I need help removing home search assistant,search extender,shopping wizard plz!!!

Unknown

HI
I need help removing these from my computer as well as any other harmful or useless things. I update and run spybot s&d and Ad-aware every day. I just did and now this is my log from hjt. I really appreciate the help. Thank you so much!

Logfile of HijackThis v1.98.2
Scan saved at 10:48:45 AM, on 10/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ipee.dll:sdwlg
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\pwiipt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\javair32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Keilyn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4A7656B1-818D-64B0-57D8-796789B55F4B} - C:\WINDOWS\system32\javawc32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [javair32.exe] C:\WINDOWS\javair32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

primesuspect

Have you read our Home Search Assistant removal guide?

Keilyn Bladestryfe

I just need someone to tell me which entries to remove. That's all. I read it but it doesn't mean anything to me. I'm not a computer wiz.

primesuspect

Okay, that's great, but you'll need to become a little bit more of a computer wiz in order to get rid of this, because you cannot kill HSA just by removing HJT entries alone. Please carefully read post 4 of the HSA guide ("Alternative Removal Method"). This is a list of things you'll need to follow those steps:

Processes to end:

C:\WINDOWS\ipee.dll:sdwlg
C:\WINDOWS\System32\pwiipt.exe
C:\WINDOWS\javair32.exe

Files to delete:


C:\WINDOWS\ipee.dll
C:\WINDOWS\System32\pwiipt.exe
C:\WINDOWS\javair32.exe
C:\WINDOWS\system32\naeoz.dll
C:\WINDOWS\system32\javawc32.dll


HSA entries to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naeoz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4A7656B1-818D-64B0-57D8-796789B55F4B} - C:\WINDOWS\system32\javawc32.dll

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [javair32.exe] C:\WINDOWS\javair32.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

After you do that, according to the guide, please post a new log.

You have a responsibility as a citizen of the internet to become slightly more educated about the computer you use. It is doing harm to the internet right now because of the spyware that you installed on there, so even though you're not expected to become a computer whiz, you should use this as a learning experience. Also, you should read the article in my signature (How did you get infected....). I see you are already using Firefox, that's good... It's a step in the right direction

Keilyn Bladestryfe

Well not everyone can be full of all this technical knowledge. I didn't come here to be attacked. I didn't download the spyware one. This is a home computer. No less than five ppl use it. I just wanted to fix the problem. I solved it anyways. I couldn't get aim to work. Aim support suggested removing those programs totally. I already removed all the parts I could. Removal of these things isn't user friendly. I know how to defrag and disk check my computer and I have a firewall. I run several anti trojan/virus softwares everyday. I know as much about my computer as I need to know to do what I have to do. I'm not the problem. The ppl who sit around making these spyware are. The internet is a connection across the whole world. There's nothing u can do about getting them u just have to remove them somehow.

primesuspect

I'm not attacking you, believe me. I only want to help. It just irks me a little bit when people get spyware on their systems and then come for help with "I don't know what I'm doing just help me fix it"... That's not helpful to the larger internet community. But if you come into this with an open mind and think "I want to have help fixing this, but I'm going to learn how to do it so that it won't happen again" then that changes everything at the grassroots. We're trying to fight spyware. Every time a person gets their computer cleaned up, we've won a battle against people who make money by taking advantage of those less knowledgeable than them.

There IS something you can do about getting infected. If you become a safe and conscientious web citizen, you will not get spyware. If you do not know how to avoid it, you will get it again, and it will put money into the pockets of the people who make it, thus encouraging them to continue. As long as there are people out there who install it (and somebody sitting at that computer did install it, whether they knew it or not), they continue to make money, and it will continue to be written. So if everyone took the time to become just a little more aware of how to surf safely, the problem would eventually solve itself.

Yes, removal is terrbily difficult because it behooves spyware authors financially to keep it on your system at all costs..

You should read the article in my signature

At any rate, is your system clean now? We can help you remove the spyware.