Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad case of Home Search Assistant


  • Please log in to reply
2 replies to this topic

#1 scottklein

scottklein

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 20 December 2004 - 12:31 AM

Hi All,

I'm a newbie and can't seem to get rid of "Home Search Assistant". I followed the instructions in the Tutorial (twice), but it keeps coming back. So many of the files below look very familiar!! Logic tells me "istsvc.exe" is part of the problem, since I think it is the only file I've deleted that has come back. But you guys are the experts - any help would be greatly appreciated.

Thanks in advance,
Scott

Here is my Hijack Log:

Logfile of HijackThis v1.98.2
Scan saved at 11:21:48 PM, on 12/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\APPIK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\XQMMG.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE
C:\ZIPDRIVERS\IMGICON.EXE
C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\MONITORBK.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yaavh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=sas.ce1.attbb.net:8000;gopher=sas.ce1.attbb.net:8000;http=sas.ce1.attbb.net:8000;https=sas.ce1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {08460DA7-3C2B-3C21-9883-34880E388D10} - C:\WINDOWS\SYSTEM\CRGQ32.DLL
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\SYSTEM\INTERNETFEATURES.exe
O4 - HKLM\..\Run: [anilexlor] C:\WINDOWS\SYSTEM\efbvqys.exe
O4 - HKLM\..\Run: [wQpT6IAA] C:\XQMMG.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [APPIK.EXE] C:\WINDOWS\APPIK.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Iomega Watch.lnk = C:\zipdrivers\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\zipdrivers\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\zipdrivers\imgicon.exe
O4 - Startup: NDAccess Login Utility.lnk = C:\WINDOWS\ndutil\ndlog32_2.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Tardis V4.0.lnk = C:\WINDOWS\ndutil\tardis95.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O4 - Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\SYSTEM\monitorbk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O9 - Extra button: Dell Home - {49498FE0-1184-11D4-BDB2-D02B52C11485} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.44/07f6c32fb2aa67b55e18/netzip/RdxIE.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.microgaming.com/riverbelle/FlashAX.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/08917617951bff40c601/...ip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com/activex/src/KeyActivex.ocx
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab

BC AdBot (Login to Remove)

 


#2 MCKizzle

MCKizzle

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 20 December 2004 - 10:57 PM

Hi if you are still having a problem:

You are using an outdated version of hijackthis.  Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

Hey, sorry I can't really help you but I figured you should know that a new Hijack this version came out... I have just been searching around the forums and saw that yours was outdated and figured you might want to know because they will probably tell you that before they help you... Just thought you might want to know so that way you can get help faster, I know I would.

Edited by MCKizzle, 20 December 2004 - 11:14 PM.


#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:05 AM

Posted 21 December 2004 - 08:54 AM

MCKizzle is right. Thanks!

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users