Options
xsecretacex - Home Search Assisstant, i would apreciate some ones help.
Hi, im jason and i began to follow a step-by-step instruction list to remove the Home Search Assistant, and hopefully other names affiliated with it. I have ran Ad Aware, spybot, and norton internet security and it only removes parts of it becase i did a scan with hijackthis, and the one scan log compared to the other showed the same info when i ran it in safe mode, except specific files changed there names. Im not positive on wich files i should fix, but i would apreciate if one of you experts could help me out so i dont screw our last working computer. I re-ran the ad aware program and the spybot and did another hijackthis skan, heres what it read:
Logfile of HijackThis v1.99.1
Scan saved at 8:13:00 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\javagx32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FC7FFD6E-0897-B7D0-A319-768F3DA452CD} - C:\WINDOWS\system32\iptr32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sbmonu] C:\WINDOWS\System32\sbmonu.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [javauu.exe] C:\WINDOWS\javauu.exe
O4 - HKLM\..\Run: [mfclp32.exe] C:\WINDOWS\mfclp32.exe
O4 - HKLM\..\Run: [atlrf.exe] C:\WINDOWS\system32\atlrf.exe
O4 - HKLM\..\Run: [msta.exe] C:\WINDOWS\system32\msta.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [javagx32.exe] C:\WINDOWS\system32\javagx32.exe
O4 - HKLM\..\RunOnce: [sdkpv32.exe] C:\WINDOWS\sdkpv32.exe
O4 - HKLM\..\RunOnce: [sysws32.exe] C:\WINDOWS\sysws32.exe
O4 - HKLM\..\RunOnce: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\RunOnce: [iepm.exe] C:\WINDOWS\system32\iepm.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\iezp32.exe
O4 - HKLM\..\RunOnce: [javabh.exe] C:\WINDOWS\system32\javabh.exe
O4 - HKLM\..\RunOnce: [netua32.exe] C:\WINDOWS\netua32.exe
O4 - HKLM\..\RunOnce: [mfcrv32.exe] C:\WINDOWS\mfcrv32.exe
O4 - HKLM\..\RunOnce: [ntji.exe] C:\WINDOWS\system32\ntji.exe
O4 - HKLM\..\RunOnce: [winbo.exe] C:\WINDOWS\winbo.exe
O4 - HKLM\..\RunOnce: [appvp32.exe] C:\WINDOWS\system32\appvp32.exe
O4 - HKLM\..\RunOnce: [adddr32.exe] C:\WINDOWS\system32\adddr32.exe
O4 - HKLM\..\RunOnce: [winqd32.exe] C:\WINDOWS\system32\winqd32.exe
O4 - HKLM\..\RunOnce: [iesl.exe] C:\WINDOWS\iesl.exe
O4 - HKLM\..\RunOnce: [mstt32.exe] C:\WINDOWS\mstt32.exe
O4 - HKLM\..\RunOnce: [sysxk.exe] C:\WINDOWS\sysxk.exe
O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\javadc.exe
O4 - HKLM\..\RunOnce: [apimt32.exe] C:\WINDOWS\apimt32.exe
O4 - HKLM\..\RunOnce: [javaxy.exe] C:\WINDOWS\javaxy.exe
O4 - HKLM\..\RunOnce: [ipwz32.exe] C:\WINDOWS\system32\ipwz32.exe
O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\system32\nter32.exe
O4 - HKLM\..\RunOnce: [sysin.exe] C:\WINDOWS\sysin.exe
O4 - HKLM\..\RunOnce: [javanp32.exe] C:\WINDOWS\javanp32.exe
O4 - HKLM\..\RunOnce: [atlwb.exe] C:\WINDOWS\system32\atlwb.exe
O4 - HKLM\..\RunOnce: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\RunOnce: [crej32.exe] C:\WINDOWS\crej32.exe
O4 - HKLM\..\RunOnce: [addof32.exe] C:\WINDOWS\system32\addof32.exe
O4 - HKLM\..\RunOnce: [sysnw.exe] C:\WINDOWS\system32\sysnw.exe
O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\system32\javaay32.exe
O4 - HKLM\..\RunOnce: [iezm.exe] C:\WINDOWS\system32\iezm.exe
O4 - HKLM\..\RunOnce: [javayx32.exe] C:\WINDOWS\javayx32.exe
O4 - HKLM\..\RunOnce: [mfcau32.exe] C:\WINDOWS\mfcau32.exe
O4 - HKLM\..\RunOnce: [atlxc.exe] C:\WINDOWS\atlxc.exe
