Help on removing Home Search Assistance
-
Help on removing Home Search Assistant (HijackThis Log Included)
Hi,
My computer has been hijacked by the Home Search Assistant, looking-for.cc, etc. virus. I have tried many processes to remove this. I've read other posts and saw that their problems have been fixed. Can you please help me with this situation?
Here is my HijackThis Log:
Logfile of HijackThis v1.98.2
Scan saved at 9:34:42 PM, on 8/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\mmagpyb.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\d3gv32.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\REGOPT.LOG:zprsc
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott Heller\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0627629-77B4-0CD0-BF9C-EB4DAA30FECD} - C:\WINDOWS\system32\d3sh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0 .dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dsdasnnzbqyeg] C:\WINDOWS\System32\mmagpyb.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mskl.exe] C:\WINDOWS\system32\mskl.exe
O4 - HKLM\..\Run: [d3qz32.exe] C:\WINDOWS\system32\d3qz32.exe
O4 - HKLM\..\Run: [d3gv32.exe] C:\WINDOWS\system32\d3gv32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistI...2501031120.EXE
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup143.cab
Last edited by Njnetfan17; 26-08-2004 at 02:54 AM.
-
Hiya,
Could you follow these instructions please:
1. Download AboutBuster http://www.downloads.subratam.org/AboutBuster.zip
Unzip it to your desktop but don't run it yet.
2. Download Ad-aware from here. Open the Ad-aware program and near the bottom click the Check For Updates link. This will open the update manager. Follow the prompts to update your Ad-aware Reference File. Close Ad-aware for now, we will use it later.
3. You may want to print out these instructions for further reference when completing the following steps.
4. Make sure your PC is configured to show hidden files
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
5. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
6. Then reboot your PC into Safe Mode. If you don't know how to do this, see here for further instructions.
7. Restart Hijack This and put a checkmark next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tdedx.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {B0627629-77B4-0CD0-BF9C-EB4DAA30FECD} - C:\WINDOWS\system32\d3sh.dll
O4 - HKLM\..\Run: [dsdasnnzbqyeg] C:\WINDOWS\System32\mmagpyb.exe
O4 - HKLM\..\Run: [mskl.exe] C:\WINDOWS\system32\mskl.exe
O4 - HKLM\..\Run: [d3qz32.exe] C:\WINDOWS\system32\d3qz32.exe
O4 - HKLM\..\Run: [d3gv32.exe] C:\WINDOWS\system32\d3gv32.exe
Then delete the following files and folders:
C:\WINDOWS\System32\mmagpyb.exe
C:\WINDOWS\system32\mskl.exe
C:\WINDOWS\system32\d3qz32.exe
C:\WINDOWS\system32\d3gv32.exe
8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
9. Scan with Adaware and let it remove any bad files found.
10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure that Temporary Files, Temporary Internet Files and Recycle Bin
11. Reboot to normal mode
12. Finally, pay a visit to Housecall. Scan for and remove any infected files found on your system.
Post a fresh HijackThis log and the AboutBuster report back here please.
-
Hey,
Some files that you said to delete were'nt in my system. Well, heres my new About Buster and HijackThis logs:
Scanned at: 6:52:19 PM on: 8/26/2004
-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15
No ADS found on system
Removed 2 Random Key Entries
Deleted 1 Service Keys Successfully!
