Options
Problem of Home search assistent
Hi ,
I recently found the problem of home search assistent in my PC and got fedup with the popups.I checked in SVT forum and followed the instuctions given in the Home Search Assistent Removal Guide.My PC runs on Windows 98.I have run Spybot,Ad-aware and CWshredder before running Hijackthis.Iam posting the log generated by HJT.It will be of great help if someone could help me rectify the problem.Thank you.
Logfile of HijackThis v1.98.2
Scan saved at 12:57:26 PM, on 10/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\ADDLV32.EXE
C:\WINDOWS\SYSUA.EXE
C:\WINDOWS\IETI.EXE
C:\WINDOWS\SYSTEM\IESK32.EXE
C:\WINDOWS\SYSTEM\SDKBR.EXE
C:\WINDOWS\SYSTEM\IEAY.EXE
C:\WINDOWS\SYSTEM\APPHL32.EXE
C:\WINDOWS\D3JA.EXE
C:\WINDOWS\SYSTEM\SYSKO32.EXE
C:\WINDOWS\SYSTEM\APPWD.EXE
C:\WINDOWS\MFCEG.EXE
C:\WINDOWS\WINZX32.EXE
C:\WINDOWS\ADDRM.EXE
C:\WINDOWS\SYSTEM\SYSJS.EXE
C:\WINDOWS\SYSTEM\ATLDJ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcquest.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PCQuest
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {BFD1B764-7DD8-E992-CE2D-EAEBC173BD67} - C:\WINDOWS\NTOD.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ADDLV32.EXE] C:\WINDOWS\ADDLV32.EXE
O4 - HKLM\..\RunServices: [IETI.EXE] C:\WINDOWS\IETI.EXE
O4 - HKLM\..\RunServices: [SYSUA.EXE] C:\WINDOWS\SYSUA.EXE
O4 - HKLM\..\RunServices: [IEAY.EXE] C:\WINDOWS\SYSTEM\IEAY.EXE
O4 - HKLM\..\RunServices: [IESK32.EXE] C:\WINDOWS\SYSTEM\IESK32.EXE
O4 - HKLM\..\RunServices: [D3JA.EXE] C:\WINDOWS\D3JA.EXE
O4 - HKLM\..\RunServices: [SDKBR.EXE] C:\WINDOWS\SYSTEM\SDKBR.EXE
O4 - HKLM\..\RunServices: [APPHL32.EXE] C:\WINDOWS\SYSTEM\APPHL32.EXE
O4 - HKLM\..\RunServices: [SYSKO32.EXE] C:\WINDOWS\SYSTEM\SYSKO32.EXE
O4 - HKLM\..\RunServices: [APPWD.EXE] C:\WINDOWS\SYSTEM\APPWD.EXE
O4 - HKLM\..\RunServices: [MFCEG.EXE] C:\WINDOWS\MFCEG.EXE
O4 - HKLM\..\RunServices: [WINZX32.EXE] C:\WINDOWS\WINZX32.EXE
O4 - HKLM\..\RunServices: [ADDRM.EXE] C:\WINDOWS\ADDRM.EXE
O4 - HKLM\..\RunServices: [SYSJS.EXE] C:\WINDOWS\SYSTEM\SYSJS.EXE
O4 - HKLM\..\RunServices: [ATLDJ32.EXE] C:\WINDOWS\SYSTEM\ATLDJ32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
I recently found the problem of home search assistent in my PC and got fedup with the popups.I checked in SVT forum and followed the instuctions given in the Home Search Assistent Removal Guide.My PC runs on Windows 98.I have run Spybot,Ad-aware and CWshredder before running Hijackthis.Iam posting the log generated by HJT.It will be of great help if someone could help me rectify the problem.Thank you.
Logfile of HijackThis v1.98.2
Scan saved at 12:57:26 PM, on 10/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\ADDLV32.EXE
C:\WINDOWS\SYSUA.EXE
C:\WINDOWS\IETI.EXE
C:\WINDOWS\SYSTEM\IESK32.EXE
C:\WINDOWS\SYSTEM\SDKBR.EXE
C:\WINDOWS\SYSTEM\IEAY.EXE
C:\WINDOWS\SYSTEM\APPHL32.EXE
C:\WINDOWS\D3JA.EXE
C:\WINDOWS\SYSTEM\SYSKO32.EXE
C:\WINDOWS\SYSTEM\APPWD.EXE
C:\WINDOWS\MFCEG.EXE
C:\WINDOWS\WINZX32.EXE
C:\WINDOWS\ADDRM.EXE
C:\WINDOWS\SYSTEM\SYSJS.EXE
C:\WINDOWS\SYSTEM\ATLDJ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcgjs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcquest.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PCQuest
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {BFD1B764-7DD8-E992-CE2D-EAEBC173BD67} - C:\WINDOWS\NTOD.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ADDLV32.EXE] C:\WINDOWS\ADDLV32.EXE
O4 - HKLM\..\RunServices: [IETI.EXE] C:\WINDOWS\IETI.EXE
O4 - HKLM\..\RunServices: [SYSUA.EXE] C:\WINDOWS\SYSUA.EXE
O4 - HKLM\..\RunServices: [IEAY.EXE] C:\WINDOWS\SYSTEM\IEAY.EXE
O4 - HKLM\..\RunServices: [IESK32.EXE] C:\WINDOWS\SYSTEM\IESK32.EXE
O4 - HKLM\..\RunServices: [D3JA.EXE] C:\WINDOWS\D3JA.EXE
O4 - HKLM\..\RunServices: [SDKBR.EXE] C:\WINDOWS\SYSTEM\SDKBR.EXE
O4 - HKLM\..\RunServices: [APPHL32.EXE] C:\WINDOWS\SYSTEM\APPHL32.EXE
O4 - HKLM\..\RunServices: [SYSKO32.EXE] C:\WINDOWS\SYSTEM\SYSKO32.EXE
O4 - HKLM\..\RunServices: [APPWD.EXE] C:\WINDOWS\SYSTEM\APPWD.EXE
O4 - HKLM\..\RunServices: [MFCEG.EXE] C:\WINDOWS\MFCEG.EXE
O4 - HKLM\..\RunServices: [WINZX32.EXE] C:\WINDOWS\WINZX32.EXE
O4 - HKLM\..\RunServices: [ADDRM.EXE] C:\WINDOWS\ADDRM.EXE
O4 - HKLM\..\RunServices: [SYSJS.EXE] C:\WINDOWS\SYSTEM\SYSJS.EXE
O4 - HKLM\..\RunServices: [ATLDJ32.EXE] C:\WINDOWS\SYSTEM\ATLDJ32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
0