help with this search assistance

Everytime I log into my PC, there's a search text box in task bar and the "Quck launch" toolbar is visible. By right clicking the task bar and unchecking "search assistance" in toolbars, I close this toolbar, but the next time it's sitting there.

I've tried ad-aware and spybot and have deleted all what the found. How can I get ride of this search text box?

Any kind of help is much appreciated.

 

Hello MnInShdw

Post a hijackthis log, Instucts are here
http://www.windowsbbs.com/showpost.php?p=159220&postcount=3

 

Thanks for your help.
Here's what you asked :

Logfile of HijackThis v1.97.7
Scan saved at 8:11:54 AM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\System32\atiptaxx.exe
D:\Program Files\Flash 32\Flash32.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE
D:\Program Files\Babylon\Babylon.exe
D:\WINDOWS\System32\qtodiqgf.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\GuruNet\GuruNet.exe
D:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
D:\Program Files\MailWasher Pro\MailWasher.exe
D:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\MYIE2\MyIE.exe
D:\WINDOWS\System32\cidaemon.exe
D:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
D:\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=D:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - D:\Program Files\Common Files\Atomica Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Flash32] D:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [FolderGuard] D:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL
O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kkvzyfvz] D:\WINDOWS\System32\qtodiqgf.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Dialog Tracker.lnk = D:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Startup: MailWasherPro.lnk = D:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GuruNet.lnk = D:\Program Files\GuruNet\GuruNet.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to Ad Hunter - D:\Program Files\MYIE2\config/blacklist.htm
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - D:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashCapture (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: HiDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rlugbnnl.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/daimlerchrysler/rrtstreetwise/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

 

Hi MnInShdw

Start Hijackthis and place a check next to these items, then
Close all browser windows and shut down all other programs that show in the
taskbar. (even Folders) Then Hit fix checked.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=D:\Windows\System32\wsaupdater.exe,
O4 - HKLM\..\Run: [kkvzyfvz] D:\WINDOWS\System32\qtodiqgf.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rlugbnnl.exe

I would fix these also
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/...uncherSetup.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
==========
Restart PC find and delete (ONLY THESE EXACT) files and folder's,
(if there presemt)
Set windows to show hidden file's, folder and extensions or you might be unable to see them
Help Link<<.
C:\Program Files\Internet Explorer\rlugbnnl.exe
D:\Windows\System32\wsaupdater.exe,
D:\WINDOWS\System32\qtodiqgf.exe
and this folder if there
C:\Program Files\WindowsSA

Then scan with both Ad-Aware and SpyBot and fix what they find,
One at a time
Im Moving the thread to out security section

Post a new log

 

woow, thanks a million.

I followed your detailed step by step instructions. After log into my pc, the search box doesn't appear in the taskbar anymore. ( though if I right click taskbar and select toolbars and click on "search assistant" the text box shows up.

I didn't find C:\Program Files\WindowsSA to delete it. Tried a search on both C and D drives, I found a shortcut and deleted it. ( In control panel's Add / Remove programs above windows update icons, I have a windowsSA item. Should I uninstall it?)

this is HijackThis' final logfile:

I just don't know how to appreciate your help and all the time you spent on my problem.

Logfile of HijackThis v1.97.7
Scan saved at 8:40:46 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\atiptaxx.exe
D:\Program Files\Flash 32\Flash32.exe
D:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE
D:\Program Files\Babylon\Babylon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\GuruNet\GuruNet.exe
D:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
D:\Program Files\MailWasher Pro\MailWasher.exe
D:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
D:\WINDOWS\System32\cidaemon.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\MYIE2\MyIE.exe
D:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
D:\Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www7.ocn.ne.jp/~mninshdw/solutions.htm
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - D:\Program Files\Common Files\Atomica Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Flash32] D:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [FolderGuard] D:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL
O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Dialog Tracker.lnk = D:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Startup: MailWasherPro.lnk = D:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GuruNet.lnk = D:\Program Files\GuruNet\GuruNet.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to Ad Hunter - D:\Program Files\MYIE2\config/blacklist.htm
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - D:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashCapture (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: HiDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/daimlerchrysler/rrtstreetwise/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

 

Looks Good

Are there anyproblems ?

Be sure to visit windows updates

can you provide more info on this ?
O4 - HKLM\..\Run: [FolderGuard] D:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL


Install SpywareBlaster and iespyadds also
SpywareBlaster 3.1: http://www.wilderssecurity.net/spywareblaster.html
Privacy-Security (UIUC) IE-SPYAD'S: https://netfiles.uiuc.edu/ehowes/www/

 

The following entry is part of twaintec adware and should be fixed with HJT also.

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll

Reboot, search for and delete all of the following files and folders if found.

pc powerscan
intrigue learning
xgn.exe
mxtarget.dll
twaintec.dll
twaintec.ini
wsem218.dll
lycos

and from your favorites folder, free adult content and adult sites.

