Home Search Assistant help!
I have been hijacked with Home Search Assistant, and have run Adaware SE Personal; ran Spybot; ran Norton Virus Scan. Then downloaded and ran Hijack this and aboutbuster. I tried cleaning up the files, but they seem to keep coming back. I have copied the scan file from HJT for help. Can anyone tell me which files I will need to delete? I would really appreciate it. Thanks
brien
Logfile of HijackThis v1.98.2
Scan saved at 7:03:56 AM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\system32\wwqir\ggpsooo.exe
C:\WINDOWS\system32\nywlt\ealat.exe
C:\WINDOWS\system32\xukqs\ufobhlyn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\flfu\owckth.exe
C:\WINDOWS\system32\xgetvgj\gfhpev.exe
C:\WINDOWS\system32\rhnja\bbsllj.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\HJT\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6C49D4DA-0FDB-4926-9794-AABB9F36B076} - C:\WINDOWS\system32\qahprpco\uhkjkaso.dll (file missing)
O2 - BHO: (no name) - {79416FDC-7E13-CA25-ABC4-8C05C5DF6C39} - C:\WINDOWS\system32\ugbeqwyq\waoatwrv.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [twcimy] C:\WINDOWS\system32\ainyjm.exe
O4 - HKLM\..\Run: [tfnan] C:\WINDOWS\system32\hcqaqm\tfnan.exe
O4 - HKLM\..\Run: [dycmxhy] C:\WINDOWS\system32\fvjavj\dycmxhy.exe
O4 - HKLM\..\Run: [jidn] C:\WINDOWS\system32\vjmkwb\jidn.exe
O4 - HKLM\..\Run: [cwwmumba] C:\WINDOWS\system32\fmdoxndn\cwwmumba.exe
O4 - HKLM\..\Run: [ggpsooo] C:\WINDOWS\system32\wwqir\ggpsooo.exe
O4 - HKLM\..\Run: [owckth] C:\WINDOWS\system32\flfu\owckth.exe
O4 - HKLM\..\Run: [gfhpev] C:\WINDOWS\system32\xgetvgj\gfhpev.exe
O4 - HKLM\..\Run: [bbsllj] C:\WINDOWS\system32\rhnja\bbsllj.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [uqablmis] C:\WINDOWS\system32\kgrdoan\uqablmis.exe
O4 - HKLM\..\Run: [lpvuqa] C:\WINDOWS\system32\fxoirosd\lpvuqa.exe
O4 - HKLM\..\Run: [rrpayvr] C:\WINDOWS\system32\vndvbmp\rrpayvr.exe
O4 - HKLM\..\Run: [gvrkdvpc] C:\WINDOWS\system32\kbynh\gvrkdvpc.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [knphfv] C:\WINDOWS\system32\qnudi\knphfv.exe
O4 - HKLM\..\Run: [ealat] C:\WINDOWS\system32\nywlt\ealat.exe
O4 - HKLM\..\Run: [vwaag] C:\WINDOWS\system32\ytmcmkp\vwaag.exe
O4 - HKLM\..\Run: [gjjff] C:\WINDOWS\system32\hgwbh\gjjff.exe
O4 - HKLM\..\Run: [qtifa] C:\WINDOWS\system32\lgjm\qtifa.exe
O4 - HKLM\..\Run: [tldibdrn] C:\WINDOWS\system32\bwltw\tldibdrn.exe
O4 - HKLM\..\Run: [ufobhlyn] C:\WINDOWS\system32\xukqs\ufobhlyn.exe
O4 - HKLM\..\Run: [fymkiunj] C:\WINDOWS\system32\ursc\fymkiunj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime
brien
Logfile of HijackThis v1.98.2
Scan saved at 7:03:56 AM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\system32\wwqir\ggpsooo.exe
C:\WINDOWS\system32\nywlt\ealat.exe
C:\WINDOWS\system32\xukqs\ufobhlyn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\flfu\owckth.exe
C:\WINDOWS\system32\xgetvgj\gfhpev.exe
C:\WINDOWS\system32\rhnja\bbsllj.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\HJT\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6C49D4DA-0FDB-4926-9794-AABB9F36B076} - C:\WINDOWS\system32\qahprpco\uhkjkaso.dll (file missing)
O2 - BHO: (no name) - {79416FDC-7E13-CA25-ABC4-8C05C5DF6C39} - C:\WINDOWS\system32\ugbeqwyq\waoatwrv.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [twcimy] C:\WINDOWS\system32\ainyjm.exe
O4 - HKLM\..\Run: [tfnan] C:\WINDOWS\system32\hcqaqm\tfnan.exe
O4 - HKLM\..\Run: [dycmxhy] C:\WINDOWS\system32\fvjavj\dycmxhy.exe
O4 - HKLM\..\Run: [jidn] C:\WINDOWS\system32\vjmkwb\jidn.exe
O4 - HKLM\..\Run: [cwwmumba] C:\WINDOWS\system32\fmdoxndn\cwwmumba.exe
O4 - HKLM\..\Run: [ggpsooo] C:\WINDOWS\system32\wwqir\ggpsooo.exe
O4 - HKLM\..\Run: [owckth] C:\WINDOWS\system32\flfu\owckth.exe
O4 - HKLM\..\Run: [gfhpev] C:\WINDOWS\system32\xgetvgj\gfhpev.exe
O4 - HKLM\..\Run: [bbsllj] C:\WINDOWS\system32\rhnja\bbsllj.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [uqablmis] C:\WINDOWS\system32\kgrdoan\uqablmis.exe
O4 - HKLM\..\Run: [lpvuqa] C:\WINDOWS\system32\fxoirosd\lpvuqa.exe
O4 - HKLM\..\Run: [rrpayvr] C:\WINDOWS\system32\vndvbmp\rrpayvr.exe
O4 - HKLM\..\Run: [gvrkdvpc] C:\WINDOWS\system32\kbynh\gvrkdvpc.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [knphfv] C:\WINDOWS\system32\qnudi\knphfv.exe
O4 - HKLM\..\Run: [ealat] C:\WINDOWS\system32\nywlt\ealat.exe
O4 - HKLM\..\Run: [vwaag] C:\WINDOWS\system32\ytmcmkp\vwaag.exe
O4 - HKLM\..\Run: [gjjff] C:\WINDOWS\system32\hgwbh\gjjff.exe
O4 - HKLM\..\Run: [qtifa] C:\WINDOWS\system32\lgjm\qtifa.exe
O4 - HKLM\..\Run: [tldibdrn] C:\WINDOWS\system32\bwltw\tldibdrn.exe
O4 - HKLM\..\Run: [ufobhlyn] C:\WINDOWS\system32\xukqs\ufobhlyn.exe
O4 - HKLM\..\Run: [fymkiunj] C:\WINDOWS\system32\ursc\fymkiunj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime
0
Comments
http://www.short-media.com/forum/forumdisplay.php?f=57
Someone will move this post for you to the right place, so look for it in the above link.
Dexter...