• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kkoo116116

Help with ridding "Home Search Assistent"

7 posts in this topic

Hi,

I know there was a previous post about the Home Search Assistent bug but I'm not sure if the log fix is the same for everyone. I have recently contracted the same thing and I have run Ad Aware, Spybot, Shredder, Hijack Blaster on my system and they all come up clean. Taking the advice on the forums, I have downloaded Hijack This and have come up with the following log. I understand that others are also waiting for help but I would appreciate any help along this topic. Thank you,

KKoo116116

 

Logfile of HijackThis v1.97.7

Scan saved at 12:48:48 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\atlzb.exe

C:\WINDOWS\System32\tp4mon.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\DIGStream\digstream.exe

C:\WINDOWS\System32\ltcm000c.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\iedz.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kevin Koo\My Documents\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gqkap.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gqkap.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gqkap.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gqkap.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gqkap.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gqkap.dll/sp.html#96676

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0ABD6FA5-2D80-204C-F97F-AEA25930C091} - C:\WINDOWS\appae32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [iedz.exe] C:\WINDOWS\iedz.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

O4 - HKLM\..\RunOnce: [atlzb.exe] C:\WINDOWS\atlzb.exe

O4 - HKLM\..\RunOnce: [ieoz.exe] C:\WINDOWS\ieoz.exe

O4 - HKLM\..\RunOnce: [netze.exe] C:\WINDOWS\system32\netze.exe

O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe

O4 - HKLM\..\RunOnce: [ieli32.exe] C:\WINDOWS\ieli32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7880.5930902778

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab

Share this post


Link to post
Share on other sites

I was able to get help to remove the hijacker. I still have Home Search Assistent listed in my programs and I cannot remove it manually. If you have any luck let me know. Thanks.

Share this post


Link to post
Share on other sites

Here is an update. I recently ran AboutBuster on my computer and it removed several things from my system. I then ran HijackThis again and this is the most up to date log of my computer. Again, any help would be greatly appreciated.

 

Logfile of HijackThis v1.97.7

Scan saved at 5:25:39 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\tp4mon.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\DIGStream\digstream.exe

C:\WINDOWS\System32\ltcm000c.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\iedz.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ntha.exe

C:\Documents and Settings\Kevin Koo\My Documents\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0ABD6FA5-2D80-204C-F97F-AEA25930C091} - C:\WINDOWS\appae32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [iedz.exe] C:\WINDOWS\iedz.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

O4 - HKLM\..\RunOnce: [atlzb.exe] C:\WINDOWS\atlzb.exe

O4 - HKLM\..\RunOnce: [ieoz.exe] C:\WINDOWS\ieoz.exe

O4 - HKLM\..\RunOnce: [netze.exe] C:\WINDOWS\system32\netze.exe

O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe

O4 - HKLM\..\RunOnce: [ieli32.exe] C:\WINDOWS\ieli32.exe

O4 - HKLM\..\RunOnce: [msml.exe] C:\WINDOWS\system32\msml.exe

O4 - HKLM\..\RunOnce: [ntha.exe] C:\WINDOWS\system32\ntha.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7880.5930902778

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab

Share this post


Link to post
Share on other sites

Here is the rest of the CURE for you .... after you have run Rubber Ducky's about:Buster and have the same log as above ... run hijack this and check all these entries then click FIX and send back your next hijack this log after a reboot ( make sure and reboot )

 

Logfile of HijackThis v1.97.7

Scan saved at 5:25:39 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

O2 - BHO: (no name) - {0ABD6FA5-2D80-204C-F97F-AEA25930C091} - C:\WINDOWS\appae32.dll

 

O4 - HKLM\..\RunOnce: [atlzb.exe] C:\WINDOWS\atlzb.exe

O4 - HKLM\..\RunOnce: [ieoz.exe] C:\WINDOWS\ieoz.exe

O4 - HKLM\..\RunOnce: [netze.exe] C:\WINDOWS\system32\netze.exe

O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\system32\apiep32.exe

O4 - HKLM\..\RunOnce: [ieli32.exe] C:\WINDOWS\ieli32.exe

O4 - HKLM\..\RunOnce: [msml.exe] C:\WINDOWS\system32\msml.exe

O4 - HKLM\..\RunOnce: [ntha.exe] C:\WINDOWS\system32\ntha.exe

 

again after running about:buster ... run hijack this and check all those above entries and then click fix ... after that do a reboot and post your log again ...

 

Midnite

Edited by Midnite

Share this post


Link to post
Share on other sites

Hey Midnite,

 

I ran Ducky's About:Buster and then ran Hijack This and this is the log that it came up with. I can't tell if it helped or not but I'll play around to see. Anyways, here is the log and I appreaciate the help so far.

 

KKoo116116

 

Logfile of HijackThis v1.97.7

Scan saved at 3:25:48 PM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\addoq.exe

C:\WINDOWS\System32\tp4mon.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\DIGStream\digstream.exe

C:\WINDOWS\System32\ltcm000c.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\iedz.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\Kevin Koo\My Documents\Hijack This\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5846232C-DAB1-2538-1DC5-1F5122BAEDA5} - C:\WINDOWS\system32\syssr32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [iedz.exe] C:\WINDOWS\iedz.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7880.5930902778

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab

Share this post


Link to post
Share on other sites

To anyone reading this,

I still have a problem with my browser being hijacked. Pop ups still invade my computer and my internet connection is slower than ever. Please help me. I posted my last HijackThis log on the previous post and I have not touched anything since. Please help.

Share this post


Link to post
Share on other sites

First, uninstall P2P Networking through Add/Remove Programs. If/when asked whether you also want to remove Altnet components, say 'Yes'.

P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {5846232C-DAB1-2538-1DC5-1F5122BAEDA5} - C:\WINDOWS\system32\syssr32.dll

 

O4 - HKLM\..\Run: [iedz.exe] C:\WINDOWS\iedz.exe

O4 - HKCU\..\Run: [bLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

 

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab

Reboot and delete

 

files

C:\WINDOWS\iedz.exe

 

folders

C:\Program Files\Common Files\PSD Tools

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0