The following entry is an encryption tool, which is any software that can be used to scramble documents, software, or systems so that only those possessing a valid key are able to unscramble it. Encryption tools are used to secure information. Sometimes unauthorized use of encryption tools in an organization is a cause for concern. If you did not knowingly install it, fix with HJT.

O4 - HKLM\..\Run: [FolderGuard] D:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL

Reboot, then search for and delete the following files.

fgkey.exe
fguard.cnt
fguard.exe
fguard.hlp
fguard.vxd
fguard32.sys
pad_file.xml


The following are not needed at startup and can be fixed.

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background


I too recommend you fix this,

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...ise/install.cab

uninstall Wild Tangent from add/remove programs if present, reboot and delete the folder in Crogram Files if present.


Also recommend you use the 'find in registry' function of RegSeeker to search for and delete WindowsSA files (check the 'search files' box). Then use the 'clean registry' function to remove leftover entries of previously removed programs/files. I personally have never experienced any problems deleting everything RegSeeker finds. That does not mean that you won't, so be sure the 'backup' box is checked in the lower left corner in case you need to replace something that gets removed. Re-run in clean mode until it finds nothing (maybe three or more times). You're computer will thank you for cleaning up the registry.

 

Lonny Jones and noahdfear,

thanks for your efforts and detailed instructions to help me out of this problem.

The search textbox doesn't come up on boot. But still it's listed in taskbar's toolbars list. Is there any way to get ride of it?


FGaurd(Folder Guard is a software I purchased to lock some folders and prevent them being deleted when the kids are using my PC.

In case of FKey I've no idea what it would be. A part of a spyware? a part of FGaurd? both are possible. If necessary, I can delete it and reinstall folder gaurd to see if it's back or not.

Done.

Done. except for intrigue learning and xgn.exe. Nothing was found.

Done.

Done.

Done

I cleaned the registry as you suggested. Not only my PC thanked me for being cleaned up, but also I thank you for your advices and help.

 

You could use RegSeeker to search the registry for 'search assistant' in the Current User and Local Machine keys, then try to determine which result might be related. Be careful here. You will find several of the search asst entries. Most are legitimate. If in doubt, you could select all, right click and export. Then open the RegSeeker folder, then backup folder, then right click and open with notepad the search assistant reg. file, copy and paste it here.

FKey.exe is the executable for Folder Guard, and is OK.

 

9 hits were found. which one should be deleted.

I appreciate your help.




REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}]
@= "Search Assistant "

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\InprocServer32]
@= "D:\\Windows\\System32\\omniband.dll "
"ThreadingModel "= "Apartment "

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\ProgID]

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\TypeLib]
@= "{0B3569D7-1EA4-4CBA-AC13-225902619789} "

[HKEY_CLASSES_ROOT\CLSID\{14D2CFFE-6656-4BEC-8D9E-DDE6F2D4EAE5}\VersionIndependentProgID]

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}]
@= "Search Assistant Control "

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\Control]

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\InProcServer32]
@= "d:\\windows\\srchasst\\srchui.dll "
"ThreadingModel "= "Apartment "

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\Insertable]

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\MiscStatus]

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\MiscStatus\1]
@= "131473 "

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\ProgID]
@= "SrchUI.SearchAssistant.1 "

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\ToolboxBitmap32]
@= "d:\\windows\\srchasst\\srchui.dll, 101 "

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\TypeLib]
@= "{ECA4E801-17AE-4863-9F5C-AF4047AABEE0} "

[HKEY_CLASSES_ROOT\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}\VersionIndependentProgID]
@= "SrchUI.SearchAssistant "

[HKEY_CLASSES_ROOT\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}]
@= "Search Assistant OC "

[HKEY_CLASSES_ROOT\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}\InProcServer32]
@= "%SystemRoot%\\System32\\shdocvw.dll "
"ThreadingModel "= "Apartment "

[HKEY_CLASSES_ROOT\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}\TypeLib]
@= "{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} "

[HKEY_CLASSES_ROOT\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}]
@= "Search Assistant Tip Service "

[HKEY_CLASSES_ROOT\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}\InProcServer32]
@= "d:\\windows\\srchasst\\srchui.dll "
"ThreadingModel "= "Apartment "

[HKEY_CLASSES_ROOT\SrchUI.SearchAssistant]
@= "Search Assistant Control "

[HKEY_CLASSES_ROOT\SrchUI.SearchAssistant\CLSID]
@= "{47C6C527-6204-4F91-849D-66E234DEE015} "

[HKEY_CLASSES_ROOT\SrchUI.SearchAssistant.1]
@= "Search Assistant Control "

[HKEY_CLASSES_ROOT\SrchUI.SearchAssistant.1\CLSID]
@= "{47C6C527-6204-4F91-849D-66E234DEE015} "

[HKEY_CLASSES_ROOT\SrchUI.SearchAssistant.1\CurVer]
@= "SrchUI.SearchAssistant.1 "

