HJT log to remove HSA [inactive/solved]

Unknown
edited October 2004 in Spyware & Virus Removal
This is my first thread to this forum so I hope I've given enough info. I'm trying to get rid of HSA, Shopping Wizard etc from a friends PC. I've printed out the instructions from your site and now I've got to the HJT log in safe mode and I'm unsure of what to fix. I've run Adaware, Spybot, CWShredder and Giant Antispyware.
This is the HJT log in safe mode which appears the same as the log in normal start up apart from the processes. Hope someone can help.


Logfile of HijackThis v1.97.7
Scan saved at 12:45:12, on 24/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\New Folder\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vlvtb.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vlvtb.dll/sp.html#22776
O2 - BHO: (no name) - {FF3BB3EB-9FF6-0CC2-8A43-6DD043FE9317} - C:\WINDOWS\mslo32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [javarz.exe] C:\WINDOWS\system32\javarz.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Cmx32] c:\windows\system32\cmx32.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\AOL 8.0b\aoltray.exe
O9 - Extra button: Real.com (HKLM)

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited October 2004
    Please upgrade to HijackThis version 1.98.2 and post a new log.
  • zozo4
    edited October 2004
    SpywareShooter wrote:
    Please upgrade to HijackThis version 1.98.2 and post a new log.
    Thanks for the reply. I did upgrade to 1.98.2 this afternoon and found the files I needed to delete. It's all done and now the PC seems clean. Thanks anyway.
  • SpywareShooterSpywareShooter 127.0.0.1
    edited October 2004
    Can you please post a new log just in case? if the infection is not completely cleared, it can come back after reboot, or opening IE
  • zozo4
    edited October 2004
    This is the new log file requested (scanned it this morning as I didn't save the log file yesyerday). Are the missing files going to make any difference? I've rebooted a couple of times now and all seems normal. Thanks for your help.

    Logfile of HijackThis v1.98.2
    Scan saved at 09:51:29, on 25/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\Documents and Settings\Jerry\Desktop\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
  • SpywareShooterSpywareShooter 127.0.0.1
    edited October 2004
    R3 - Default URLSearchHook is missing
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

    Fix those and you should be all set :)
  • zozo4
    edited October 2004
    SpywareShooter wrote:
    R3 - Default URLSearchHook is missing
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

    Fix those and you should be all set :)


    Thanks for that. Can you tell me how to fix these please? :confused:
  • SpywareShooterSpywareShooter 127.0.0.1
    edited October 2004
    Click the check boxes next to those entries then click "Fix Checked" on HijackThis.
This discussion has been closed.