Home Search Assitent

Status
Not open for further replies.
G

goth

Beta member
Messages
2
I got this hijacked homepage. It's very irritating as it cannot be delted in Add/Remove Programs. Any help would be EXTREMELY appreciated... Adaware was useless in getting rid of it.

here is my Hijack this log



Logfile of HijackThis v1.97.7
Scan saved at 9:57:26 AM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\apitm.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\d3cf.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CAPADO~1\LOCALS~1\Temp\ARC15\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qhcqk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qhcqk.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qhcqk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qhcqk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qhcqk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qhcqk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5BC00790-A8E8-1F25-4CAA-C9AE7CFE95AF} - C:\WINDOWS\system32\addkr.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2dd3.dll
O4 - HKLM\..\Run: [Printing Storage] C:\WINDOWS\System32\print.exe
O4 - HKLM\..\Run: [d3cf.exe] C:\WINDOWS\system32\d3cf.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\RunServices: [Win leoahder] winampa.exe
O4 - HKLM\..\RunServices: [Windows Explorer] LSAS.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
 
do you know which things to fix on my log tho?

and the others dont work i've tried


thanks nonetheless :)


here it is


i deleted the suspsicoius R1's and the r2 from the previous log...it simply came back with different letters. (ueyok.dll)

hellp



Logfile of HijackThis v1.97.7
Scan saved at 2:56:19 PM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\d3cf.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\apitm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\CAPADO~1\LOCALS~1\Temp\ARC9\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ueyok.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ueyok.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ueyok.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ueyok.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ueyok.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ueyok.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {33A49432-E399-EC6E-1569-941A0DB59717} - C:\WINDOWS\system32\addxx32.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2dd3.dll
O4 - HKLM\..\Run: [Printing Storage] C:\WINDOWS\System32\print.exe
O4 - HKLM\..\Run: [d3cf.exe] C:\WINDOWS\system32\d3cf.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\RunServices: [Win leoahder] winampa.exe
O4 - HKLM\..\RunServices: [Windows Explorer] LSAS.exe
O4 - HKLM\..\RunOnce: [apitm.exe] C:\WINDOWS\system32\apitm.exe
O4 - HKLM\..\RunOnce: [iphl.exe] C:\WINDOWS\system32\iphl.exe
O4 - HKLM\..\RunOnce: [ntdg32.exe] C:\WINDOWS\system32\ntdg32.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
C
Hacked by malware
2
Replies
10
Views
9K
PP Mguire
PP Mguire
Back
Top Bottom