Please help I am going CRAZY!! Home search assistant, search extender, and shopping wizard got installed on my puter and I can't uninstall it. When I hit remove in add/remove programs it says cannot find "http://looking-for.cc/uninstall/[home search assisstant].html" for each one. I have found them in my registry and deleted them but they keep coming back?? Are they reinstalling themselves?? How do I kill them?? It is taking over my puter
Thank you for any help!! Michele

You need to download Hijack this from my signature, install it to its own folder and run it. Save the log and paste it in here for one of us to analyse.

The following is the scan; please inform me of which to delete in order to get rid of home search assisstant, search extender, etc. Thank you.

------------------------------



Logfile of HijackThis v1.98.2
Scan saved at 4:54:12 PM, on 8/24/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)


Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\sysgj.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\services\msxmidi.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0BIC1. EXE
C:\winnt\temp\D9P.exe
C:\WINNT\System32\bmyrfv.exe
C:\documents and settings\christine\local settings\temp\aohPxJuU.exe
C:\documents and settings\christine\local settings\temp\cNB.exe
C:\WINNT\javazx32.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\christine\local settings\temp\m8ZD.exe
C:\WINNT\System32\IEHost.exe
C:\WINNT\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\documents and settings\christine\local settings\temp\D.exe
C:\WINNT\System32\iepscrpt.exe
C:\WINNT\System32\ctfmon.exe
C:\Documents and Settings\Christine\Application Data\eata.exe
C:\WINNT\System32\hgds.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINNT\System32\colsmgr.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINNT\System32\Lcd1Q2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\Lcd1Q2.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\E4I5J5GC\hijackthis[1].exe
C:\WINNT\System32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jwozz.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jwozz.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\jwozz.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\jwozz.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jwozz.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\jwozz.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\jwozz.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINNT\system32\services\msxmidi.exe
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35E5B79F-B318-21AF-35C1-DCC711A0FE7D} - C:\WINNT\ieev32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0. dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0BIC1. EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [8Hk] C:\winnt\temp\8Hk.exe
O4 - HKLM\..\Run: [sf48LS] C:\winnt\temp\sf48LS.exe
O4 - HKLM\..\Run: [NNN] C:\winnt\temp\NNN.exe
O4 - HKLM\..\Run: [D9P] C:\winnt\temp\D9P.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [azggiyxs] C:\WINNT\System32\bmyrfv.exe
O4 - HKLM\..\Run: [2L2JEKB4YNM9FE] C:\WINNT\System32\MipL9X4.exe
O4 - HKLM\..\Run: [aohPxJuU] C:\documents and settings\christine\local settings\temp\aohPxJuU.exe
O4 - HKLM\..\Run: [cNB] C:\documents and settings\christine\local settings\temp\cNB.exe
O4 - HKLM\..\Run: [tfXfgO] C:\documents and settings\christine\local settings\temp\tfXfgO.exe
O4 - HKLM\..\Run: [Internet Explorer Agent] C:\WINNT\System32\iexplorer.exe
O4 - HKLM\..\Run: [javazx32.exe] C:\WINNT\javazx32.exe
O4 - HKLM\..\Run: [m8ZD] C:\documents and settings\christine\local settings\temp\m8ZD.exe
O4 - HKLM\..\Run: [qYWrMP3] C:\documents and settings\christine\local settings\temp\qYWrMP3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [D] C:\documents and settings\christine\local settings\temp\D.exe
O4 - HKLM\..\Run: [mFw] C:\documents and settings\christine\local settings\temp\mFw.exe
O4 - HKLM\..\Run: [534f34U] iepscrpt.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Sinm] C:\Documents and Settings\Christine\Application Data\eata.exe
O4 - HKCU\..\Run: [kbdusr] C:\WINNT\System32\kbdusr.exe
O4 - HKCU\..\Run: [Xnci] C:\WINNT\System32\hgds.exe
O4 - HKCU\..\Run: [K0vpRQY5l] colsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://isd.balthost.ee//ClxConsole//Test3//flash.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e1e2729109a237
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINNT\msopt.dll (file missing)

Coordinate (Christine?) - could you please post your HiJackThis log and confirmation of your problem in a separate message in the Windows 2000 forum rather than carrying on someone else's thread? Otherwise it can get very confusing. Thanks.

Crazyputer (Michele) - have you still got your problem on your Windows ME computer?

Hi I downloaded HiJack, here's my log, can you please analyze it:

Logfile of HijackThis v1.99.0
Scan saved at 4:13:18 PM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinMX\WinMX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\efked.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\efked.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\efked.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\efked.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\efked.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\efked.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A9AC70B-D55C-F5E0-B29D-89941C454F9E} - C:\WINDOWS\apies32.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [Vkbp] C:\WINDOWS\system32\d?dplay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10a655630f8d8d6...p/RdxIE601.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/ao...d.1.0.9.14.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...87/mcfscan.cab
O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\sysep.exe (file missing)

Hi, I dont really understand this but this home search assisstant is really screwing up my computer. I cant delete it and I dont understand how the log thing works..... Please Help

I have a log file if i did this correctly and here it is:Logfile of HijackThis v1.99.0
Scan saved at 2:29:07 PM, on 12/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT.0\System32\smss.exe
C:\WINNT.0\system32\winlogon.exe
C:\WINNT.0\system32\services.exe
C:\WINNT.0\system32\lsass.exe
C:\WINNT.0\system32\svchost.exe
C:\WINNT.0\System32\svchost.exe
C:\WINNT.0\system32\spoolsv.exe
C:\WINNT.0\Explorer.EXE
C:\WINNT.0\ntwx32.exe
C:\WINNT.0\system32\_root_AIM.exe
C:\WINNT.0\appnx32.exe
C:\WINNT.0\System32\wuauclt.exe
C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Brandon Giracca\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT.0\oleju.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT.0\oleju.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT.0\oleju.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT.0\oleju.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT.0\oleju.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT.0\oleju.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ragnanmart.tk/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5E94D4D9-F37B-1082-F286-092D7875B9DA} - C:\WINNT.0\system32\ntfd32.dll
O4 - HKLM\..\Run: [FireWall] C:\WINNT.0\system32\_root_svchost.exe
O4 - HKLM\..\Run: [AIMMSG] C:\WINNT.0\system32\_root_AIM.exe
O4 - HKLM\..\Run: [appnx32.exe] C:\WINNT.0\appnx32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT.0\System32\tibs3.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunOnce: [ntwx32.exe] C:\WINNT.0\ntwx32.exe
O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Network Security Service - Unknown - C:\WINNT.0\system32\atlyh.exe (file missing)

Analyze Please :'(

right in order

firstly
welcome brandon2891 to dal the online computer help forum could you please follow the link under my signature called owens help and posta fresh hijack this log in a fresh thread in the spyware and virus section

thanks

secondly

same again for smee 945 welcome to dal could you please do exactly the same thing but please start your own thread as this will keep it simple when sorting out the answers

thanks

thirdly to the other users who hijacked this thread are you still having probs if you are please do exactly the same thing and start your own thread in the spyware forum

if any body needs help doing this please get back to me

hope this helps

hi, how do i go about creating my own thread?