 |  |  |  |  |  |  |  |
more "home search assistent" fun...
 |
•
•
Join Date: Feb 2004
Posts: 10,030
Reputation: 
Solved Threads: 761
Happy New Year to you too 
.
Also, please do not use inappropriate language in the forums. We cater for all ages here, being a public forum.
I wouldn't worry about what you could not fix. Just post another hijackthis log.
Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox.Then click Finish.
Hopefully that will restore the internet connection.
.Also, please do not use inappropriate language in the forums. We cater for all ages here, being a public forum.
I wouldn't worry about what you could not fix
. Just post another hijackthis log.Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox.Then click Finish.
Hopefully that will restore the internet connection.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
will try. Sleep later.. Sorry about the ****. I live in Denmark and **** is a part of the normal language.... Maybe i should only curse in danish... skupokkerdaogså...
Troels Mejer
Troels Mejer
Hi again.
I ran the web-virus-search-thing and it found 15 things. I deleted (spelling?) all 15. The HJ-log after reboot is as follows:
Logfile of HijackThis v1.99.0
Scan saved at 16:36:16, on 02-01-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TEXTware\HotKey\Twalink.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\TempVirusRemoval\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotKey.lnk = C:\Program Files\TEXTware\HotKey\Twalink.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098647918263
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Troels
I ran the web-virus-search-thing and it found 15 things. I deleted (spelling?) all 15. The HJ-log after reboot is as follows:
Logfile of HijackThis v1.99.0
Scan saved at 16:36:16, on 02-01-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TEXTware\HotKey\Twalink.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\TempVirusRemoval\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotKey.lnk = C:\Program Files\TEXTware\HotKey\Twalink.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098647918263
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Troels
•
•
Join Date: Feb 2004
Posts: 10,030
Reputation:
Solved Threads: 761
Did you manage to get the PC back on-line?
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
You will need to reboot and check if those 015 entries come back. Let me know.
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
You will need to reboot and check if those 015 entries come back. Let me know
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hi.
Yes I´m back online and all seems to be in perfect order. Allmost.
All the "015´s" are gone, but Spyware Doctor finds a tracking coockie after every reboot.
I don´t know if there´s any connections to the HomeSearch-thing? I cant get any more info on the cookie and it didnt help to delete all cookies in IE.
Thanks for all your help. I will try to deal with the tracking cookie later. Any ideas on how to find out more obuet the cookie and how to remove it?
Troels
Yes I´m back online and all seems to be in perfect order. Allmost.
All the "015´s" are gone, but Spyware Doctor finds a tracking coockie after every reboot.
I don´t know if there´s any connections to the HomeSearch-thing? I cant get any more info on the cookie and it didnt help to delete all cookies in IE.
Thanks for all your help. I will try to deal with the tracking cookie later. Any ideas on how to find out more obuet the cookie and how to remove it?
Troels
•
•
Join Date: Feb 2004
Posts: 10,030
Reputation:
Solved Threads: 761
You can try to clear it out manually by going to C:\Documents and Settings\Administrator\Cookies and deleting them manually. If you have spywareblaster you can set it to block tracking cookies.
Also you can set IE up to prompt you every time a site tries to set a cookie. Go to Internet Properties in IE then go to Privacy>Advanced. Select override automatic cookie handling and set both to prompt.
Also you can set IE up to prompt you every time a site tries to set a cookie. Go to Internet Properties in IE then go to Privacy>Advanced. Select override automatic cookie handling and set both to prompt.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
I now get anywhere from 1 to 3 new cookies on every startup. Here´s a list of the ones that look´s od:
troels@cgi-bin[1]
troels@mediaplex
troels@tribalfusion
troels@as-us.falkag
troels@imho
Any ideas? I will install all the programs listet at: http://www.daniweb.com/techtalkforums/thread5690.html
But I fear that they will only prevent new cookies from being installed.
Troels
troels@cgi-bin[1]
troels@mediaplex
troels@tribalfusion
troels@as-us.falkag
troels@imho
Any ideas? I will install all the programs listet at: http://www.daniweb.com/techtalkforums/thread5690.html
But I fear that they will only prevent new cookies from being installed.
Troels
•
•
Join Date: Feb 2004
Posts: 10,030
Reputation:
Solved Threads: 761
Did you do what I suggested above? If you did, you should be able to delete those cookies and the only way they can come back is if you let them.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Removal of "Home Search Assistant", "Search Extender", & "Shopping Wizard" (Viruses, Spyware and other Nasties)
- Removal of "Home Search Assistant", "Search Extender", & "Shopping Wizard" (Viruses, Spyware and other Nasties)
- "Home Search 'Assistent'"... yet again (Viruses, Spyware and other Nasties)
- "please help""" HOME SEARCH ASSISTENT" (Viruses, Spyware and other Nasties)
- "HOME SEARCH ASSISTENT" HELP!!! (Viruses, Spyware and other Nasties)
- "HOME SEARCH ASSISTENT" HELP!!! (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Tricky Spyware
- Next Thread: WMP Internal Application Error- very complicated!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