[HKEY_CLASSES_ROOT\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}\1.0]
@= "Search Assistant 1.0 Type Library "

[HKEY_CLASSES_ROOT\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}\1.0\0]

[HKEY_CLASSES_ROOT\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}\1.0\0\win32]
@= "d:\\windows\\srchasst\\srchui.dll "

[HKEY_CLASSES_ROOT\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}\1.0\FLAGS]
@= "0 "

[HKEY_CLASSES_ROOT\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}\1.0\HELPDIR]
@= "d:\\windows\\srchasst "

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant]
"InstallDir "= "D:\\WINDOWS\\srchasst\\\ "
"Actor "= "d:\\windows\\srchasst\\chars\\rover.acs "
"UsageCount "=dword:00000037
"SocialUI "=dword:00000000
"UseAdvancedSearchAlways "=dword:00000001
"DefaultSearchURL "= "http://home.microsoft.com/access/autosearch.asp?p= "

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"001 "= "nw "
"002 "= "nws "
"003 "= "beat "
"004 "= "univer "
"005 "= ".nws "
"006 "= "universal "
"007 "= ".swf "
"008 "= "hamid.xls "
"009 "= "evalution "
"010 "= "complete "
"011 "= "how to move "
"000 "= ".wm "
"012 "= "new "
"013 "= "\ "new on Sollutions\" "
"014 "= "onload "
"015 "= "tutorial "
"016 "= "transition "
"017 "= "oppai "
"018 "= "ali "
"019 "= "alimon "
"020 "= "norton "
"021 "= ".htm "
"022 "= ".html "
"023 "= "khalil "
"024 "= "roads "

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604]
"000 "= ".mid "

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa0]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa1]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa2]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa4]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa5]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa6]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa8]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa9]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\faa]
"TimesResisted "=dword:00000000
"TimesDisplayed "=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9461b922-3c5a-11d2-bf8b-00c04fb93661} "= "Search Assistant OC "

 

Sorry to say, I don't see the culprit there. Maybe someone else will. If you have rebooted again since cleaning the registry, try cleaning it again. It may find it. I'll try to think of something else too, and let you know if I do.

 

Million thanks for your help.

Would you please take a look at this thread too? My freind is desperate and would appreciate any kind of help/advice.

 

Hi MnInShdw ,Dave

Would you take a screenshot and attach it, maybe this will lend a clue
Mine looks like this.

If yiu have two quicklaunch's listed in the context menu it might be a sign of vx2betterinternet.

 

Hadn't thought of that Lonny. Could very well be though. MnInShdw, can you do attachments? It requires you to be a contributing member. If not, this will tell also.

Copy and paste the following command into the address bar then hit enter.

javascript:navigator.userAgent

Copt the text of the resulting window and paste it here with your next reply.

 

Thanks Dave I had over looked that

You could however take a screenshot and upload it here, be sure to crop it
as I have done, http://volcano.photobucket.com

If that search assistant is the culpret I would think Adaware would fix it,
It will now with all but the F2 - wsaupdater.exe

So is it Ad-Aware 6 181 with the latest update that you have ?

spybot 1.3 ?

(Dave Ad-Aware Now has plugin for vx2 I havent tried it yet, would rather use vx2finder) See here

 

sorry for the delay in replying. I was at work and the mentioned PC is the one I use at home.
The screen capture you had asked for is here. It seems I'm not allowed to attach files. I use Flash32 for screen captures and it can't capture sub-menus. I had to use photoshop to paste them.

this is what I receive:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2)

Here is the version of programs I used:

Ad-aware 6.0 personal build 6.181.
Spybot Search & Destroy 1.3 Latest Detection update: 2004/06/16
SpywareBlaster 3.1
Hijackthis v-1.97.7

I appreciate both of you for all the time you've put on my problem.

 

Im asking around about this.
Our other members Might already know how to fix this

One question. On Internet explorer's toolbar go view > toolbar's, anything out of the ordinary there ?

and also go start > search, how about there ?

 

I can't find anything strange on Internet explorer's toolbar's view > toolbar menu. Here's a screenshot of this menu.

Start/Search is normal either. I can't find anything unusual.


MnInShdw

 

Hi MnInShdw

Any luck yet getting rid of the mention of search asistant in the context menu yet ?

If your comfortable with regedit or a reg tool (regseeker)

Backup this key then delete it, or we can make an import that will do that for you ?

I wouldnt bother with the other mentions of search assistance in the registry
those appear to my untrained eye to be normal.



You could though unregister omniband.dll start run
regsvr32 /u D:\Windows\System32\omniband.dll

Creating Custom Explorer Bars, Tool Bands, and Desk Bands:
More information

 

Woooow. I just....I just can't believe my eyes. I deleted the registry key you mentioned and reboot. Yes. Yes. that funny item in toolbar menu is GONE.

Let me tell you something my friend. You ARE a genius.

Million thanks to you, to your wisdom and to all of those who helped me in this thread. I appreciate all of your help.


Thanks.