O4 - HKLM\..\RunOnce: [iphk.exe] C:\WINDOWS\system32\iphk.exe
O4 - HKLM\..\RunOnce: [ipzz32.exe] C:\WINDOWS\ipzz32.exe
O4 - HKLM\..\RunOnce: [javanm.exe] C:\WINDOWS\javanm.exe
O4 - HKLM\..\RunOnce: [windm.exe] C:\WINDOWS\windm.exe
O4 - HKLM\..\RunOnce: [javarw.exe] C:\WINDOWS\system32\javarw.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [craa32.exe] C:\WINDOWS\system32\craa32.exe
O4 - HKLM\..\RunOnce: [javarm32.exe] C:\WINDOWS\system32\javarm32.exe
O4 - HKLM\..\RunOnce: [crsa.exe] C:\WINDOWS\system32\crsa.exe
O4 - HKLM\..\RunOnce: [iecn32.exe] C:\WINDOWS\system32\iecn32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Mavis Beacon Teaches Typing 11.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/139c6182ceded6ecf119/netzip/RdxIE2.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/orbital/install.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.bravetree.com/downloader/BTDownloadCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nyc.candiesinc.com
O17 - HKLM\Software\..\Telephony: DomainName = nyc.candiesinc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nyc.candiesinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nyc.candiesinc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NetOp Helper ver. 7.01 (2002043) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\DOCUMENTS AND SETTINGS\JBRIDGES\DESKTOP\SFUninstaller-3.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thank you for reading this and i hope this will fix my home search assistant, shopping wizard, and searchfinder problem that cause my AIM to crash and overall internet speed to be slow. thank you.
Logfile of HijackThis v1.99.1
Scan saved at 8:13:00 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\javagx32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FC7FFD6E-0897-B7D0-A319-768F3DA452CD} - C:\WINDOWS\system32\iptr32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sbmonu] C:\WINDOWS\System32\sbmonu.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [javauu.exe] C:\WINDOWS\javauu.exe
O4 - HKLM\..\Run: [mfclp32.exe] C:\WINDOWS\mfclp32.exe
O4 - HKLM\..\Run: [atlrf.exe] C:\WINDOWS\system32\atlrf.exe
O4 - HKLM\..\Run: [msta.exe] C:\WINDOWS\system32\msta.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [javagx32.exe] C:\WINDOWS\system32\javagx32.exe
O4 - HKLM\..\RunOnce: [sdkpv32.exe] C:\WINDOWS\sdkpv32.exe
O4 - HKLM\..\RunOnce: [sysws32.exe] C:\WINDOWS\sysws32.exe
O4 - HKLM\..\RunOnce: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\RunOnce: [iepm.exe] C:\WINDOWS\system32\iepm.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\iezp32.exe
O4 - HKLM\..\RunOnce: [javabh.exe] C:\WINDOWS\system32\javabh.exe
O4 - HKLM\..\RunOnce: [netua32.exe] C:\WINDOWS\netua32.exe
O4 - HKLM\..\RunOnce: [mfcrv32.exe] C:\WINDOWS\mfcrv32.exe
O4 - HKLM\..\RunOnce: [ntji.exe] C:\WINDOWS\system32\ntji.exe
O4 - HKLM\..\RunOnce: [winbo.exe] C:\WINDOWS\winbo.exe
O4 - HKLM\..\RunOnce: [appvp32.exe] C:\WINDOWS\system32\appvp32.exe
O4 - HKLM\..\RunOnce: [adddr32.exe] C:\WINDOWS\system32\adddr32.exe
O4 - HKLM\..\RunOnce: [winqd32.exe] C:\WINDOWS\system32\winqd32.exe
O4 - HKLM\..\RunOnce: [iesl.exe] C:\WINDOWS\iesl.exe
O4 - HKLM\..\RunOnce: [mstt32.exe] C:\WINDOWS\mstt32.exe
O4 - HKLM\..\RunOnce: [sysxk.exe] C:\WINDOWS\sysxk.exe
O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\javadc.exe
O4 - HKLM\..\RunOnce: [apimt32.exe] C:\WINDOWS\apimt32.exe
O4 - HKLM\..\RunOnce: [javaxy.exe] C:\WINDOWS\javaxy.exe
