Is the the monster slain?
I think that after using your Home Search Assistant removal guide twice that the battle is over, however the battlefield appears to be strewn with debris and I could do with some more help.
I am using XP home edition with service pack 2, (which coincidently was loaded just before battle commenced) and I now have the following poblems still hanging on:
1. When booting up the following message appears just prior to the Desktop screen - Explorer. EXE Bad Image "The application or DLL C:\WINDOWS\WINMM.DLL is not a valid windows image. Please check this against your installation diskette.
I haven't had much luck with the checking against installation diskette as I am told I have an updated version of XP compared to the diskette.
2. Home Search Assistant is still listed under the Add/Remove Programs list although is apparently benign.
3. Spybot tells me I have 5 DSO exploits all the time, yet I have been informed that these can be ignored now.
4. I have run the Trend Home Visit several times since battle and it reports that it has found as many as 30 odd virus and trojan infections.
Any help would be gratefully received.
Logfile of HijackThis v1.98.2
Scan saved at 20:03:39, on 05/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Documents and Settings\All Users\Documents\HJT\HijackThis.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Ulster Bank AnyTime - https://anytime3.ulsterbank.com/asp/AnyTime.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
I am using XP home edition with service pack 2, (which coincidently was loaded just before battle commenced) and I now have the following poblems still hanging on:
1. When booting up the following message appears just prior to the Desktop screen - Explorer. EXE Bad Image "The application or DLL C:\WINDOWS\WINMM.DLL is not a valid windows image. Please check this against your installation diskette.
I haven't had much luck with the checking against installation diskette as I am told I have an updated version of XP compared to the diskette.
2. Home Search Assistant is still listed under the Add/Remove Programs list although is apparently benign.
3. Spybot tells me I have 5 DSO exploits all the time, yet I have been informed that these can be ignored now.
4. I have run the Trend Home Visit several times since battle and it reports that it has found as many as 30 odd virus and trojan infections.
Any help would be gratefully received.
Logfile of HijackThis v1.98.2
Scan saved at 20:03:39, on 05/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Documents and Settings\All Users\Documents\HJT\HijackThis.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Ulster Bank AnyTime - https://anytime3.ulsterbank.com/asp/AnyTime.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
0
This discussion has been closed.
Comments
At any rate, your log is clean. That's a good thing.
In order to fix the WinMM.dll problem, I would suggest re-installing service pack 2, to see if that fixes it. Or you can try going into C:\WINDOWS\ServicePackFiles and finding WinMM.dll in there, and copying it into C:\WINDOWS\
HSA being in Add/Remove is nothing, totally benign as you said. If you want to get rid of it you can try using something like easy cleaner (I think if you search this site, you'll find a lot of references to it. I've never used it, so I don't know where to get it).
When Trend finds the trojans, does it do anything about them? Try using another antivirus - download the AVG 7 30-day trial to see if that can clean everything. Chances are, they are false positives. Identifying trojan files, but they are not active.
Make sure you keep your norton defs up to date.
Tried reinstalling service pack 2 but the Bad Image warning was still there, so decided just to locate and delete the DLL file knowing I could restore if it caused a problem. So far it seems do have done the trick.
Also, I ran Trend Housecall again and lo and behold no trojans.
What a relief, I have a clean machine and you bet I'll update my anti-V.
Thanks for your help