In my tool bar there is a Search Assitant bar no matter what spywhere program i use it either wont detect it or it wont go away help :(

HI MMM,

Do these step and we can get to the bottom of your problem..

Pinned: Guidelines for Posting in This Forum
READ THIS FIRST PLEASE

http://forum.gladiator-antivirus.com/index...showtopic=10517

Also when you use that free Adaware program..
*************************************
Try this using your Adaware


2. Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

3. Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list

4. Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

1. In the ‘General’ window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file
· Under ‘Click here to select drives + folders’, choose:
· All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information
· Include additional object details

4. Click the ‘Tweak’ button and select:
· Under the ‘Scanning Engine’:
· Unload recognized processes during scanning
· Include basic Ad-aware settings in logfile
· Include additional Ad-aware settings in logfile
· Under the ‘Cleaning Engine’:
· Let Windows remove files in use at next reboot

5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page and then choose:
· Use Custom Scanning Options

7. Click ‘Next’ and AdAware will scan your hard drive(s) with the options you have selected.

8. Save the log file when it asks and then click ‘finish’

9. REBOOT
*******************************

Logfile of HijackThis v1.97.7
Scan saved at 15:15:34, on 30/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.softladinc.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=200.61.164.228:8000
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ScanSpyware v3.5] "C:\Program Files\ScanSpyware v3.5\Scanner.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7957.3997569444
O16 - DPF: {D27CDB6E-AE6D-11CF-6B00-000000000000} - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

yes..and tell me if your Adaware or spybot found anything on your PC when you did a full scan with those free product ?

for your..

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

see here


http://forum.gladiator-antivirus.com/index...showtopic=15074

ArchiveData(auto-quarantine- 30-05-2004 15-49-46.bckp)
============================================

ALEXA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

MY-WAY SPEEDBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[1]=RegKey : SOFTWARE\MyWay

NEW.NET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[2]=File : c:\program files\filesubmit\69 babes\nnez_388.exe
obj[3]=File : c:\documents and settings\default\local settings\temp\nsw2d.tmp\new_net.exe

TRACKING COOKIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[4]=File : c:\documents and settings\default\cookies\default@www7.paypopup[1].txt
obj[5]=File : c:\documents and settings\default\cookies\default@trafficmp[1].txt
obj[6]=File : c:\documents and settings\default\cookies\default@tribalfusion[1].txt
obj[7]=File : c:\documents and settings\default\cookies\default@adserver.filefront[1].txt
obj[8]=File : c:\documents and settings\default\cookies\default@tradedoubler[1].txt
obj[9]=File : c:\documents and settings\default\cookies\default@server.iad.liveperson[1].txt
obj[10]=File : c:\documents and settings\default\cookies\default@web4.realtracker[1].txt
obj[11]=File : c:\documents and settings\default\cookies\default@bluestreak[1].txt
obj[12]=File : c:\documents and settings\default\cookies\default@adtech[2].txt
obj[13]=File : c:\documents and settings\default\cookies\default@fortunecity[1].txt
obj[14]=File : c:\documents and settings\default\cookies\default@z1.adserver[1].txt
obj[15]=File : c:\documents and settings\default\cookies\default@goclick[2].txt
obj[16]=File : c:\documents and settings\default\cookies\default@spylog[1].txt
obj[17]=File : c:\documents and settings\default\cookies\default@hotlog[2].txt
obj[18]=File : c:\documents and settings\default\cookies\default@paycounter[1].txt
obj[20]=File : c:\documents and settings\default\cookies\default@bilbo.counted[1].txt
obj[21]=File : c:\documents and settings\default\cookies\default@bravenet[2].txt
obj[23]=File : c:\documents and settings\default\cookies\default@hestia.-- The nicest hobby on Earth ;) --trail.trakkerd[1].txt
obj[24]=File : c:\documents and settings\default\cookies\default@bis.180solutions[1].txt
obj[25]=File : c:\documents and settings\default\cookies\default@bravenet[3].txt
obj[26]=File : c:\documents and settings\default\cookies\default@etype.adbureau[2].txt
obj[27]=File : c:\documents and settings\default\cookies\default@180solutions[2].txt
obj[28]=File : c:\documents and settings\default\cookies\default@180solutions[3].txt

OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[19]=File : c:\documents and settings\default\cookies\default@cgi-bin[8].txt
obj[22]=File : c:\documents and settings\default\cookies\default@cgi-bin[10].txt

That is what it found and gets rid of but no sign of the search toolbar.

Thanx for your help i will see if that other thing works now.

No it is still there.

Hi MrMondayNight,

Could you please Reboot your PC. Scan again with Adaware - let it remove anything it finds. If anything found, reboot your PC once more.

Scan again with HijackThis and post a fresh log, please :)

Did you by chance download and install the Smiley Central with its search assistant.. if so there is info here how to uninstall that search assistant..

http://forum.gladiator-antivirus.com/index...showtopic=14639

Also consider this..


Search Assistant

--------------------------------------------------------------------------------

Since yesterday at startup I have a toolbar with a textbox and search button on my taskbar that's named "Search Assistant". Right-clicking it let's you choose between "Blazefind", "Google", "MSN" and "Yahoo". If you enter something and press "Search", IE opens the search engine you chose before. I didn't put this toolbar there, I don't need it, it ****s up my taskbar and I don't know where it came from. I tried to deactivate it, but every time I restart my computer it's there again. I deleted all entries in my registry that possibly link to it, but it won't dissappear. Also, I can't change my IE settings anymore (Tools >> Internet Options). It says "This operation has been cancelled due to restrictions in effect on this computer." Can anyone help me? Thanks ...



******************



To modify the IE start page and search assistant, please do the following:

Click Internet Explorer
In the browser (IE), click the Tools>Internet Options
In the General tab, either input the URL of your desired start page in the Address text box or click on the button Use Default.
Click Apply>OK to close the Internet Options window.
Click the Search tool icon on the tool bar to open the search assistant page.
In the right panel, click the Customize button to modify the search assistant settings according to your Search engine preference.



Adware.SearchCounter

http://securityresponse.symantec.com/avcen...rchcounter.html


***************************
Question

I just noticed that I have an extra option in my toolbar list.. when I right click on the bottom toolbar >> go to toolbar >> it shows a list eg: address, quick launch, ..etc but now I have something new called search assistant,

I could see the program in my "add and remove programs" but I deleted the folder manually, so now I can't uninstall

But at the same time, this toolbar "search assistant" always start in the start up, and I want to get rid of it,

Any ideas where I could find this using registry editor ?
PS,i tried using Adaware , Spybot, .. but they don't detect it.


Answer

Start > Run > msconfig > Startups tab > uncheck Search Assistant

Start, Run, Regedit and go down to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

In the right pane, look for or create a string value called: Use Search Asst
Set the value to: no



In Windows XP and IE6, you need to disable the Search Assistant to make the change take effect. At the registray key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

...change the Use Search Assistant value to No.