Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home Serach Assistant Problem


  • Please log in to reply
1 reply to this topic

#1 freeriders04

freeriders04

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 17 November 2005 - 11:54 PM

Hi Mod!

My PC has got infected with HSA. Did search on google and found about your site. Followed the steps as you have mentioned. The Hijackthis log is given. Please analysis and help. I have now installed Adware and Spy Bot. Spy Shreiff has been removed.

Logfile of HijackThis v1.99.1
Scan saved at 9:35:54 PM, on 11/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\MFCVC.EXE
C:\WINDOWS\SYSTEM\D3QM32.EXE
C:\WINDOWS\ATLZJ.EXE
C:\WINDOWS\SYSTEM\ADDSG32.EXE
C:\WINDOWS\SYSTEM\D3JN32.EXE
C:\WINDOWS\IPHV.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\NTSF.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\D3JN32.EXE
C:\WINDOWS\ATLZJ.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ADDSG32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\ATLOV32.EXE
C:\WINDOWS\SYSTEM\ATLOV32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\D3ZB32.EXE
C:\WINDOWS\SYSTEM\D3ZB32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\ADDJZ.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\SYSWP32.EXE
C:\WINDOWS\SYSTEM\D3ZB32.EXE
C:\WINDOWS\SYSTEM\SYSWP32.EXE
C:\WINDOWS\IPAI32.EXE
C:\WINDOWS\SYSTEM\ATLOV32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\D3ZB32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\NTRU.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\IPAI32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\NETVD32.EXE
C:\WINDOWS\IPAI32.EXE
C:\WINDOWS\SYSTEM\ADDLP32.EXE
C:\WINDOWS\SYSTEM\IEOW32.EXE
C:\HSA\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pozja.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pozja.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pozja.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pozja.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pozja.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pozja.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {8D017BC0-B5BE-D6BF-C429-EBB6541D32FD} - C:\WINDOWS\SYSTEM\CRPS.DLL
O2 - BHO: Class - {C053397E-2B2B-97AE-4BB0-73BA741D1256} - C:\WINDOWS\SYSTEM\ATLMH32.DLL
O2 - BHO: Class - {3A0B27AB-13F7-621F-A88E-3E59595D2DC9} - C:\WINDOWS\SYSTEM\WINTT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NTSF.EXE] C:\WINDOWS\SYSTEM\NTSF.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [ADDLP32.EXE] C:\WINDOWS\SYSTEM\ADDLP32.EXE /s
O4 - HKLM\..\RunServices: [MFCVC.EXE] C:\WINDOWS\MFCVC.EXE /s
O4 - HKLM\..\RunServices: [D3QM32.EXE] C:\WINDOWS\SYSTEM\D3QM32.EXE /s
O4 - HKLM\..\RunServices: [ATLZJ.EXE] C:\WINDOWS\ATLZJ.EXE /s
O4 - HKLM\..\RunServices: [ADDSG32.EXE] C:\WINDOWS\SYSTEM\ADDSG32.EXE /s
O4 - HKLM\..\RunServices: [D3JN32.EXE] C:\WINDOWS\SYSTEM\D3JN32.EXE /s
O4 - HKLM\..\RunServices: [IPHV.EXE] C:\WINDOWS\IPHV.EXE /s
O4 - HKLM\..\RunServices: [ATLOV32.EXE] C:\WINDOWS\SYSTEM\ATLOV32.EXE /s
O4 - HKLM\..\RunServices: [D3ZB32.EXE] C:\WINDOWS\SYSTEM\D3ZB32.EXE /s
O4 - HKLM\..\RunServices: [ADDJZ.EXE] C:\WINDOWS\ADDJZ.EXE /s
O4 - HKLM\..\RunServices: [SYSWP32.EXE] C:\WINDOWS\SYSTEM\SYSWP32.EXE /s
O4 - HKLM\..\RunServices: [IPAI32.EXE] C:\WINDOWS\IPAI32.EXE /s
O4 - HKLM\..\RunServices: [NTRU.EXE] C:\WINDOWS\NTRU.EXE /s
O4 - HKLM\..\RunServices: [NETVD32.EXE] C:\WINDOWS\SYSTEM\NETVD32.EXE /s
O4 - HKLM\..\RunServices: [IEOW32.EXE] C:\WINDOWS\SYSTEM\IEOW32.EXE /s
O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 - HKCU\..\RunServices: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 - Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 AM

Posted 21 November 2005 - 10:43 PM

Sorry for the delay. If you still have a problem, please post a new hijackthis log as a reply to this log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users