Removed! : C:\WINDOWS\abpox.dll
Removed! : C:\WINDOWS\addfm32.exe
Removed! : C:\WINDOWS\addqw.exe
Removed! : C:\WINDOWS\bnbgw.dll
Removed! : C:\WINDOWS\cjakb.dll
Removed! : C:\WINDOWS\crymp.dll
Removed! : C:\WINDOWS\cyyeg.dat
Removed! : C:\WINDOWS\d3eu32.exe
Removed! : C:\WINDOWS\dukds.dll
Removed! : C:\WINDOWS\dyotl.dll
Removed! : C:\WINDOWS\efapp.dll
Removed! : C:\WINDOWS\eogwi.dll
Removed! : C:\WINDOWS\exwfq.dll
Removed! : C:\WINDOWS\gjrph.dll
Removed! : C:\WINDOWS\gjyxz.dll
Removed! : C:\WINDOWS\gmeou.dll
Removed! : C:\WINDOWS\grklr.dll
Removed! : C:\WINDOWS\gupui.dll
Removed! : C:\WINDOWS\hfpzn.dll
Removed! : C:\WINDOWS\hgxkq.dat
Removed! : C:\WINDOWS\hwual.dll
Removed! : C:\WINDOWS\ivlef.dll
Removed! : C:\WINDOWS\iyfdw.dll
Removed! : C:\WINDOWS\jmuic.dll
Removed! : C:\WINDOWS\jpdcj.dat
Removed! : C:\WINDOWS\kcohp.dll
Removed! : C:\WINDOWS\kdrsm.dll
Removed! : C:\WINDOWS\kmjfd.dll
Removed! : C:\WINDOWS\mfcek.exe
Removed! : C:\WINDOWS\mftcq.dll
Removed! : C:\WINDOWS\mhcjl.dll
Removed! : C:\WINDOWS\netvu32.exe
Removed! : C:\WINDOWS\nruca.dll
Removed! : C:\WINDOWS\obxng.dll
Removed! : C:\WINDOWS\onzqc.dll
Removed! : C:\WINDOWS\pmwre.dll
Removed! : C:\WINDOWS\pshnb.dll
Removed! : C:\WINDOWS\pssis.dll
Removed! : C:\WINDOWS\pxbao.dll
Removed! : C:\WINDOWS\qjcxq.dll
Removed! : C:\WINDOWS\rhedh.dll
Removed! : C:\WINDOWS\rzyvg.dll
Removed! : C:\WINDOWS\sdkvf.exe.bak
Removed! : C:\WINDOWS\syswl32.exe
Removed! : C:\WINDOWS\sysyb32.exe
Removed! : C:\WINDOWS\umubp.dll
Removed! : C:\WINDOWS\uqtra.dll
Removed! : C:\WINDOWS\uskza.dat
Removed! : C:\WINDOWS\vhgqf.dll
Removed! : C:\WINDOWS\vhhii.dll
Removed! : C:\WINDOWS\vhikn.dll
Removed! : C:\WINDOWS\vxcow.dll
Removed! : C:\WINDOWS\wcjlt.dll
Removed! : C:\WINDOWS\wupdt.exe
Removed! : C:\WINDOWS\xastb.dll
Removed! : C:\WINDOWS\xsnjb.dll
Removed! : C:\WINDOWS\ybmoh.dll
Removed! : C:\WINDOWS\yhdze.dll
Removed! : C:\WINDOWS\zphyu.dll
Removed! : C:\WINDOWS\zxfni.dll
Removed! : C:\WINDOWS\zxltm.dll
Removed! : C:\WINDOWS\System32\aeutp.dll
Removed! : C:\WINDOWS\System32\apits32.exe
Removed! : C:\WINDOWS\System32\appuh.exe
Removed! : C:\WINDOWS\System32\aqemf.dll
Removed! : C:\WINDOWS\System32\arsqh.dll
Removed! : C:\WINDOWS\System32\atlan32.exe
Removed! : C:\WINDOWS\System32\bfhff.dll
Removed! : C:\WINDOWS\System32\bqgdi.dll
Removed! : C:\WINDOWS\System32\bspol.dll
Removed! : C:\WINDOWS\System32\bucno.dll
Removed! : C:\WINDOWS\System32\cbhuj.dat
Removed! : C:\WINDOWS\System32\cgoxz.dll
Removed! : C:\WINDOWS\System32\crqk32.exe
Removed! : C:\WINDOWS\System32\crst32.exe
Removed! : C:\WINDOWS\System32\crxlg.dll
Removed! : C:\WINDOWS\System32\cxtzm.dll
Removed! : C:\WINDOWS\System32\cylra.dll
Removed! : C:\WINDOWS\System32\d3za32.exe
Removed! : C:\WINDOWS\System32\dunwm.dat
Removed! : C:\WINDOWS\System32\ehyxa.dll
Removed! : C:\WINDOWS\System32\fvhel.dll
Removed! : C:\WINDOWS\System32\gabal.dll
Removed! : C:\WINDOWS\System32\gjawz.dll
Removed! : C:\WINDOWS\System32\gkpjx.dll
Removed! : C:\WINDOWS\System32\hmqsd.dll
Removed! : C:\WINDOWS\System32\hqjmy.dll
Removed! : C:\WINDOWS\System32\huuam.dll
Removed! : C:\WINDOWS\System32\ibozq.dll
Removed! : C:\WINDOWS\System32\ieik32.exe
Removed! : C:\WINDOWS\System32\iviws.dll
Removed! : C:\WINDOWS\System32\jakfm.dat
Removed! : C:\WINDOWS\System32\javaed.exe
Removed! : C:\WINDOWS\System32\jhvxv.dll
Removed! : C:\WINDOWS\System32\jskrh.dll
Removed! : C:\WINDOWS\System32\jypyp.dat
Removed! : C:\WINDOWS\System32\kuxwv.dll
Removed! : C:\WINDOWS\System32\kxgzl.dat
Removed! : C:\WINDOWS\System32\lmeak.dll
Removed! : C:\WINDOWS\System32\loywb.dll
Removed! : C:\WINDOWS\System32\lqhzw.dll
Removed! : C:\WINDOWS\System32\megqs.dll
Removed! : C:\WINDOWS\System32\meppl.dll
Removed! : C:\WINDOWS\System32\mhuyc.dll
