also @ TechSpot: Nortel's internal network "owned" by hackers for almost a decade
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Software > Software Apps
Reload this Page HOME SEARCH ASSISTANT...Please help!!

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync

HOME SEARCH ASSISTANT...Please help!!
Thread Tools Search this Thread
  #1  
Old 04-12-2005
Newcomer, in training
  
Member since: Apr 2005, 2 posts
HOME SEARCH ASSISTANT...Please help!!
:eek:
Hello,

The PC I am working with has the home search assistant on it. I have tried numerous things to remove it with no luck. Please someone help.

PC - HP Celeron
OS - XP Pro
Anti-virus - Norton CE

I have run Adaware, spybot, cw shredder, webroot, microsoft antispy, HSR, and About buster. All have removed items but the hijacker keeps returning.

Here is the hijackthis log. Perhaps someone can help me with this info. Thanks a milllion.

Logfile of HijackThis v1.99.1
Scan saved at 7:35:18 AM, on 4/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\iply.exe
C:\WINDOWS\appul.exe
C:\WINDOWS\system32\userinit.exe
E:\SpyKillers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7F1A3AF4-B347-19CF-19D8-E0A8C516A78A} - C:\WINDOWS\sdkar32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [iply.exe] C:\WINDOWS\iply.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{A15CC486-92A5-47D7-9642-90A62F1CBCD3}: NameServer = 208.14.192.55,64.94.219.66
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apirb32.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
  #2  
Old 04-12-2005
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,165 posts
You seem to have done your homework already.
Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
iply.exe
appul.exe

Next, run HJT on its own and place a tick-mark in the square before it (if still there):
C:\WINDOWS\iply.exe
C:\WINDOWS\appul.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eiqak.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7F1A3AF4-B347-19CF-19D8-E0A8C516A78A} - C:\WINDOWS\sdkar32.dll
O4 - HKLM\..\Run: [iply.exe] C:\WINDOWS\iply.exe
Unless these O17 addies are from YOUR ISP, 'fix' it also:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A15CC486-92A5-47D7-9642-90A62F1CBCD3}: NameServer = 208.14.192.55,64.94.219.66
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apirb32.exe (file missing)

When done, delete the highlighted bold files.
Boot normal. When all OK, switch System Restore back on.
  #3  
Old 04-12-2005
Newcomer, in training
  
Member since: Apr 2005, 2 posts
Thanks for the help. I was a little leary about using hjt to fix some of those entries. I needed a professional opinion. THANKS!! All is well now. No more home "stealer" assistant Appreciate your help.

Jon
Closed Thread

Similar Topics
Topic Replies Forum
Home Search Assistant... 1 Virus and Malware Removal
Home Search Assistant... 80 Software Apps
PC Infected by CWS Home Search Assistant 7 Windows OS
Program removes the Home Search Assistant 1 Windows OS
Win-XP Search Assistant silently downloads files 12 General Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 02:55 AM.