Searchexe.com

**TheCardMan** · May 5th, 2004, 09:13 PM

I need help getting rid of a pain in the #$ss popup bar when i start Internet Explorer. When ever I open IE this toolbar opens as a window below IE, this is what the window says:

http://searchexe.com/passthrough/popupbaropener.html - Microsoft Internat Explo

I can not get rid of this. I have used AdAware, Spybot, SpyBlaster, HiJackThis...I followed instructions on google searches. Can not find a way to remove this.

Any help?

**wmicro** · May 5th, 2004, 09:54 PM

Open IE then look at the top for Tools and click on Internet options on the general tab wear states Home Address and in type in your preferred home page. If this does not work then you need to go to add/ remove programs it must be there somewhere.

**NooNoo** · May 6th, 2004, 02:03 AM

Tried cwshredder?

**TheCardMan** · May 6th, 2004, 09:56 AM

It does not change the Home Page when starting IE. I have that set to www.msn.com. When I open explorer, MSN opens up and below it is the toolbar for searchexe. It comes up in its own window, that can be closed down after it pop in there with msn. I believe I have tried CWSHREDDER but will try again. I did not see anything in Add/Remove regarding searchexe.com.

**NooNoo** · May 6th, 2004, 10:02 AM

So this is a toolbar?
what does the hijack this log look like?

**TheCardMan** · May 6th, 2004, 10:24 AM

Well....Not ure....it is not imbeded in IE, I would consider it a Pop Up whenever you open IE.

The window button on the taskbar shows: http:\\searchexe.com\passthrough\popupopener.html - Microsoft Internet Explo

I will get the HiJack log and post later......

**jackie12345** · May 15th, 2004, 09:16 AM

I have the same problem, and I found the HiJack log online from
http://www.experts-exchange.com/Secu..._20950868.html

Logfile of HijackThis v1.97.7
Scan saved at 12:46:32, on 12/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\amok bait camp\site proc.exe
C:\Program Files\ProductsFoundry\AdvertisingCleaner\advcleane r.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel Calder\My Documents\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchexe.com/passthrough/ind...en/default.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [slowbend] C:\PROGRA~1\amok bait camp\site proc.exe
O4 - HKLM\..\Run: [AdvertisingCleaner] C:\Program Files\ProductsFoundry\AdvertisingCleaner\advcleane r.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E28AC518-9FF0-4448-A15A-613BB3271192}: NameServer = 194.168.4.100 194.168.8.100

**NooNoo** · May 15th, 2004, 11:03 AM

Jackie, do you mean this is YOUR log or just one you randomly chose to cut and paste in this thread?

**TripleRLtd** · May 15th, 2004, 11:08 AM

Originally Posted by NooNoo

Jackie, do you mean this is YOUR log or just one you randomly chose to cut and paste in this thread?

Yeah, searchexe is a real pain. We need your Hijack log. You can copy and paste it?

**siouxi31** · May 17th, 2004, 01:47 PM

Has anyone figured out how to get rid of this? I'm having the same trouble and it causes pop-ups to occur as well.

**TripleRLtd** · May 17th, 2004, 01:51 PM

Originally Posted by siouxi31

Has anyone figured out how to get rid of this? I'm having the same trouble and it causes pop-ups to occur as well.

Welcome to WD siouxi31. We'll need you to do all of the steps listed here first:
http://forums.windrivers.com/showthread.php?t=57348
Then post a HiJack This log here if you still have the issue.

**siouxi31** · May 17th, 2004, 02:23 PM

I've tried AdAware with no success and still get the tool bar (searchexe.com), lots of pop ups and my default page keeps changing. Based on recommendation from these boards, I downloaded HiJackThis and here is the log after running the program:
Logfile of HijackThis v1.97.7
Scan saved at 2:20:26 PM, on 5/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Reflection\R8win.exe
C:\DOCUME~1\sviscont\LOCALS~1\Temp\pch7.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Reflection\R8win.exe
C:\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchexe.com/passthrough/ind...helm/index.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by APL, Limited
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=apl-proxy.apl.com:80;https=apl-proxy.apl.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.apl.com;155.14.*;<local>
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [shim settings] C:\PROGRA~1\GREATE~1\Support Move Bait.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.3com.com
O15 - Trusted Zone: www.401k.com
O15 - Trusted Zone: www.acslogistics.com
O15 - Trusted Zone: www.adobe.com
O15 - Trusted Zone: aplweb.apl.com
O15 - Trusted Zone: www.apl.com
O15 - Trusted Zone: www.cnet.com
O15 - Trusted Zone: www.nol.com.sg
O15 - Trusted Zone: www.commerce.net
O15 - Trusted Zone: www.compaq.com
O15 - Trusted Zone: support.dell.com
O15 - Trusted Zone: www.dell.com
O15 - Trusted Zone: www.excite.com
O15 - Trusted Zone: infoseek.go.com
O15 - Trusted Zone: www.hp.com
O15 - Trusted Zone: www.ibm.com
O15 - Trusted Zone: www.pc.ibm.com
O15 - Trusted Zone: cbs.marketwatch.com
O15 - Trusted Zone: www.mbc.com
O15 - Trusted Zone: www.mcafeeb2b.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: www.nai.com
O15 - Trusted Zone: www.netscape.com
O15 - Trusted Zone: www.nolweb.com
O15 - Trusted Zone: www.pkware.com
O15 - Trusted Zone: www.raging.com
O15 - Trusted Zone: www.wellness2000.net
O15 - Trusted Zone: www.windows95.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8C28EFD7-767B-11D1-8400-000000000000} - http://d1dal710/components/Brio.Insight.en.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://155.14.78.203/main/Install_5p...Downloader.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase51/OrgPubX.cab
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://d1dal501/wfc/plugins/j2re-1_3_1_02-win.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = D1.AD.APL.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = D1.AD.APL.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = D1.AD.APL.COM

Do you think I should just remove those that say searchexe.com? I hope there's nothing really private in this log.

**TripleRLtd** · May 17th, 2004, 02:39 PM

Originally Posted by siouxi31

C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\sviscont\LOCALS~1\Temp\pch7.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchexe.com/passthrough/ind...helm/index.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shim settings] C:\PROGRA~1\GREATE~1\Support Move Bait.exe this I'd like you to check the properties of and version info: find file and right click it and choose properties.

You can check all these in Hijack and choose fix selected. I am assuming you are in Australia and your ISP is APL?
You may have to do all this in safe mode as well for it to all work. Come back with another log after. Good luck.

**MuttonChopper** · May 24th, 2004, 12:58 PM

Originally Posted by wmicro

Open IE then look at the top for Tools and click on Internet options on the general tab wear states Home Address and in type in your preferred home page. If this does not work then you need to go to add/ remove programs it must be there somewhere.

I have tried to go in to Add/Delete Programs and find it with no success. Not only that, but you can switch your homepage back to only what you want and after opening it a few times, searchexe.com puts itself back!!!!! They must die.
There must be someone who can help!?!?

**imaeditedbysowulo** · May 28th, 2004, 10:03 PM

I can help.

Go to this website: http://download.com.com/3000-2356-10...ml?tag=lst-0-2

Install Mozilla and delete your Internet Explorer icons so that you will never launch it by accident. It has the same general appearance as IE except it's noticeably faster loading pages and has a built in pop up blocker so you won't feel attacked every time you try to look for pron on the internet. Haven't had my homepage hijacked since I switched.

Thread: Searchexe.com

Thread Tools

Display

Searchexe.com

HiJack log

Searchexe.com

Bookmarks

Bookmarks

Posting Permissions