O4 - HKLM\..\RunOnce: [ipwz32.exe] C:\WINDOWS\system32\ipwz32.exe
O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\system32\nter32.exe
O4 - HKLM\..\RunOnce: [sysin.exe] C:\WINDOWS\sysin.exe
O4 - HKLM\..\RunOnce: [javanp32.exe] C:\WINDOWS\javanp32.exe
O4 - HKLM\..\RunOnce: [atlwb.exe] C:\WINDOWS\system32\atlwb.exe
O4 - HKLM\..\RunOnce: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\RunOnce: [crej32.exe] C:\WINDOWS\crej32.exe
O4 - HKLM\..\RunOnce: [addof32.exe] C:\WINDOWS\system32\addof32.exe
O4 - HKLM\..\RunOnce: [sysnw.exe] C:\WINDOWS\system32\sysnw.exe
O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\system32\javaay32.exe
O4 - HKLM\..\RunOnce: [iezm.exe] C:\WINDOWS\system32\iezm.exe
O4 - HKLM\..\RunOnce: [javayx32.exe] C:\WINDOWS\javayx32.exe
O4 - HKLM\..\RunOnce: [mfcau32.exe] C:\WINDOWS\mfcau32.exe
O4 - HKLM\..\RunOnce: [atlxc.exe] C:\WINDOWS\atlxc.exe
O4 - HKLM\..\RunOnce: [iphk.exe] C:\WINDOWS\system32\iphk.exe
O4 - HKLM\..\RunOnce: [ipzz32.exe] C:\WINDOWS\ipzz32.exe
O4 - HKLM\..\RunOnce: [javanm.exe] C:\WINDOWS\javanm.exe
O4 - HKLM\..\RunOnce: [windm.exe] C:\WINDOWS\windm.exe
O4 - HKLM\..\RunOnce: [javarw.exe] C:\WINDOWS\system32\javarw.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [craa32.exe] C:\WINDOWS\system32\craa32.exe
O4 - HKLM\..\RunOnce: [javarm32.exe] C:\WINDOWS\system32\javarm32.exe
O4 - HKLM\..\RunOnce: [crsa.exe] C:\WINDOWS\system32\crsa.exe
O4 - HKLM\..\RunOnce: [iecn32.exe] C:\WINDOWS\system32\iecn32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Mavis Beacon Teaches Typing 11.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 11\MiniMavis.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/139c6182ceded6ecf119/netzip/RdxIE2.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/orbital/install.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.bravetree.com/downloader/BTDownloadCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nyc.candiesinc.com
O17 - HKLM\Software\..\Telephony: DomainName = nyc.candiesinc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nyc.candiesinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nyc.candiesinc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NetOp Helper ver. 7.01 (2002043) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\DOCUMENTS AND SETTINGS\JBRIDGES\DESKTOP\SFUninstaller-3.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thank you for reading this and i hope this will fix my home search assistant, shopping wizard, and searchfinder problem that cause my AIM to crash and overall internet speed to be slow. thank you.
0
Comments
You will need to print these instructions for your reference as most of this Removal process must be done in safe mode where you will not have access to the internet.
(Skip the steps if you have already performed them)
1. Download CWShredder. Save it to your desktop and extract the files to your desktop.
Exit CWShredder for now.
2. Download aboutbuster. Save it to your desktop and extract the files to your desktop.
Exit aboutbuster for now.
3. Download Ad-Aware SE 1.06 . Save the setup file to your desktop. Run the setup file and place a shortcut on your desktop. Open Ad-Aware and click check for updates>click connect. Click download updates if updates are available.
4. Make all hidden files viewable .
5. Boot up into safe mode. To enter safe mode> reboot> tap the f8 button at the start up screen>select safe mode from the menu.