Removed! : C:\WINDOWS\System32\ntded.dat
Removed! : C:\WINDOWS\System32\oeklu.dll
Removed! : C:\WINDOWS\System32\okojc.dll
Removed! : C:\WINDOWS\System32\ozqby.dll
Removed! : C:\WINDOWS\System32\qkjxm.dll
Removed! : C:\WINDOWS\System32\rwvku.dll
Removed! : C:\WINDOWS\System32\rzras.dat
Removed! : C:\WINDOWS\System32\srjcs.dll
Removed! : C:\WINDOWS\System32\svafa.dll
Removed! : C:\WINDOWS\System32\twqhj.dll
Removed! : C:\WINDOWS\System32\udxeh.dll
Removed! : C:\WINDOWS\System32\upfmj.dll
Removed! : C:\WINDOWS\System32\urbkx.dll
Removed! : C:\WINDOWS\System32\winag.exe
Removed! : C:\WINDOWS\System32\xljps.dll
Removed! : C:\WINDOWS\System32\xnfnf.dll
Removed! : C:\WINDOWS\System32\znynj.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15
No ADS found on system
Removed 2 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!
Logfile of HijackThis v1.98.2
Scan saved at 7:16:20 PM, on 8/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\REGOPT.LOG:zprsc
C:\WINDOWS\msgt32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Scott Heller\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ugdlr.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {661A0FC8-69C3-8038-391D-4ECDFC6481A7} - C:\WINDOWS\mfcmw32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0 .dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [msgt32.exe] C:\WINDOWS\msgt32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistI...2501031120.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup143.cab
-
Everything is still the same. Nothing changed. Also, HouseCall is not working and there is no "Network Security Service" in the services window.
-
Sorry...my bad. I redid those steps and my computer is working a lot better. Here's my new HJT log.
Logfile of HijackThis v1.98.2
Scan saved at 5:34:19 PM, on 8/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott Heller\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0 .dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s C:\DOCUME~1\SCOTTH~1\LOCALS~1\Temp\cetec.reg
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistI...2501031120.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup143.cab
-
Hiya,
I have to apologise as well for the long response time.
Could you close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s C:\DOCUME~1\SCOTTH~1\LOCALS~1\Temp\cetec.reg
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/Dist...r2501031120.EXE
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/downloa...abasetup143.cab
The following are optional fixes:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
Wildtangent is foistware, which means it is installed with totally unrelated programs. It has a bit of a bad reputation for privacy issues so if you don't need it, I recommend you fix this entry and uninstall in via Add/Remove programs in the Control Panel
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
These two are system tray access for ITunes and QuickTime. They are not needed and generally cause slow downs
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
WeatherBug has a bit of a dodgy reputation for privacy issues and some people fix it, others don't. If you fix these entries, you also need to uninstall WeatherBug via Add/Remove Programs in the Control Panel.
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Go to Start> Control Panel. Double click Add/Remove programs and uninstall the following:
Viewpoint (and any entries related to Viewpoint)
Delete the following files and folders:
C:\Program Files\Viewpoint
Go to C:\DOCUME~1\SCOTTH~1\LOCALS~1\Temp\ and once in the folder click the Edit menu and click Select All. Hit the delete key to empty the contents of the folder, but the leave the folder itself intact.
Reboot and post a fresh log.
Newbie
