Ad-aware won't remove searchcentrix, control panel won't let me remove either

[Armywife1980]

I have an E-Machines W1500 1600+AMD Anthion XP Processor, CD-RW 24x. Max. Write, 128 MB, 56K, 40GB hardrive (Okay, I copied that off of the front of the computer)

Here is the deal:

Not only can I not get SearchCentrix crap off of my computer, I am having all kinds of problems. I tried to go to search options on this website to see if my problem was listed in other threads, but keep getting error messages saying that IE cannot open the website, yet it will let me here. That happens a lot on different websites. I went to add/remove programs to get rid of the search centrix stuff, but when I hit remove, it tells me "Access denied". I run Ad-aware on my computer everyday but it hasn't helped my computer as far as I can tell. My computer locks up all the time, especially when downloading updates from Microsoft. I don't know anything about computers at all. Last night, I downloaded the Spyware Blaster but I don't know if that is something that you have to run like Ad-aware or if it does whatever it does by itself. Any help at all would be greatly appreciated and I hope that it accepts all this when I hit post thread and that I can get back in to see if anyone has any answers for me. Thank you all.

[chaslang]

Welcome to MG's ArmyWife. See if you can go to Pest Patrol's Website they have info on removing this. Go here: http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp

You may also want to look at SearchCentrix website: http://searchcentrix.com/searchcentrix_uninstall.html

See if this helps.

[Armywife1980]

Okay, searchcentrix.com just tells you to remove it with control panel and the pest control tells you to do all this stuff and remove all this stuff from this and that, which I have NO IDEA what any of it means HA HA!!! Thanks for your help though.

[chaslang]

Basically they are telling you to use task manager to kill a few running processes and then they have you edit the registry to get rid of the stuff the program added. Here try this first. Download HiJaak This from here: http://www.majorgeeks.com/download3155.html It is in a ZIP file. Hopefully you know how to extract from a ZIP. What version of Windows are you running?

Once you get HiJaak This extracted. Run it. Save the log which will open a notepad file with the log in it. Then you have to copy & paste this log into your next message. If you dont know how to copy and paste, see this: http://www.majorgeeks.com/vb/showthread.php?t=26020

[Armywife1980]

There was only one of the things in the list that matched to the task manager and I deleted it but the other stuff where it said to regedit or whatever it said, I have no idea what that is.

And no, I do not know how to unzip files. What does that mean?

[chaslang]

I need to know you Windows OS. 95, 98, 98Se, 2K, XP Home, XP Pro?

[Armywife1980]

Sorry, i tried to edit my post and add that I had WIndows XP (I am assuming HOME because this is my private computer) but it wouldn't let me. Ok, here is my hijack thing:

Logfile of HijackThis v1.97.7
Scan saved at 12:46:10 AM, on 6/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\winppr32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\sllights.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\WINDOWS\System32\eventcls.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - HKCU\..\Run: [eventcls] C:\WINDOWS\System32\eventcls.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Startup: SongSpy.lnk = C:\Program Files\SongSpy\songspy.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v54/cubis/cubis.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2C5152-D2B3-4AE5-BC6F-F78A724478AF}: NameServer = 12.14.225.10 12.14.225.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2C5152-D2B3-4AE5-BC6F-F78A724478AF}: NameServer = 12.14.225.10 12.14.225.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A2C5152-D2B3-4AE5-BC6F-F78A724478AF}: NameServer = 12.14.225.10 12.14.225.11

[chaslang]

ZIP files are compressed files that can contain many files. It is pretty much an industy standard. See this link http://www.majorgeeks.com/download.php?det=525.

As far as PestPatrol's site, they wanted you to perform four steps:
1) shut down running processes with Task Manager
2) Use "regsvr32 /u filenames" in a command prompt window to unregister a bunch of DLL files. Where I said filenames you would substitute the DLL names the gave you using the full system path to the files. For example where they said: systemroot+\gsim.dll , you would enter the full command as regsvr32 /u c:\windows\gsim.dll That is assuming c:\windows is you systemroot directory as it typically is.
3) Edit the system registy using regedit to cleanup the stuff put in by SearchCentrix
4) Remove the files that SearchCentrix was using

There is more info on this here too: http://www.kephyr.com/spywarescanner...ze/index.phtml

I know this may all be confusing to you, but taking it one step at a time we can fix it.

