Yes well...I got the aaawebsearch problem on my comp. I stopped it from overwriting my homepage, but now i cant close IE without 5-10 browsers of aaawebsearch popping up. I read through all the other topics about this and dled HijackThis and scanned. Now I just need help knowing what to do next and what to delete. Any help is very much appreiciated! This is my HijackThis log: Logfile of HijackThis v1.99.0 Scan saved at 4:12:59 AM, on 12/29/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\xpsp2fw.exe C:\WINDOWS\system32\i32sfatt.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\rbljnq.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\English\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=yxz R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aaawebsearch.com/?a=2&b=yxz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=yxz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=yxz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aaawebsearch.com/?b=yxz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aaawebsearch.com/?a=2&b=yxz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aaawebsearch.com/?a=2&b=yxz R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=yxz R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aaawebsearch.com/?a=2&b=yxz R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=yxz R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aaawebsearch.com/?a=2&b=yxz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://s6.invisionfree.com/EternalRO R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: (no name) - {7F06D2C8-6113-E949-A598-0250F7C7C18F} - C:\WINDOWS\system32\i32sfatt.exe O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe O4 - HKLM\..\Run: [D6419B53] C:\WINDOWS\system32\avcat.exe O4 - HKLM\..\Run: [D50D46F6] C:\WINDOWS\system32\i32sfatt.exe O4 - HKLM\..\Run: [8A7548E3] C:\WINDOWS\system32\iomapnhp.exe O4 - HKLM\..\Run: [C2D8176E] C:\WINDOWS\system32\svceam.exe O4 - HKLM\..\Run: [fshhtagcjz] C:\WINDOWS\System32\rbljnq.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe O4 - HKCU\..\Run: [D6419B53] C:\WINDOWS\system32\avcat.exe O4 - HKCU\..\Run: [D50D46F6] C:\WINDOWS\system32\i32sfatt.exe O4 - HKCU\..\Run: [8A7548E3] C:\WINDOWS\system32\iomapnhp.exe O4 - HKCU\..\Run: [C2D8176E] C:\WINDOWS\system32\svceam.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099461763778 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab Thnx in advance~ P.S: just so you know, I'm using Windows XP Professional ^^; thnx again
Hi Hikaru, Welcome to Wilders!!! I am afraid we no longer allow the posting of unsolicited HijackThis logs as per our Posting Policy stated in this Announcement. However, you will find a link in the Announcement Post to several other sites that still do provide HijackThis log analysis service. You may also click on the ASAP in my signature and it will take you to the ASAP page that lists sites that accept HijackThis log submissions. Whichever site you decide to go to, please be sure and follow their posting policy before you post your HijackThis log. Since a HijackThis log was posted, I will close this thread now and remove it shortly.