TechSpot

HOME SEARCH ASSISTANT...Please help!!

By jonntabbie
Apr 12, 2005
  1. :eek:
    Hello,

    The PC I am working with has the home search assistant on it. I have tried numerous things to remove it with no luck. Please someone help.

    PC - HP Celeron
    OS - XP Pro
    Anti-virus - Norton CE

    I have run Adaware, spybot, cw shredder, webroot, microsoft antispy, HSR, and About buster. All have removed items but the hijacker keeps returning.

    Here is the hijackthis log. Perhaps someone can help me with this info. Thanks a milllion.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:35:18 AM, on 4/12/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\iply.exe
    C:\WINDOWS\appul.exe
    C:\WINDOWS\system32\userinit.exe
    E:\SpyKillers\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {7F1A3AF4-B347-19CF-19D8-E0A8C516A78A} - C:\WINDOWS\sdkar32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [iply.exe] C:\WINDOWS\iply.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A15CC486-92A5-47D7-9642-90A62F1CBCD3}: NameServer = 208.14.192.55,64.94.219.66
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apirb32.exe (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    You seem to have done your homework already.
    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    iply.exe
    appul.exe

    Next, run HJT on its own and place a tick-mark in the square before it (if still there):
    C:\WINDOWS\iply.exe
    C:\WINDOWS\appul.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {7F1A3AF4-B347-19CF-19D8-E0A8C516A78A} - C:\WINDOWS\sdkar32.dll
    O4 - HKLM\..\Run: [iply.exe] C:\WINDOWS\iply.exe
    Unless these O17 addies are from YOUR ISP, 'fix' it also:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A15CC486-92A5-47D7-9642-90A62F1CBCD3}: NameServer = 208.14.192.55,64.94.219.66
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apirb32.exe (file missing)

    When done, delete the highlighted bold files.
    Boot normal. When all OK, switch System Restore back on.
     
  3. jonntabbie

    jonntabbie TS Rookie Topic Starter

    Thanks for the help. I was a little leary about using hjt to fix some of those entries. I needed a professional opinion. THANKS!! All is well now. No more :dead: home "stealer" assistant :dead: Appreciate your help.

    Jon
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.