Options

AboutBuster Overflow Error '6'

Unknown
edited February 2006 in Spyware & Virus Removal
My daughter's computer has been completely hijacked by the Home Search Assistant. I have been following the directions on Short-media but cannot get 'aboutBuster' to run. It begins to run and the comes up witht a run-time error '6' Overflow. Any suggestions? thx.

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited February 2006
    Please download HijackThis and post a log.
  • MammaDean47
    edited February 2006
    Here's the HighJack this Log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:22:52 PM, on 2/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\crap.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\winum.exe
    C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\Common Files\AOL\1125339926\ee\AOLHostManager.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Common Files\AOL\1125339926\ee\AOLServiceHost.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\hijackthis\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kydao.dll/sp.html#53142%
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kydao.dll/sp.html#53142%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kydao.dll/sp.html#53142%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kydao.dll/sp.html#53142%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kydao.dll/sp.html#53142%
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kydao.dll/sp.html#53142%
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {022B05B8-2B04-C6AA-AF23-E6174F8F7AEB} - C:\WINDOWS\system32\sysif32.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Class - {039B7C13-F237-757B-D633-29FC992B6EB7} - C:\WINDOWS\system32\javarx32.dll
    O2 - BHO: Class - {04CC9879-98F0-52FD-EAE4-6308513DF393} - C:\WINDOWS\system32\addtw32.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Class - {1F3C3714-CA96-D3D9-77F0-375ADE521DFA} - C:\WINDOWS\system32\sysdd32.dll
    O2 - BHO: Class - {25ADA2FE-929D-3669-BEDF-A52E5180403B} - C:\WINDOWS\atlfi.dll
    O2 - BHO: Class - {26ED9CDF-2406-B407-B126-1D1BFA0A9292} - C:\WINDOWS\system32\appba.dll
    O2 - BHO: Class - {2755BC00-486A-F461-9A67-46C97AEAEE96} - C:\WINDOWS\sdkeo32.dll
    O2 - BHO: Class - {38676255-FF52-44C8-27F2-446E092C177F} - C:\WINDOWS\system32\ielr.dll
    O2 - BHO: Class - {3E634ABC-AA83-3403-5DD5-43546E8735F1} - C:\WINDOWS\system32\sysxg32.dll
    O2 - BHO: Class - {42A8EAAD-CADF-3ADC-AA19-09B37343138C} - C:\WINDOWS\system32\ntnd32.dll
    O2 - BHO: Class - {4AA3BE08-9CE4-7D9F-F202-DA39AAEC5E43} - C:\WINDOWS\sdkbs32.dll
    O2 - BHO: Class - {5061A3C6-884B-9AB8-F5E1-55D04DEAF516} - C:\WINDOWS\syskc.dll
    O2 - BHO: Class - {5B80E9A0-1499-04EC-7D98-0AC8BFBE47C0} - C:\WINDOWS\system32\msmg.dll
    O2 - BHO: Class - {6301302D-D47B-F234-E1E9-92B1AE6197CC} - C:\WINDOWS\syslo32.dll
    O2 - BHO: Class - {6CA0DD23-29FF-7BA9-BCDE-21BA40065FF7} - C:\WINDOWS\system32\mfcko32.dll
    O2 - BHO: Class - {6F80CE58-E9EF-47A6-EE09-D515FF3D4D49} - C:\WINDOWS\sdknx.dll
    O2 - BHO: Class - {7B75654E-B07C-1F9F-F473-0677EFC5B270} - C:\WINDOWS\system32\iesr32.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O2 - BHO: Class - {7DB64B28-1BB0-D8F6-CB9A-E8FB11BD47AD} - C:\WINDOWS\system32\javaxx.dll
    O2 - BHO: Class - {8572B1C3-0B33-91DD-6948-89B6DFA745A2} - C:\WINDOWS\system32\crcx.dll
    O2 - BHO: Class - {8E92FBBE-18DE-1964-592E-3206F854480E} - C:\WINDOWS\addnl32.dll
    O2 - BHO: Class - {927628B2-F422-8042-BF38-EA89330D7A99} - C:\WINDOWS\system32\addlc.dll
    O2 - BHO: Class - {962342AD-7D9C-4ED9-06F6-290AD24C961B} - C:\WINDOWS\system32\mfcfm32.dll
    O2 - BHO: Class - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - C:\WINDOWS\system32\netgy32.dll
    O2 - BHO: Class - {A24BD6EC-9DA1-E120-7138-CBB1D4CD32FD} - C:\WINDOWS\d3st.dll
    O2 - BHO: Class - {A40D6EDD-39C0-F8EB-2A8D-78A5144A66D0} - C:\WINDOWS\system32\addyl32.dll
    O2 - BHO: Class - {AF446CAC-E397-2EF1-156B-CBC927A65116} - C:\WINDOWS\sysot32.dll
    O2 - BHO: Class - {B0652369-5121-A435-F727-38BA64793FF8} - C:\WINDOWS\system32\atlkb.dll
    O2 - BHO: Class - {B48F3D02-50CD-5883-AAE8-0AF628511B10} - C:\WINDOWS\system32\netkp32.dll
    O2 - BHO: Class - {C1CA1D5B-032E-ED81-9688-734882041CBD} - C:\WINDOWS\system32\d3sg.dll
    O2 - BHO: Class - {C2E0FF49-4E39-78EE-BDCD-AF1D24B2ABD7} - C:\WINDOWS\mszi.dll
    O2 - BHO: Class - {C5844CBD-D015-394D-8C9A-B52CFEA94E45} - C:\WINDOWS\crvk32.dll
    O2 - BHO: Class - {D3E9EE72-204E-EF04-0130-B5509FC342AE} - C:\WINDOWS\system32\d3zf.dll
    O2 - BHO: Class - {D8DED8EA-2D3F-BB4B-69E0-1C8962663203} - C:\Program Files\sysfu32.dll (file missing)
    O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\winpa32.dll
    O2 - BHO: Class - {E2FA5ADF-2EE4-349E-8197-095C5E7C1822} - C:\WINDOWS\system32\netvy32.dll
    O2 - BHO: Class - {E570DCA4-C521-2B7F-EB9D-E2F8DD25DF6B} - C:\WINDOWS\winlb32.dll
    O2 - BHO: Class - {E7CE8BF6-99C9-789F-291B-FDF539AB5062} - C:\WINDOWS\winta32.dll
    O2 - BHO: Class - {EA94B086-CDBC-1A5F-231F-FB067C388DF8} - C:\WINDOWS\system32\ipgo32.dll
    O2 - BHO: Class - {F1983C20-5742-0E88-60CB-E8BD6E1204CA} - C:\WINDOWS\system32\syscu32.dll
    O2 - BHO: Class - {F6BCAEA7-7910-C92B-BD7B-CADE109FB093} - C:\WINDOWS\system32\winef32.dll
    O2 - BHO: Class - {FC90281A-715F-5453-5E27-FF1B02AE0DA5} - C:\WINDOWS\system32\iekb32.dll
    O2 - BHO: Class - {FCD0707C-4D9F-46BA-9843-846B08A81ECE} - C:\WINDOWS\apihv32.dll
    O2 - BHO: Class - {FD61BA98-941E-9405-ABB1-7E310AB2A6B1} - C:\WINDOWS\system32\sdkxi.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125339926\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [winum.exe] C:\WINDOWS\system32\winum.exe
    O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crap.exe" /s (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Sign In or Register to comment.