aaawebsearch problem -.-;

Discussion in 'privacy problems' started by Hikaru, Dec 28, 2004.

Thread Status:
Not open for further replies.
  1. Hikaru

    Hikaru Guest

    Yes well...I got the aaawebsearch problem on my comp. I stopped it from overwriting my homepage, but now i cant close IE without 5-10 browsers of aaawebsearch popping up.
    I read through all the other topics about this and dled HijackThis and scanned. Now I just need help knowing what to do next and what to delete.
    Any help is very much appreiciated!

    This is my HijackThis log:

    Logfile of HijackThis v1.99.0
    Scan saved at 4:12:59 AM, on 12/29/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\xpsp2fw.exe
    C:\WINDOWS\system32\i32sfatt.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\System32\rbljnq.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\English\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=yxz
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aaawebsearch.com/?b=yxz
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=yxz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=yxz
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=yxz
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://s6.invisionfree.com/EternalRO
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: (no name) - {7F06D2C8-6113-E949-A598-0250F7C7C18F} - C:\WINDOWS\system32\i32sfatt.exe
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [D6419B53] C:\WINDOWS\system32\avcat.exe
    O4 - HKLM\..\Run: [D50D46F6] C:\WINDOWS\system32\i32sfatt.exe
    O4 - HKLM\..\Run: [8A7548E3] C:\WINDOWS\system32\iomapnhp.exe
    O4 - HKLM\..\Run: [C2D8176E] C:\WINDOWS\system32\svceam.exe
    O4 - HKLM\..\Run: [fshhtagcjz] C:\WINDOWS\System32\rbljnq.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - HKCU\..\Run: [D6419B53] C:\WINDOWS\system32\avcat.exe
    O4 - HKCU\..\Run: [D50D46F6] C:\WINDOWS\system32\i32sfatt.exe
    O4 - HKCU\..\Run: [8A7548E3] C:\WINDOWS\system32\iomapnhp.exe
    O4 - HKCU\..\Run: [C2D8176E] C:\WINDOWS\system32\svceam.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099461763778
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    Thnx in advance~

    P.S: just so you know, I'm using Windows XP Professional ^^; thnx again
     
    Hikaru, Dec 28, 2004
    #1
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Hikaru,

    Welcome to Wilders!!!

    I am afraid we no longer allow the posting of unsolicited HijackThis logs as per our Posting Policy stated in this Announcement. However, you will find a link in the Announcement Post to several other sites that still do provide HijackThis log analysis service.

    You may also click on the ASAP in my signature and it will take you to the ASAP page that lists sites that accept HijackThis log submissions.

    Whichever site you decide to go to, please be sure and follow their posting policy before you post your HijackThis log.

    Since a HijackThis log was posted, I will close this thread now and remove it shortly.
     
    puff-m-d, Dec 28, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...