6. Run Hijack this and place a checkmark next to the following entries. Click “Fix Checked”:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xohhp.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [sbmonu] C:\WINDOWS\System32\sbmonu.exe
O4 - HKLM\..\Run: [javauu.exe] C:\WINDOWS\javauu.exe
O4 - HKLM\..\Run: [mfclp32.exe] C:\WINDOWS\mfclp32.exe
O4 - HKLM\..\Run: [atlrf.exe] C:\WINDOWS\system32\atlrf.exe
O4 - HKLM\..\Run: [msta.exe] C:\WINDOWS\system32\msta.exe
O4 - HKLM\..\Run: [javagx32.exe] C:\WINDOWS\system32\javagx32.exe
O4 - HKLM\..\RunOnce: [sdkpv32.exe] C:\WINDOWS\sdkpv32.exe
O4 - HKLM\..\RunOnce: [sysws32.exe] C:\WINDOWS\sysws32.exe
O4 - HKLM\..\RunOnce: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\RunOnce: [iepm.exe] C:\WINDOWS\system32\iepm.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\iezp32.exe
O4 - HKLM\..\RunOnce: [javabh.exe] C:\WINDOWS\system32\javabh.exe
O4 - HKLM\..\RunOnce: [netua32.exe] C:\WINDOWS\netua32.exe
O4 - HKLM\..\RunOnce: [mfcrv32.exe] C:\WINDOWS\mfcrv32.exe
O4 - HKLM\..\RunOnce: [ntji.exe] C:\WINDOWS\system32\ntji.exe
O4 - HKLM\..\RunOnce: [winbo.exe] C:\WINDOWS\winbo.exe
O4 - HKLM\..\RunOnce: [appvp32.exe] C:\WINDOWS\system32\appvp32.exe
O4 - HKLM\..\RunOnce: [adddr32.exe] C:\WINDOWS\system32\adddr32.exe
O4 - HKLM\..\RunOnce: [winqd32.exe] C:\WINDOWS\system32\winqd32.exe
O4 - HKLM\..\RunOnce: [iesl.exe] C:\WINDOWS\iesl.exe
O4 - HKLM\..\RunOnce: [mstt32.exe] C:\WINDOWS\mstt32.exe
O4 - HKLM\..\RunOnce: [sysxk.exe] C:\WINDOWS\sysxk.exe
O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\javadc.exe
O4 - HKLM\..\RunOnce: [apimt32.exe] C:\WINDOWS\apimt32.exe
O4 - HKLM\..\RunOnce: [javaxy.exe] C:\WINDOWS\javaxy.exe
O4 - HKLM\..\RunOnce: [ipwz32.exe] C:\WINDOWS\system32\ipwz32.exe
O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\system32\nter32.exe
O4 - HKLM\..\RunOnce: [sysin.exe] C:\WINDOWS\sysin.exe
O4 - HKLM\..\RunOnce: [javanp32.exe] C:\WINDOWS\javanp32.exe
O4 - HKLM\..\RunOnce: [atlwb.exe] C:\WINDOWS\system32\atlwb.exe
O4 - HKLM\..\RunOnce: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\RunOnce: [crej32.exe] C:\WINDOWS\crej32.exe
