Options
Mutumbu's Hijack This Logfile
Please can someone help.
It has gotten to the point with Home Search Assistant where I think I may as well leave it there rather than try to remove it. But then I slap myself and recognise this is not the correct attitude to have to an invasive program.
1. I have installed and run Ad Aware
2. I have installed and run Spybot Search and Destroy
3. I have installed and run Hijack This to create a log file which I have saved
4. I have TRIED and FAILED to install about:Buster - tried to download the patch but with no luck
Can someone let me know if I am OK to go ahead and post that long HijackThis log that I have created? I appreciate anyone's help with this.
It has gotten to the point with Home Search Assistant where I think I may as well leave it there rather than try to remove it. But then I slap myself and recognise this is not the correct attitude to have to an invasive program.
1. I have installed and run Ad Aware
2. I have installed and run Spybot Search and Destroy
3. I have installed and run Hijack This to create a log file which I have saved
4. I have TRIED and FAILED to install about:Buster - tried to download the patch but with no luck
Can someone let me know if I am OK to go ahead and post that long HijackThis log that I have created? I appreciate anyone's help with this.
0
Comments
Thanks Mike - here it is. How anyone can make sense of this is a mystery to me.
Can you also direct me to where I can find out advice about how NOT to be reinfected?
Logfile of HijackThis v1.99.1
Scan saved at 13:34:28, on 25/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\blueyonder\PCguard\fws.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Command Software\dvpapi.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\blueyonder\PCguard\RPS.exe
F:\WINDOWS\system32\ipoa.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\ntlr32.exe
F:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Sony Ericsson\Mobile\SyncIndicator.exe
F:\Program Files\Real\RealOne Player\realplay.exe
F:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8F449EFF-464C-9088-BEE4-124C8FA50B4D} - F:\WINDOWS\javams32.dll (file missing)
O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - F:\WINDOWS\javayb32.dll
O2 - BHO: Class - {EAF79499-1766-EB48-D04E-2CDD27C0DD4C} - F:\WINDOWS\ntrz32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [javadq.exe] F:\WINDOWS\javadq.exe
O4 - HKLM\..\Run: [atlid.exe] F:\WINDOWS\system32\atlid.exe
O4 - HKLM\..\Run: [PCguard] "F:\Program Files\blueyonder\PCguard\RPS.exe"
O4 - HKLM\..\Run: [ipoa.exe] F:\WINDOWS\system32\ipoa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IndexCleaner] "F:\Program Files\blueyonder\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "F:\Program Files\blueyonder\PCguard\IdxClnR.exe"
O4 - Global Startup: blueyonder Instant Support Tool.lnk = F:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = F:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\MYDOWN~1\MYPROG~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04c45db18c6fd88a6720/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - F:\WINDOWS\ntlr32.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - F:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - F:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Okay, remove the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\ahqqw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {8F449EFF-464C-9088-BEE4-124C8FA50B4D} - F:\WINDOWS\javams32.dll (file missing)
O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - F:\WINDOWS\javayb32.dll
O2 - BHO: Class - {EAF79499-1766-EB48-D04E-2CDD27C0DD4C} - F:\WINDOWS\ntrz32.dll (file missing)
O4 - HKLM\..\Run: [javadq.exe] F:\WINDOWS\javadq.exe
O4 - HKLM\..\Run: [atlid.exe] F:\WINDOWS\system32\atlid.exe
O4 - HKLM\..\Run: [ipoa.exe] F:\WINDOWS\system32\ipoa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\MYDOWN~1\MYPROG~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/C...2/OCI/setup.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - F:\WINDOWS\ntlr32.exe
Then, I want you to run the Ewido security suite:
download Ewido Security Suite
- Install ewido security suite
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
- Now, scan with it.
If you are having problems with the updater, you can use this link to manually update ewido.(the status bar at the bottom will display "Update successful")
Ewido Manual Updates
After you do that, reboot and post a new log.
As far as the reading goes: You can start here