MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: help ridding home search assistant
November 20, 2019, 09:59:48 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 20, 2019, 09:59:48 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: help ridding home search assistant  (Read 1694 times)
jefferinmax
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 13


Bookmark and Share

View Profile
« on: December 08, 2004, 07:12:32 PM »

I have a laptop that i am trying to fix up to give to my husand so he will leave my new one alone, Smiley he is really bad about getting stuff he shouldnt on a pc, he has managed to get Home search assistant,among other **** and think i got most of it but when i open IE i still get the home page about:blank however the screen is blank instead of all the other links that used to appear. I have run adaware,spybot s&d, pest patrol, and followed a manual removal but had some questions about what to reomve or fix on the hijack this log. I also ran pc bug dr and that found 500 problems.  Here is my hijack this log.  Any help will be greatly appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 12:57:11 PM, on 12/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WINRK.EXE
C:\WINDOWS\D3NP32.EXE
C:\WINDOWS\SYSTEM\NTBY32.EXE
C:\WINDOWS\SYSTEM\NTBJ32.EXE
C:\WINDOWS\SYSTEM\ATLDY.EXE
C:\WINDOWS\IEYT32.EXE
C:\WINDOWS\SYSTEM\JAVANK32.EXE
C:\WINDOWS\SYSTEM\ATLYM.EXE
C:\WINDOWS\NETGV32.EXE
C:\WINDOWS\IPKR.EXE
C:\WINDOWS\NETCB.EXE
C:\WINDOWS\SYSTEM\APPFJ.EXE
C:\WINDOWS\SYSTEM\NETMK.EXE
C:\WINDOWS\SYSTEM\APPKS32.EXE
C:\WINDOWS\SYSTEM\IPCZ32.EXE
C:\WINDOWS\SYSTEM\SDKOZ.EXE
C:\WINDOWS\APPKG32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\PROGRAM FILES\PCBUGDOCTOR\PCBUGDOCTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\WINDOWS\SYSTEM\ADDRF32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\WINDOWS\D3NP32.EXE
C:\WINDOWS\SYSTEM\SDKOZ.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\NETMK.EXE
C:\WINDOWS\NTUF.EXE
C:\WINDOWS\SYSTEM\WINRK.EXE
C:\WINDOWS\NETNH32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\IPKR.EXE
C:\WINDOWS\SYSTEM\CRXI32.EXE
C:\WINDOWS\SYSTEM\CRXI32.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.EXE
C:\WINDOWS\SYSTEM\NETMK.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vwmle.dll/sp.html#22776
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D80E5A0B-7AF4-EAF4-D346-B5703453A138} - C:\WINDOWS\SYSTEM\ADDQX32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [ADDRF32.EXE] C:\WINDOWS\SYSTEM\ADDRF32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [APPFJ.EXE] C:\WINDOWS\SYSTEM\APPFJ.EXE
O4 - HKLM\..\RunServices: [NTBY32.EXE] C:\WINDOWS\SYSTEM\NTBY32.EXE
O4 - HKLM\..\RunServices: [NETCB.EXE] C:\WINDOWS\NETCB.EXE
O4 - HKLM\..\RunServices: [IEYT32.EXE] C:\WINDOWS\IEYT32.EXE
O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\SYSTEM\ATLDY.EXE
O4 - HKLM\..\RunServices: [APPKS32.EXE] C:\WINDOWS\SYSTEM\APPKS32.EXE
O4 - HKLM\..\RunServices: [D3NP32.EXE] C:\WINDOWS\D3NP32.EXE
O4 - HKLM\..\RunServices: [WINRK.EXE] C:\WINDOWS\SYSTEM\WINRK.EXE
O4 - HKLM\..\RunServices: [JAVANK32.EXE] C:\WINDOWS\SYSTEM\JAVANK32.EXE
O4 - HKLM\..\RunServices: [IPCZ32.EXE] C:\WINDOWS\SYSTEM\IPCZ32.EXE
O4 - HKLM\..\RunServices: [NETMK.EXE] C:\WINDOWS\SYSTEM\NETMK.EXE
O4 - HKLM\..\RunServices: [NTBJ32.EXE] C:\WINDOWS\SYSTEM\NTBJ32.EXE
O4 - HKLM\..\RunServices: [IPKR.EXE] C:\WINDOWS\IPKR.EXE
O4 - HKLM\..\RunServices: [NETGV32.EXE] C:\WINDOWS\NETGV32.EXE
O4 - HKLM\..\RunServices: [APPKG32.EXE] C:\WINDOWS\APPKG32.EXE
O4 - HKLM\..\RunServices: [ATLYM.EXE] C:\WINDOWS\SYSTEM\ATLYM.EXE
O4 - HKLM\..\RunServices: [SDKOZ.EXE] C:\WINDOWS\SYSTEM\SDKOZ.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NTUF.EXE] C:\WINDOWS\NTUF.EXE
O4 - HKLM\..\RunServices: [NETNH32.EXE] C:\WINDOWS\NETNH32.EXE
O4 - HKLM\..\RunServices: [CRXI32.EXE] C:\WINDOWS\SYSTEM\CRXI32.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.2.21/canasta/canasta-ob-assets.cab



Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: December 08, 2004, 07:19:15 PM »

Hi jefferinmax ...

Please make a folder for Hijackthis.
It's not adviseable to leave it on your desktop, backups will be spread all over your screen ..
Right click an empty spot in the MyDocuments Folder----left click NEW---Folder
Name it HJT---copy and paste hijackthis to that new folder and delete the one on the desktop originally downloaded.
Don't delete backups until everything is running ok...


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #2 on: December 08, 2004, 07:39:34 PM »

First Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next download CWShredder and save it to desktop
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

Next: with only CWShredder open let it FIX all problems

RESTART your computer
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page.



Ok now...

Download,Install,Update then run Spybot Search & Destroy
Fix eveything in RED

Then...

If you haven't done so already Download and Install
Ad-Aware

CHECK FOR UPDATES
Set these for a Custom Scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".
Ensure you reboot after running Ad-Aware if it found objects
to remove, so it can properly remove them.

Then could you please run an online virus scan at Housecall's--- http://housecall.trendmicro.com/
Set to Autoclean and delete what it can't fix if you can,
thanks.


Run HJT again and post back with a fresh logfile.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jefferinmax
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 13


Bookmark and Share

View Profile
« Reply #3 on: December 10, 2004, 02:49:12 AM »

phewww!!! talk about exasperating, well i have done all that you have instructed, finally got my antivirus to run a clean scan once i disabled system restore.  Do i re-enable it?  I have run spybot, adaware, and pest patrol and fixed it all i think, here is my newest HJT scan