O4 - HKLM\..\RunOnce: [addof32.exe] C:\WINDOWS\system32\addof32.exe
O4 - HKLM\..\RunOnce: [sysnw.exe] C:\WINDOWS\system32\sysnw.exe
O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\system32\javaay32.exe
O4 - HKLM\..\RunOnce: [iezm.exe] C:\WINDOWS\system32\iezm.exe
O4 - HKLM\..\RunOnce: [javayx32.exe] C:\WINDOWS\javayx32.exe
O4 - HKLM\..\RunOnce: [mfcau32.exe] C:\WINDOWS\mfcau32.exe
O4 - HKLM\..\RunOnce: [atlxc.exe] C:\WINDOWS\atlxc.exe
O4 - HKLM\..\RunOnce: [iphk.exe] C:\WINDOWS\system32\iphk.exe
O4 - HKLM\..\RunOnce: [ipzz32.exe] C:\WINDOWS\ipzz32.exe
O4 - HKLM\..\RunOnce: [javanm.exe] C:\WINDOWS\javanm.exe
O4 - HKLM\..\RunOnce: [windm.exe] C:\WINDOWS\windm.exe
O4 - HKLM\..\RunOnce: [javarw.exe] C:\WINDOWS\system32\javarw.exe
O4 - HKLM\..\RunOnce: [javarm32.exe] C:\WINDOWS\system32\javarm32.exe
O4 - HKLM\..\RunOnce: [crsa.exe] C:\WINDOWS\system32\crsa.exe
O4 - HKLM\..\RunOnce: [iecn32.exe] C:\WINDOWS\system32\iecn32.exe
7. Run CWShredder which you downloaded in step 1. Click the “Fix” button.
8. Now delete these files or directories if they exist:
C:\WINDOWS\xohhp.dll
C:\WINDOWS\System32\sbmonu.exe
C:\WINDOWS\javauu.exe
C:\WINDOWS\mfclp32.exe
C:\WINDOWS\system32\atlrf.exe
C:\WINDOWS\system32\msta.exe
C:\WINDOWS\system32\javagx32.exe
C:\WINDOWS\sdkpv32.exe
C:\WINDOWS\sysws32.exe
C:\WINDOWS\system32\ielz32.exe
C:\WINDOWS\system32\iepm.exe
C:\WINDOWS\iezp32.exe
C:\WINDOWS\system32\javabh.exe
C:\WINDOWS\netua32.exe
C:\WINDOWS\mfcrv32.exe
C:\WINDOWS\system32\ntji.exe
C:\WINDOWS\winbo.exe
C:\WINDOWS\system32\appvp32.exe
C:\WINDOWS\system32\adddr32.exe
C:\WINDOWS\system32\winqd32.exe
C:\WINDOWS\iesl.exe
C:\WINDOWS\mstt32.exe
C:\WINDOWS\sysxk.exe
C:\WINDOWS\javadc.exe
C:\WINDOWS\apimt32.exe
C:\WINDOWS\javaxy.exe
C:\WINDOWS\system32\ipwz32.exe
C:\WINDOWS\system32\nter32.exe
C:\WINDOWS\sysin.exe
C:\WINDOWS\javanp32.exe
C:\WINDOWS\system32\atlwb.exe
C:\WINDOWS\system32\crdd32.exe
C:\WINDOWS\crej32.exe
C:\WINDOWS\system32\addof32.exe
C:\WINDOWS\system32\sysnw.exe
C:\WINDOWS\system32\javaay32.exe
C:\WINDOWS\system32\iezm.exe
C:\WINDOWS\javayx32.exe
C:\WINDOWS\mfcau32.exe
C:\WINDOWS\atlxc.exe
C:\WINDOWS\system32\iphk.exe
C:\WINDOWS\ipzz32.exe
C:\WINDOWS\javanm.exe
C:\WINDOWS\windm.exe
C:\WINDOWS\system32\javarw.exe
C:\WINDOWS\system32\javarm32.exe
C:\WINDOWS\system32\crsa.exe
C:\WINDOWS\system32\iecn32.exe
9. Run aboutbuster which you downloaded in step 2. Click ok>start>ok. Copy and paste the results of the aboutbuster scan to notepad. Save this as a .txt file.
10. Run a “full system scan" with Ad-Aware SE. Remove all files found.
11. Reboot and post a new Hijack This log with the results of the aboutbuster scan.
AboutBuster 5.0 reference file 28
Scan started on [6/15/2005] at [8:27:01 PM]
Removed Stream! C:\WINDOWS\000001_.tmp:imqts
Removed Stream! C:\WINDOWS\002848_.tmp:fhfhn
Removed Stream! C:\WINDOWS\aljjn.txt:sjsju
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:bgbor
Removed Stream! C:\WINDOWS\caboe.log:sxjliv
Removed Stream! C:\WINDOWS\clock.avi:eskep
Removed Stream! C:\WINDOWS\comsetup.log:aumap
Removed Stream! C:\WINDOWS\control.ini:vtgief
Removed Stream! C:\WINDOWS\cwbmw400.pst:nuzvhp
Removed Stream! C:\WINDOWS\cwbmw400.pst:oufvq
Removed Stream! C:\WINDOWS\d3dx.dat:zshaa
Removed Stream! C:\WINDOWS\dahotfix.log:gwrgt
Removed Stream! C:\WINDOWS\dasetup.log:gvjaba
Removed Stream! C:\WINDOWS\dasetup.log:zqkywy