An alternative would be to download PestPatrol from here: http://www.majorgeeks.com/download1187.html

I'm not sure if the downloadable version (without buying it) will clean up the problem. It may be they only detect and you have to buy to clean. Give it a try.

Also, it may be worth trying SpySweeper: http://www.majorgeeks.com/download3263.html

[chaslang]

From your HiJaak This log I see the Win32.Sobig-F virus indicated by this line:

O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc

You do not seem to have a virus scanner program installed. You need to get one on you system an run a full scan. There are some freeware scanners on MG's. Most people like Avast: http://www.majorgeeks.com/download1968.html

[Armywife1980]

O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc

Is this something I need to check on the HiJack and have it "fix" it? Or how does this work?

[chaslang]

One more thing. If you don't want to go with the Avast method right now, download and run the McAfee Avert Stinger tool from here: http://www.majorgeeks.com/download4063.html

I believe it will clean up this virus too.
After fixing that, we can get back to the SearchCentrix issue.

[chaslang]

Oops! Forgot something. You are running WinXP. You will need to disable system restore before cleaning up this virus, otherwise you risk that it will come back. If you don''t know how to do that, see this: http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm

I gotta get to sleep now! 2:12 am where I'm at. Will continue later (much later) today.

[Armywife1980]

Okay, I ran the stinger thing and got rid of the virus that you saw. Thank you very much for your help and I will be back on tomorrow night to see if I have any new advice. THANK U THANK u

[chaslang]

That's good. Can you make sure your Ad-aware is up to date and run a full scan and then also download and install and run SpyBot S&D from here: http://www.majorgeeks.com/download2471.html. Fix whatever they find.

[Armywife1980]

Okay, I have done everything that you have said except download the AVERT anti-virus. I will do that when I get time. My computer only connects at 42.6 Kpbs for some reason. Anyway, it's really slow now that I moved it. But already, just doing that things that you showed me, my computer goes to websites a little faster and I don't get as many pop-ups or error messages. Thank you for your help!!!

[chaslang]

Sounds like we are making some progress Armywife, but are you still having SearchCentrix issues?

[Armywife1980]

Well, I don't see anything in the control panel anymore and I haven't had any problems. It's really cleared up a lot of evil stuff in my computer. I also put a password on my computer so my dumba$$ brother can't get on here to look up porn anymore. But, ha ha, I do have a new question. You game?



Here goes: I downloaded CleanCache but when I go to run it, it I get an error message that states "the application failed to initialize properly". It said it might sometimes do this if you haven't got all of your updates from Windows. So, I went and got this HUGE update that took me like 4 hours to download. Anyway, it downloaded it and installed then got to a part that said that it was running processes and my computer locked up and I don't think it ever installed and that is why my CleanCache won't work. I have no idea. I am about to get out my CDs that came with this computer and start over again. HA HA I don't know if you can do that or not, but I would sure try if I didn't have so much stuff I need on my computer and not computer literite enough to save it all. Okay, done blabbing.

[chaslang]

It's a good idea to password protect your system anyway (even without your brother being a problem).

I'm not familiar with CleanCache but I checkout the FAQ on their website and saw your error message. It occurs when Microsoft .NET Framework is not installed. I assume that is what you were trying to download. You should go here http://v4.windowsupdate.microsoft.com/en/default.asp to get your Microsoft updates. Just have it scan your PC. It will give you a list of suggested and critical updates. You can also get a list of what updates are already applied. Perhaps doing it from here would work better. I know you have slow connection but you need to stay current with updates. After that maybe CleanCache will install okay. By the way, I think Crap Cleaner may be better than CleanCache. Check it out here: http://www.majorgeeks.com/download4191.html

[Armywife1980]

Okay, I removed CleanCache and downloaded the one you listed. It removed over 53 MILLION bytes or whatever it was. That seems like a whole lot. Anyway, with the Microsoft updates. I had already went to the website, had it scan my computer, then when it told me what I needed, I downloaded it and it took like 4 hours to complete. Then it started to unstall the download, finished that, then said it was running something or the other and then my computer locked down and I had to shut it off so I don't know if it got complete installed or not.

[chaslang]

Just go back to the http://v4.windowsupdate.microsoft.com/en/default.asp site and scan again. You should be able to determine if it complete or not by what they tell you is still needed. By the way
BelArc Adviser (here http://www.majorgeeks.com/download1385.html) and Everest (here http://www.majorgeeks.com/download4181.html) can also give that information.