Logfile of HijackThis v1.98.2
Scan saved at 8:45:55 PM, on 12/9/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\NETCB.EXE
C:\WINDOWS\SYSTEM\APPFJ.EXE
C:\WINDOWS\SYSTEM\NETMK.EXE
C:\WINDOWS\SYSTEM\ATLDY.EXE
C:\WINDOWS\D3NP32.EXE
C:\WINDOWS\SYSTEM\APPKS32.EXE
C:\WINDOWS\SYSTEM\JAVANK32.EXE
C:\WINDOWS\IEYT32.EXE
C:\WINDOWS\SYSTEM\NTBY32.EXE
C:\WINDOWS\SYSTEM\IPCZ32.EXE
C:\WINDOWS\SYSTEM\WINRK.EXE
C:\WINDOWS\IPKR.EXE
C:\WINDOWS\NETGV32.EXE
C:\WINDOWS\SYSTEM\NTBJ32.EXE
C:\WINDOWS\NTUF.EXE
C:\WINDOWS\SYSTEM\CRXI32.EXE
C:\WINDOWS\NETNH32.EXE
C:\WINDOWS\APPKG32.EXE
C:\WINDOWS\SYSTEM\ATLYM.EXE
C:\WINDOWS\SYSTEM\SDKOZ.EXE
C:\WINDOWS\SYSTEM\ADDLG.EXE
C:\WINDOWS\SYSTEM\SYSHI.EXE
C:\WINDOWS\D3RY.EXE
C:\WINDOWS\SDKGK32.EXE
C:\WINDOWS\IPED.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\WINDOWS\SYSTEM\ADDRF32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\SDKOZ.EXE
C:\WINDOWS\SYSTEM\NTBY32.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\sumxt.dll/sp.html#22776
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {18B8331E-80E3-49E4-8009-EBCC0933A0E8} - C:\WINDOWS\SYSTEM\APPNB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ADDRF32.EXE] C:\WINDOWS\SYSTEM\ADDRF32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [APPFJ.EXE] C:\WINDOWS\SYSTEM\APPFJ.EXE
O4 - HKLM\..\RunServices: [NTBY32.EXE] C:\WINDOWS\SYSTEM\NTBY32.EXE
O4 - HKLM\..\RunServices: [NETCB.EXE] C:\WINDOWS\NETCB.EXE
O4 - HKLM\..\RunServices: [IEYT32.EXE] C:\WINDOWS\IEYT32.EXE
O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\SYSTEM\ATLDY.EXE
O4 - HKLM\..\RunServices: [APPKS32.EXE] C:\WINDOWS\SYSTEM\APPKS32.EXE
O4 - HKLM\..\RunServices: [D3NP32.EXE] C:\WINDOWS\D3NP32.EXE
O4 - HKLM\..\RunServices: [WINRK.EXE] C:\WINDOWS\SYSTEM\WINRK.EXE
O4 - HKLM\..\RunServices: [JAVANK32.EXE] C:\WINDOWS\SYSTEM\JAVANK32.EXE
O4 - HKLM\..\RunServices: [IPCZ32.EXE] C:\WINDOWS\SYSTEM\IPCZ32.EXE
O4 - HKLM\..\RunServices: [NETMK.EXE] C:\WINDOWS\SYSTEM\NETMK.EXE
O4 - HKLM\..\RunServices: [NTBJ32.EXE] C:\WINDOWS\SYSTEM\NTBJ32.EXE
O4 - HKLM\..\RunServices: [IPKR.EXE] C:\WINDOWS\IPKR.EXE
O4 - HKLM\..\RunServices: [NETGV32.EXE] C:\WINDOWS\NETGV32.EXE
O4 - HKLM\..\RunServices: [APPKG32.EXE] C:\WINDOWS\APPKG32.EXE
O4 - HKLM\..\RunServices: [ATLYM.EXE] C:\WINDOWS\SYSTEM\ATLYM.EXE
O4 - HKLM\..\RunServices: [SDKOZ.EXE] C:\WINDOWS\SYSTEM\SDKOZ.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NTUF.EXE] C:\WINDOWS\NTUF.EXE
O4 - HKLM\..\RunServices: [NETNH32.EXE] C:\WINDOWS\NETNH32.EXE
O4 - HKLM\..\RunServices: [CRXI32.EXE] C:\WINDOWS\SYSTEM\CRXI32.EXE
O4 - HKLM\..\RunServices: [ADDLG.EXE] C:\WINDOWS\SYSTEM\ADDLG.EXE
O4 - HKLM\..\RunServices: [SYSHI.EXE] C:\WINDOWS\SYSTEM\SYSHI.EXE
O4 - HKLM\..\RunServices: [D3RY.EXE] C:\WINDOWS\D3RY.EXE
O4 - HKLM\..\RunServices: [SDKGK32.EXE] C:\WINDOWS\SDKGK32.EXE
O4 - HKLM\..\RunServices: [IPED.EXE] C:\WINDOWS\IPED.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.2.21/canasta/canasta-ob-assets.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

thank you again for your help and patience
Erin
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #4 on: December 10, 2004, 04:17:43 AM »

Ok, what we have here is a CoolWebSearch trojan variant known as an AboutBlank infection. We've seen these numerous times in the past and it may take a couple of different process we'll have to go through before we can get rid of it all.Follow these instructions in order. First, I want you to go and download a program called AboutBuster. Here's the link:

http://www.snapfiles.com/get/aboutbuster.html

Run the program at least twice, until the log comes up clean (if it keeps finding files, continue to run the program over and over until no more files are found). AboutBuster will remove the AboutBlank infestation. When finished, I want you to go and download a program called CWShredder. Here's the link:

http://www.intermute.com/spysubtrac...r_download.html

Run CWShredder, have it get the latest updates, and let it do it's thing. CWShredder will eliminate any remaining parts of the CoolWebSearch infection if they still exist on your system. Next I want you to go and download AntiVir's Free-AV. Here's the link:

http://www.free-av.com/

Run a full scan on your system with Free-AV. Free-AV will check to make sure no virus infecting program are lurking where we can't see them. When finished, go and download the latest version of Ad-aware SE. Here's the link:

http://www.majorgeeks.com/download.php?det=506

Click on one of the download locations and after downloading, install Ad-aware SE. At the end of the installation, have Ad-aware get the latest updates and run a full scan against your system. When it finishes, have Ad-aware fix everything it found by placing a check in the "check-box" next to every entry. When this is finished, run "Hijack This!" and  post a new log.Your log should be a lot shorter after these programs and then we'll clean the rest
« Last Edit: December 10, 2004, 04:19:19 AM by jvic » Logged

John Vickers
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page December 30, 2018, 12:48:52 PM