• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jimmystew

Home Search/ Only the best hijacker

5 posts in this topic

I definitely have been hijacked by the Home Search/ Only the Best Hijacker. I have followed instructions for removing it as posted in many different forums. I still haven't been able to get rid of it. Any help you can give would be greatly appreciated.

 

Here is my log file from Hijack This:

 

Logfile of HijackThis v1.98.0

Scan saved at 9:14:27 PM, on 7/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\nettv32.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\ch_utility.exe

C:\WINDOWS\System32\khooker.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\addut.exe

D:\Program Files\Netscape\Netscape\Netscp.exe

C:\Documents and Settings\Nate\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\abwko.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://abwko.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://abwko.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\abwko.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\abwko.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://abwko.dll/index.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5FA23166-401F-13C1-370A-22B100AB77E7} - C:\WINDOWS\system32\winut32.dll

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [Chrontel TV] C:\WINDOWS\System32\ch_utility.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

O4 - HKLM\..\Run: [addut.exe] C:\WINDOWS\addut.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [cvchost] c:\windows\svchost.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab

Share this post


Link to post
Share on other sites

Hey

 

Download about:buster here,

http://www.downloads.subratam.org/AboutBuster.zip

unzip it to your desktop.

 

You have a CWS hijacker, please boot into safe mode by tapping F8 while it's booting.

 

Open about:buster, Click Update to just see if there's any updates.

Run about:buster, save the log it generates in both of the scans, into a text file, it'll automatically scan a second time.

 

When both scans are run, boot back into normal mode, post both about:buster logs and a new hijackthis log, thank you.

Share this post


Link to post
Share on other sites

I downloaded the new About:buster. I had used it before, but some site gave me an older version of it. I think the newer version does a better job.

I booted into safe mode and ran about:buster. I forgot to copy the log. So I rebooted back into safe mode again, ran it again, and the this is the log file for it:

 

-- Scan 1 --------

About:Buster Version 2.0

Deleted Service Key Successfully!

Removed! : C:\WINDOWS\aiqid.dat

Removed! : C:\WINDOWS\yfymq.dat

Removed! : C:\WINDOWS\ynsrg.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 2.0

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

 

Here is my new log file from Hijack This:

 

Logfile of HijackThis v1.98.0

Scan saved at 3:13:07 PM, on 7/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\ch_utility.exe

C:\WINDOWS\System32\khooker.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Documents and Settings\Nate\Desktop\HijackThis.exe

 

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [Chrontel TV] C:\WINDOWS\System32\ch_utility.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital

 

Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP

 

Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [cvchost] c:\windows\svchost.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

 

Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program

 

Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft

 

Office\Office\OSA9.EXE

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

 

D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

 

D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program

 

Files\AWS\WeatherBug\Weather.exe (HKCU)

O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) -

 

http://download.jaunt.com/public/jaunt.cab

Share this post


Link to post
Share on other sites

hey

 

Have hijackthis fix this one:

 

O4 - HKCU\..\Run: [cvchost] c:\windows\svchost.exe

 

reboot into safe mode.

 

Find and delete:

c:\windows\svchost.exe .... make sure it's the one in the WINDOWS folder!

 

reboot into normal mode and you should be good to go! How is it?

Share this post


Link to post
Share on other sites

It looks like that took care of it. Thanks for you help! It must have just been that i was using an old version of About:buster. I wish I had known that earlier. That would have saved me a lot of time. I just assumed it was the newest one, because I downloaded it yesterday from Spyware help site.

Thanks again!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0