Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Home Search Virus

Started by smooph3 , Apr 09 2005 11:34 AM

  • Please log in to reply

#1
smooph3
Posted 09 April 2005 - 11:34 AM

smooph3

    New Member

  • Member
  • Pip
  • 2 posts
I need some help please. I have a problem with the home search virus. I can temporarily delete it but it keeps coming back. Ill post my HJT log in my next post.
  • 0

Advertisements

#2
smooph3
Posted 09 April 2005 - 11:52 AM

smooph3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Heres the HJT file

Logfile of HijackThis v1.99.1
Scan saved at 12:43:56 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\msoffice.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\private-zone.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vpavrk.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\ifmonxp.exe
C:\WINDOWS\System32\igmwp.exe
C:\WINDOWS\System32\Regsvr32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\sysfi.exe
C:\WINDOWS\netdf.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: (no name) - {9431FE7C-F508-1551-CE7E-072CAD27957E} - C:\WINDOWS\system32\atlqz32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\System32\wmplayer.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitexie32.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vpavrk.exe
O4 - HKLM\..\Run: [v3tg3nR] igmwp.exe
O4 - HKLM\..\Run: [sysfi.exe] C:\WINDOWS\system32\sysfi.exe
O4 - HKLM\..\RunOnce: [ntwi32.exe] C:\WINDOWS\system32\ntwi32.exe
O4 - HKLM\..\RunOnce: [ipqi32.exe] C:\WINDOWS\system32\ipqi32.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\System32\wmplayer.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKCU\..\Run: [e02mRhd2U] ifmonxp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[bleep]ed.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {004C7133-710E-7895-410D-6F532D63A60F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {02FB20A4-FF8C-51E6-4BA6-4237175CAE3B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0D2906D8-D8AD-36FA-552C-5313198EFB37} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0FB8317D-5A53-5750-94A1-7FF17838600B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {10E0E29F-A295-3188-FD89-20E63E8BF3B9} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {131E1E3F-29FE-1422-FA20-75F66FC75F17} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {1366725F-AD85-0DEF-9466-4C9B7618A8B6} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {16086245-E990-1B99-4A72-258A36277BD7} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {189774E6-7AAB-06AE-0367-79240EEBE64F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {18E3AC14-60FD-49AA-F1B0-7EC7330E7B1E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {1ED5AB72-4C99-0C54-317F-6E8E425036A1} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {237AA698-5155-5644-A527-611F2FB41BBA} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {257B08D0-80C5-4BD4-51BE-3A112E9A2AEF} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {41082D38-6E6A-71D9-A686-7CCD343AB2F6} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {42F8A361-FCC2-3668-F9D8-75A956FA133E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {4315F39A-A4EB-4EBB-6EAA-69A87ED8B250} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {45516DCA-9DDE-551A-0597-3F435638AB9A} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {5312794D-8924-639D-494E-25D04153F641} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {55EE873D-A151-76B9-9C55-115B08A26D78} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {5C825835-E00B-74E9-012C-56FD39B5929B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {60077A44-4D7A-303B-6D9A-10E36FE288CE} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {6600EAAD-330D-29DC-6A89-5CCC112B372E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {732317D9-38C1-5F28-62BA-54A93288A072} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {780A0B61-AF17-680F-C6CF-49AA4926343E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {7921490C-F1AE-279A-F84F-7E695D63F15F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {7B0043CC-8651-48AB-FB48-2CFA01286136} - http://67.19.178.86/1/rdgUS1742.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netdf.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP