Thread: Hijack This log - I'm infected with "Home Search Assistent"
View Single Post
  #4 (permalink)  
Old 05-07-2004, 05:56 PM
owen's Avatar
owen owen is offline
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Hijack This log - I'm infected with "Home Search Assistent"
Restart Hijack This and put a checkmark next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JAREDF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JAREDF~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JAREDF~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JAREDF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JAREDF~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JAREDF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {6DC9EDDC-D300-4F11-98C7-F74B35B87854} - C:\WINDOWS\System32\bgaeb.dll
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lrsqzidrbbapx] C:\WINDOWS\System32\byzzlh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
O18 - Filter: text/html - {9C8ADBC9-BEE1-4065-B342-A9B216D37033} - C:\WINDOWS\System32\bgaeb.dll
O18 - Filter: text/plain - {9C8ADBC9-BEE1-4065-B342-A9B216D37033} - C:\WINDOWS\System32\bgaeb.dll

Click Fix Checked

Then could you Download (or use the copy you have if you kept it) about:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip

Make sure you close ALL Internet Explorer windows. This is a very important step!!

Run AboutBuster.exe, click ok, then start, then OK. This will scan your computer for the files responsible for hijacking your home and/or search settings/page.

Reboot and post a new HijackThis log along with the report from about:Buster.
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Last edited by owen; 05-07-2004 at 06:02 PM. Reason: Missed out an entry
Reply With Quote