Removed Stream! C:\WINDOWS\desktop.ini:jbymoq
Removed Stream! C:\WINDOWS\Directx.log:rnqon
Removed Stream! C:\WINDOWS\DtcInstall.log:rjcdyi
Removed Stream! C:\WINDOWS\emvrb.log:mujell
Removed Stream! C:\WINDOWS\ervct.log:kkvjst
Removed Stream! C:\WINDOWS\ervct.log:mujell
Removed Stream! C:\WINDOWS\FaxSetup.log:ccmoi
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:dymwei
Removed Stream! C:\WINDOWS\gmmpy.dat:xwmphy
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:ageci
Removed Stream! C:\WINDOWS\hwttj.txt:dymwei
Removed Stream! C:\WINDOWS\iis6.log:etiql
Removed Stream! C:\WINDOWS\INTUIT.INI:dzdib
Removed Stream! C:\WINDOWS\jabuw.dat:depoj
Removed Stream! C:\WINDOWS\jautoexp.dat:kjnmp
Removed Stream! C:\WINDOWS\KB823559.log:tczfk
Removed Stream! C:\WINDOWS\KB824141.log:occhbx
Removed Stream! C:\WINDOWS\KB828028.log:wxfuw
Removed Stream! C:\WINDOWS\KB828741.log:btdgx
Removed Stream! C:\WINDOWS\KB835732.log:wrfjgs
Removed Stream! C:\WINDOWS\KB840374.log:hzims
Removed Stream! C:\WINDOWS\KB841356.log:mvgzu
Removed Stream! C:\WINDOWS\KB841533.log:ifggo
Removed Stream! C:\WINDOWS\KB842773.log:hsiudf
Removed Stream! C:\WINDOWS\KB873339.log:cbmcj
Removed Stream! C:\WINDOWS\KB873376.log:rpylh
Removed Stream! C:\WINDOWS\KB885250.log:zpscgl
Removed Stream! C:\WINDOWS\KB885835.log:llboxg
Removed Stream! C:\WINDOWS\KB885836.log:lkemr
Removed Stream! C:\WINDOWS\KB887472.log:kivncf
Removed Stream! C:\WINDOWS\KB887472.log:ndpuf
Removed Stream! C:\WINDOWS\KB888113.log:bdizk
Removed Stream! C:\WINDOWS\KB890923-IE6SP1-20050225.103456.log:yuaxm
Removed Stream! C:\WINDOWS\KB891711.log:hnqrio
Removed Stream! C:\WINDOWS\KB891781.log:qzexn
Removed Stream! C:\WINDOWS\KB892944.log:licpv
Removed Stream! C:\WINDOWS\KB893066.log:dumri
Removed Stream! C:\WINDOWS\KB893086.log:ktfzcr
Removed Stream! C:\WINDOWS\KB898461.log:tlpcu
Removed Stream! C:\WINDOWS\kbxjs.txt:kptkeb
Removed Stream! C:\WINDOWS\lbcht.log:sdqcu
Removed Stream! C:\WINDOWS\lkzxc.txt:sulmza
Removed Stream! C:\WINDOWS\medeo.txt:jbegwb
Removed Stream! C:\WINDOWS\mozver.dat:zmqimb
Removed Stream! C:\WINDOWS\MpcWin04.ppl:bcwlre
Removed Stream! C:\WINDOWS\msdfmap.ini:vujqxy
Removed Stream! C:\WINDOWS\msgsocm.log:rmjwoe
Removed Stream! C:\WINDOWS\msgsocm.log:umvqv
Removed Stream! C:\WINDOWS\MSREGUSR.INI:kuestc
Removed Stream! C:\WINDOWS\netfxocm.log:nvtvzi
Removed Stream! C:\WINDOWS\nsreg.dat:bpcow
Removed Stream! C:\WINDOWS\ntdtcsetup.log:llpyj
Removed Stream! C:\WINDOWS\NTS.INI:zscoge
Removed Stream! C:\WINDOWS\n_lkohnr.txt:hpncu
Removed Stream! C:\WINDOWS\ocmsn.log:fyfokz
Removed Stream! C:\WINDOWS\ODBC.INI:fxaqkz
Removed Stream! C:\WINDOWS\OEWABLog.txt:wlfsw
Removed Stream! C:\WINDOWS\osxlj.txt:izqzym
Removed Stream! C:\WINDOWS\pbjpf.log:jhoem
Removed Stream! C:\WINDOWS\pcconfig.dat:cukkl
Removed Stream! C:\WINDOWS\pfqdf.log:aabmbw
Removed Stream! C:\WINDOWS\PhotoSuite.ini:cqzua
Removed Stream! C:\WINDOWS\Q312370.log:cguyrf
Removed Stream! C:\WINDOWS\Q312370.log:sicppl
Removed Stream! C:\WINDOWS\Q323255.log:jupip
Removed Stream! C:\WINDOWS\Q328310.log:ypsvmk
Removed Stream! C:\WINDOWS\Q329048.log:bzgzip
Removed Stream! C:\WINDOWS\Q329048.log:gdzgb
Removed Stream! C:\WINDOWS\Q329115.log:qvzic
Removed Stream! C:\WINDOWS\Q329390.log:dkfalg
Removed Stream! C:\WINDOWS\Q329390.log:kfaqm
Removed Stream! C:\WINDOWS\Q329441.log:bltoeq
Removed Stream! C:\WINDOWS\Q329834.log:wvnto
Removed Stream! C:\WINDOWS\Q331953.log:dcfei
Removed Stream! C:\WINDOWS\Q810565.log:fjpwhc
Removed Stream! C:\WINDOWS\Q810565.log:vkyffi
Removed Stream! C:\WINDOWS\Q810565.log:ysawv
Removed Stream! C:\WINDOWS\Q810833.log:axkyt
Removed Stream! C:\WINDOWS\Q811493.log:ecnnnj
Removed Stream! C:\WINDOWS\Q815021.log:oeqxe
Removed Stream! C:\WINDOWS\Q817287.log:ohyyg
Removed Stream! C:\WINDOWS\Q819696.log:heyfke
Removed Stream! C:\WINDOWS\Q819696.log:wlsmim
Removed Stream! C:\WINDOWS\Q828026Uninst.log:eebpul
Removed Stream! C:\WINDOWS\Q828026Uninst.log:rteyd
Removed Stream! C:\WINDOWS\QEX.INI:hmkrcw
Removed Stream! C:\WINDOWS\QEX.INI:pkeuab
Removed Stream! C:\WINDOWS\QEX.INI:zwikeh
Removed Stream! C:\WINDOWS\QUICKEN.INI:tisxi
Removed Stream! C:\WINDOWS\REGLOCS.OLD:iwcrt
Removed Stream! C:\WINDOWS\regopt.log:zlhfxn
Removed Stream! C:\WINDOWS\rgvot.dat:qlknc
Removed Stream! C:\WINDOWS\Rhododendron.bmp:jrvoiw
Removed Stream! C:\WINDOWS\River Sumida.bmp:pfehry
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:kggpau
Removed Stream! C:\WINDOWS\SchedLgU.Txt:luozmk
Removed Stream! C:\WINDOWS\SchedLgU.Txt:smzsry
Removed Stream! C:\WINDOWS\sessmgr.setup.log:kjlxl
Removed Stream! C:\WINDOWS\setupapi.log:wvakjx
Removed Stream! C:\WINDOWS\setupapi.log.0.old:awqsvc
Removed Stream! C:\WINDOWS\setupapi.log.0.old:xdwcf
Removed Stream! C:\WINDOWS\setuperr.log:uszgt
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:gqppq
Removed Stream! C:\WINDOWS\spupdsvc.log:bhqihx
Removed Stream! C:\WINDOWS\spupdsvc.log:brotch
Removed Stream! C:\WINDOWS\Sti_Trace.log:kukzdb
Removed Stream! C:\WINDOWS\Sti_Trace.log:soclyd
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:ccqomb
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:eqigw
Removed Stream! C:\WINDOWS\SYSTEM.QEX:jrazm
Removed Stream! C:\WINDOWS\szzot.log:vvjupl
Removed Stream! C:\WINDOWS\tabletoc.log:mjubds
Removed Stream! C:\WINDOWS\tabletoc.log:vrqen
Removed Stream! C:\WINDOWS\tqdrv.log:aoqmx
Removed Stream! C:\WINDOWS\tsoc.log:ejmgxu
Removed Stream! C:\WINDOWS\tsoc.log:zzhfbj
Removed Stream! C:\WINDOWS\ufbgw.dat:brotch
Removed Stream! C:\WINDOWS\ukvsx.txt:hxsyf
Removed Stream! C:\WINDOWS\updspapi.log:wegzqy
Removed Stream! C:\WINDOWS\vb.ini:eutqf
Removed Stream! C:\WINDOWS\vgerm.log:lvhyiw
Removed Stream! C:\WINDOWS\vminst.log:kbsxxw
Removed Stream! C:\WINDOWS\vminst.log:lrskl
Removed Stream! C:\WINDOWS\vqvnx.dat:dosecy
Removed Stream! C:\WINDOWS\wiaservc.log:pqukb
Removed Stream! C:\WINDOWS\win.ini:cucdrh
Removed Stream! C:\WINDOWS\win.ini:zyjknl
Removed Stream! C:\WINDOWS\Winamp.ini:fxzpm
Removed Stream! C:\WINDOWS\Windows Update.log:cvlmau
Removed Stream! C:\WINDOWS\WindowsUpdate.log:szcphw
Removed Stream! C:\WINDOWS\WindowsUpdate.log:usgyfr
Removed Stream! C:\WINDOWS\wininit.ini:reyfsv
Removed Stream! C:\WINDOWS\wininit.ini:vowrve
Removed Stream! C:\WINDOWS\winnt256.bmp:htnik
Removed Stream! C:\WINDOWS\wmsetup.log:kfqkmf
Removed Stream! C:\WINDOWS\xpsp1hfm.log:nwxjqb
Removed Stream! C:\WINDOWS\ywhqi.txt:ynvzm
Removed Stream! C:\WINDOWS\zixxo.txt:uhtvis
Removed Stream! C:\WINDOWS\zmqim.txt:dxugx
Removed Stream! C:\WINDOWS\_default.pif:fxppsm
Removed Stream! C:\WINDOWS\{BD254AC6-BB41-4CBC-A7B0-9D479E0927C7}.dat:ajdys
Removed File! : C:\Windows\aarpx.dat
Removed File! : C:\Windows\apkmb.dat
Removed File! : C:\Windows\ayzhq.dat
Removed File! : C:\Windows\bhwja.dat
Removed File! : C:\Windows\biwrl.dat
Removed File! : C:\Windows\btxpi.dat
