestware.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PSTestware.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PSTestware.com
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\fn2021fmg.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: CentennialClientAgent - Centennial UK Ltd. - c:\centenn.ial\audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial UK Ltd. - c:\centenn.ial\audit\xferwan.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe


I hope you can solve this problem.
Last edited by geesan; 04-13-2005 at 04:03 AM.
geesan is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here