Jump to content


Photo

Home Search Assistant


  • Please log in to reply
5 replies to this topic

#1 clemson13

clemson13

    Member

  • New Member
  • Pip
  • 2 posts

Posted 17 June 2004 - 01:06 PM

Our Browser has been taken over by Home Search Assistant. It resets our browser every time we open Interent Explorer. I have run Ad-aware, Spy-bot, and Aluria Spyware Eliminator. I have also read the FAQ and the page on browser hijackings. When I try to "Add/Remove Programs," I see Home Search Assistant, Search Extender, and Shopping Wizard. They all say they cannot be reomved because "the file [url="http://looking-for.cc/uninstall""]http://looking-for.cc/uninstall"[/url] cannot be found. Any help would eb greatly appreciated! Thanks.

I ran HiJack this, and the log follows:

Logfile of HijackThis v1.97.7
Scan saved at 12:31:41 PM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\sysmv32.exe
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\sysof32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Palm\HOTSYNC.EXE
C:\Palm\AlarmApp.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Nick Franzese\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lwbty.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lwbty.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lwbty.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lwbty.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lwbty.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lwbty.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.se1.attbb.net;<local>
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nick Franzese\Application Data\Mozilla\Profiles\default\su17yjge.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE9596F4-6291-9D52-7126-1963BA99D795} - C:\WINDOWS\sdkbz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sysof32.exe] C:\WINDOWS\sysof32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [sysmv32.exe] C:\WINDOWS\system32\sysmv32.exe
O4 - HKLM\..\RunOnce: [added.exe] C:\WINDOWS\added.exe
O4 - Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.of..._1/axofupld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8004.6144791667
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab

#2 eastbaydave

eastbaydave

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 17 June 2004 - 04:49 PM

Free at last, Free at last. Thank God almighty i'm free at last!!!!!!!!!!!!!!!

I finally got rid of the res://apeuh.dll/index.html#96676
Took some of the posts here and it worked.
Uninstalled IE, rebooted to safe mode and ran every virus checker
Ad-aware, hijackthis, spysweeper,spybot S&D, Trojan hunter and did the trend micro website.
I deleted every task manager exe that wasn't supposed to be there.
All of this in safe mode
Restarted and re-installed IE

Now about the home search assistant and shopping assistant.

Found a post on google for that

Run the Registry Editor (REGEDIT.EXE). Open HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall. Click on the [+] next to Uninstall and a branch will expand under it, revealing all of the applications currently listed under Control Panel - Add/Remove Programs. Simply highlight any unwanted entries (with a single left-click) and hit Delete. One note about looking for your application in the Registry. It may not have the same name you see in the Add/Remove Programs dialog. If you're unsure about which entry to delete, you can usually click on a likely suspect in the list in the left pane to see a more thorough description in the right pane,


I think I'm in the clear and virus free. The add/remove programs that couldn't be deleted are GONE GONE GONE!!!!!!!!!!!!!!!!!!!

Good luck to you all

Dave

#3 Vulcano

Vulcano

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 17 June 2004 - 04:53 PM

Its probably this:
http://www.spywarein...?showtopic=7447

Isn't it?

#4 eastbaydave

eastbaydave

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 17 June 2004 - 05:18 PM

That's the one I believe, thx for referring it.
I haven't had any pop ups or referred pages all day today.
Did all that at about 2am last night so it's been all good so far

#5 clemson13

clemson13

    Member

  • New Member
  • Pip
  • 2 posts

Posted 17 June 2004 - 08:25 PM

Thanks for the links. I have tried the suggestions on all three links regarding this problem, but it seems to keep coming back. Even after I delete it from the registry and through Hijack This, it remains on my computer. Any more ideas?

#6 potstickerfan

potstickerfan

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 17 June 2004 - 08:46 PM

Go see my post to another guy on the other forum concerning this same thing. Its the forum with all the views (starting with CWS) :cool:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button