Home Search Assistant- AllanB
Hi I am having problems with getting rid of Home Search Assistant, I am a new user and would very much welcome any advice any of you guys could give.
Here is my HJT Log ( I have already Run AdWare6 & Spy Bot)
Logfile of HijackThis v1.98.0
Scan saved at 17:08:06, on 02/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\Symantec\ANTIVI~1\DefWatch.exe
c:\PROGRA~1\Symantec\ANTIVI~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\VPNClient\vpnservices.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Symantec\VPNClient\logd.exe
C:\Program Files\Symantec\VPNClient\emroute.exe
C:\WINDOWS\system32\mfcpq32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\PROGRA~1\Symantec\ANTIVI~1\vptray.exe
C:\WINDOWS\system32\addxp32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dohac.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dohac.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dohac.dll/index.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FEE8EDD9-2CC5-7C3A-52D9-E3D36BC93FF7} - C:\WINDOWS\winls.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\Symantec\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [addxp32.exe] C:\WINDOWS\system32\addxp32.exe
O4 - HKLM\..\RunOnce: [iely.exe] C:\WINDOWS\iely.exe
O4 - HKLM\..\RunOnce: [mfcpq32.exe] C:\WINDOWS\system32\mfcpq32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\atldh.exe
O4 - HKLM\..\RunOnce: [Q828026] "C:\WINDOWS\INF\unregmp2.exe" /UpdateWMP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D14BA4-EA70-4467-82B2-9B0E040C6D7A}: NameServer = 158.152.1.43 158.152.1.58
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.40.195.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.40.195.189
Many Thanks
Allan :ukflag:
Here is my HJT Log ( I have already Run AdWare6 & Spy Bot)
Logfile of HijackThis v1.98.0
Scan saved at 17:08:06, on 02/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\Symantec\ANTIVI~1\DefWatch.exe
c:\PROGRA~1\Symantec\ANTIVI~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\VPNClient\vpnservices.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Symantec\VPNClient\logd.exe
C:\Program Files\Symantec\VPNClient\emroute.exe
C:\WINDOWS\system32\mfcpq32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\PROGRA~1\Symantec\ANTIVI~1\vptray.exe
C:\WINDOWS\system32\addxp32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dohac.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dohac.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dohac.dll/index.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FEE8EDD9-2CC5-7C3A-52D9-E3D36BC93FF7} - C:\WINDOWS\winls.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\Symantec\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [addxp32.exe] C:\WINDOWS\system32\addxp32.exe
O4 - HKLM\..\RunOnce: [iely.exe] C:\WINDOWS\iely.exe
O4 - HKLM\..\RunOnce: [mfcpq32.exe] C:\WINDOWS\system32\mfcpq32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\atldh.exe
O4 - HKLM\..\RunOnce: [Q828026] "C:\WINDOWS\INF\unregmp2.exe" /UpdateWMP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D14BA4-EA70-4467-82B2-9B0E040C6D7A}: NameServer = 158.152.1.43 158.152.1.58
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.40.195.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.40.195.189
Many Thanks
Allan :ukflag:
0
This discussion has been closed.
Comments
Get rid of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dohac.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dohac.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dohac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dohac.dll/index.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {FEE8EDD9-2CC5-7C3A-52D9-E3D36BC93FF7} - C:\WINDOWS\winls.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [addxp32.exe] C:\WINDOWS\system32\addxp32.exe
O4 - HKLM\..\RunOnce: [iely.exe] C:\WINDOWS\iely.exe
O4 - HKLM\..\RunOnce: [mfcpq32.exe] C:\WINDOWS\system32\mfcpq32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\atldh.exe
O4 - HKLM\..\RunOnce: [Q828026] "C:\WINDOWS\INF\unregmp2.exe" /UpdateWMP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.ex
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/...ller/dwnldr.cab
After you reboot, re-run Spybot & AdAware and then post a new log.
I followed your recommendations, rebooted & ran Spybot & Adware.
There is still something going on because Spybot is popping up all the time with X value has changed - Allow or Deny (I'm Denying all of them), any how here is my latest HJT file:-
Logfile of HijackThis v1.98.0
Scan saved at 12:07:18, on 06/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\Symantec\ANTIVI~1\DefWatch.exe
c:\PROGRA~1\Symantec\ANTIVI~1\Rtvscan.exe
C:\WINDOWS\system32\d3ng32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\VPNClient\vpnservices.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Symantec\VPNClient\logd.exe
C:\Program Files\Symantec\VPNClient\emroute.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Symantec\ANTIVI~1\vptray.exe
C:\WINDOWS\system32\addxp32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Symantec\VPNClient\nsetup.exe
C:\Program Files\Symantec\VPNClient\isakmpd.exe
C:\Program Files\Symantec\VPNClient\vpnd.exe
C:\WINDOWS\System32\cmd.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\llayi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\llayi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\llayi.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\Symantec\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [addxp32.exe] C:\WINDOWS\system32\addxp32.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [iezc.exe] C:\WINDOWS\iezc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D14BA4-EA70-4467-82B2-9B0E040C6D7A}: NameServer = 194.40.195.189
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.40.195.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.40.195.189
Many thanks once again for your help here, as with out you I think it would be time to reformat & start again.
Cheers
Allan
In your system services section (Right Click "My computer", hit manage, open services and applications, and then open services), there is a service in there that caused many problems for me. "Network Security Service" is a service that appears to have been created with my version of the spyware, and it controls the regeneration of the files that eat your computer alive. (I say appear because on all of my other computers with XP Pro, i have not seen this service ever before, although it might be there for others legitimatly). By running your computer in safe mode and setting the startup value of this service to "disabled," it hinders this application from running. I did this, and after removing all of the stuff you find with Hijackthis!, you shouldn't encounter problems at all. As I said though, I am not sure if this is on everyone's computer. Hope this helps!
Dexter...
I tried your tip Marlin, but it didn't work for me, thanks anyway.
This pesky sucker is really doining my head in so as I don't do much with my machine I think it's time to wipe and start again.
Thanks to you all for your efforts and good luck in your continued quest to beat the HSA.
Thanks again
Allan
Part of that guide recommends updating your virus defs and running a full scan in safe mode. I suspect your mouse problem may resolve itself after cleaning HSA, but run a virus scan to make sure.
Post a fresh HJT log for review when you are done.
Dexter...
Before I reinstalled XP I followed the removal guide doing the hard reboot and HJT removals in safe mode etc.
However after trying it 2 or 3 times I eventually gave up and that thing just kept comming back! As I said before I only really run a few programs on this machine and my personal data is on a separate partion so reinstalling XP took considerably less time than I've spent so far trying to get rid of HSA.
Again thanks for all of your help, the service you guys offer is a credit to society and I'm having a look at team93 so that I can try and put a bit back...
Cheers
Allan
If your not finding any luck with removing the HSA by doing the stuff, the only way that you are going to be able to wipe it off will be to re-format your drive. Redoing the windows installation is only going to overwrite the files that aren't corrupt; in order to get rid of everything you will need to have a clean drive. I know this is bad, but as long as you back up all of your data and reformat, you should have a clean computer, not to mention one that will run a little faster as well.
Marlin29311
I'm sorry you gave up, we could have helped you through it.
Dexter...