Removed File! : C:\Windows\fwajg.dll
Removed File! : C:\Windows\gmmpy.dat
Removed File! : C:\Windows\hrakt.dat
Removed File! : C:\Windows\iilrz.dat
Removed File! : C:\Windows\ioiep.dat
Removed File! : C:\Windows\irwmc.dat
Removed File! : C:\Windows\iuvic.dat
Removed File! : C:\Windows\jabuw.dat
Removed File! : C:\Windows\jbymo.dat
Removed File! : C:\Windows\jgoyn.dat
Removed File! : C:\Windows\kowjm.dll
Removed File! : C:\Windows\ljcyi.dat
Removed File! : C:\Windows\lqqjw.dat
Removed File! : C:\Windows\lwysy.dat
Removed File! : C:\Windows\mjrei.dat
Removed File! : C:\Windows\okkpl.dat
Removed File! : C:\Windows\pqtkb.dat
Removed File! : C:\Windows\qkyoy.dll
Removed File! : C:\Windows\rgvot.dat
Removed File! : C:\Windows\rjmjg.dat
Removed File! : C:\Windows\ufbgw.dat
Removed File! : C:\Windows\ulhxg.dll
Removed File! : C:\Windows\vqvnx.dat
Removed File! : C:\Windows\weusu.dat
Removed File! : C:\Windows\wmpll.dat
Removed File! : C:\Windows\xytug.dat
Removed File! : C:\Windows\System32\beobi.dll
Removed File! : C:\Windows\System32\cwtsl.dat
Removed File! : C:\Windows\System32\dfacg.dat
Removed File! : C:\Windows\System32\dwsvm.dat
Removed File! : C:\Windows\System32\fgrjt.dll
Removed File! : C:\Windows\System32\fhpng.dll
Removed File! : C:\Windows\System32\fvqhs.dat
Removed File! : C:\Windows\System32\fwpjn.dat
Removed File! : C:\Windows\System32\fygid.dat
Removed File! : C:\Windows\System32\iecxk.dat
Removed File! : C:\Windows\System32\igxaq.dat
Removed File! : C:\Windows\System32\ilktr.dat
Removed File! : C:\Windows\System32\itloj.dat
Removed File! : C:\Windows\System32\jhfcv.dat
Removed File! : C:\Windows\System32\jkwrg.dat
Removed File! : C:\Windows\System32\jnyhu.dat
Removed File! : C:\Windows\System32\kkapl.dat
Removed File! : C:\Windows\System32\kourf.dat
Removed File! : C:\Windows\System32\lepwe.dat
Removed File! : C:\Windows\System32\llllh.dat
Removed File! : C:\Windows\System32\lrhwp.dat
Removed File! : C:\Windows\System32\mlogs.dat
Removed File! : C:\Windows\System32\mvyna.dat
Removed File! : C:\Windows\System32\nvfel.dat
Removed File! : C:\Windows\System32\nyxce.dat
Removed File! : C:\Windows\System32\pssgc.dat
Removed File! : C:\Windows\System32\qqmws.dat
Removed File! : C:\Windows\System32\rdarv.dll
Removed File! : C:\Windows\System32\rzrpc.dat
Removed File! : C:\Windows\System32\shvzx.dat
Removed File! : C:\Windows\System32\sjvmq.dat
Removed File! : C:\Windows\System32\svfix.dll
Removed File! : C:\Windows\System32\swjjn.dat
Removed File! : C:\Windows\System32\ttwus.dat
Removed File! : C:\Windows\System32\tysjd.dat
Removed File! : C:\Windows\System32\uqrhd.dat
Removed File! : C:\Windows\System32\wfagv.dat
Removed File! : C:\Windows\System32\wknyx.dat
Removed File! : C:\Windows\System32\wlfje.dat
Removed File! : C:\Windows\System32\wnrtr.dll
Removed File! : C:\Windows\System32\xjafg.dll
Removed File! : C:\Windows\System32\xqvka.dll
Removed File! : C:\Windows\System32\xwwak.dat
Removed File! : C:\Windows\System32\xxovf.dll
Removed File! : C:\Windows\System32\ypngo.dat
Removed File! : C:\Windows\System32\ytnau.dat
Removed File! : C:\Windows\System32\ywrge.dat
Removed File! : C:\Windows\System32\zxmzl.dat
Scan was COMPLETED SUCCESSFULLY at 8:30:33 PM
thank you again for helping me with this situation and with this log now posted i will wait for a reply to see if there is any more procedures or issues i need to do. thank you so much. Jason