searchweb2 problem

You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Okay first a couple of notes:
1) You are using an old version of HijackThis. Please get the current version (link was in the READ ME FIRST). And post a new log. The old version does not reveal or fix certain items.

2) Our directions specifically request that you shutdown browsers before using HijackThis. You had IE running:
C:\Program Files\Internet Explorer\iexplore.exe

3) You OS and Internet Explorer are seriously out of date. You must get updated after we fix the current problems. You have:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Question:
1) Do you know what the below application is? It looks very suspicious to me.
O4 - HKCU\..\Run: [Defaultsoap] C:\DOCUME~1\pip\APPLIC~1\COMPRE~1\htmlocks.exe

 

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Print these instructions or save them locally. Because I want you to be physically disconnecteded from the Internet (disconnect you cables) and to reboot in safe mode after doing this. Do not open a browser (IE) or reconnect to the Internet until I tell you to do so.

Okay disconnect cables and boot into safe mode now!

After booting in safe mode, bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them (note these file names may change at each boot of your PC):
C:\DOCUMENTS and SETTINGS\pip\LOCAL SETTINGS\Temp\mertrhvn.exe
C:\DOCUMENTS and SETTINGS\pip\LOCAL SETTINGS\Temp\knmkrdpr.exe


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bnvqbevdnyottxeoqntlx.us/tL5QnWheOIuU3CZQcJ2lmXBCbVFiBSnJMzRgh4cFBC/ACqWYiHal1/xwJoABaZpe.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKCU\..\Run: [Defaultsoap] C:\DOCUME~1\pip\APPLIC~1\COMPRE~1\htmlocks.exe


Use Windows Explorer to delete (if found):
C:\DOCUMENTS and SETTINGS\pip\APPLICATION DATA\COMPRE~1\htmlocks.exe
C:\DOCUMENTS and SETTINGS\pip\LOCAL SETTINGS\Temp <--- delete all files in this folder

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel, Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reconnect your cables and reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome. Your log is clean! You now really must get you system updated as I said before.

Please take a look at the instructions here: How to Protect yourself from malware!