HighJackThis File Log, Please Help!

Question

RPeeteRules 0 Newbie Poster

19 Years Ago

Logfile of HijackThis v1.99.1
Scan saved at 5:03:08 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\system32\mseq.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\JDG\Local Settings\Temp\HijackThis.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gqisx.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {07E66B38-1367-7DC0-FD3C-CA1BFBA6BCC7} - C:\WINDOWS\system32\atlxl.dll
O2 - BHO: Class - {0E3BEE03-C426-F488-CA26-D938932339AC} - C:\WINDOWS\system32\ntrl.dll
O2 - BHO: Class - {1F546F48-9AA0-41C6-7850-AD03A47588F8} - C:\WINDOWS\system32\d3md32.dll
O2 - BHO: Class - {223F279F-89C2-BB87-373A-00AF1771483F} - C:\WINDOWS\appzo32.dll
O2 - BHO: Class - {47DB1D1B-6A6C-9535-78A6-992CB8A66B38} - C:\WINDOWS\system32\d3ax.dll
O2 - BHO: Class - {710D4788-B064-A3C4-EC29-A9E67ABEF953} - C:\WINDOWS\system32\ipdq32.dll
O2 - BHO: Class - {8EB9F027-F18C-452F-0437-D29FA5DD0116} - C:\WINDOWS\appku32.dll
O2 - BHO: Class - {B94286B3-9087-D351-F81A-C5079026EC35} - C:\WINDOWS\iphb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F605B81B-E8BF-8C44-80DC-A0E205E8BE11} - C:\WINDOWS\netbh32.dll
O2 - BHO: Class - {F6CAF395-C955-F696-02FD-372CDFEFF452} - C:\WINDOWS\d3wn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [onsozfzxokeu] C:\WINDOWS\System32\tjepsvos.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sound32] C:\WINDOWS\system32\gotem\sound32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [mseq.exe] C:\WINDOWS\system32\mseq.exe
O4 - HKLM\..\RunOnce: [msqm32.exe] C:\WINDOWS\system32\msqm32.exe
O4 - HKLM\..\RunOnce: [crdw32.exe] C:\WINDOWS\system32\crdw32.exe
O4 - HKLM\..\RunOnce: [javaiz.exe] C:\WINDOWS\javaiz.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINDOWS\ipmk.exe
O4 - HKLM\..\RunOnce: [crvp.exe] C:\WINDOWS\system32\crvp.exe
O4 - HKLM\..\RunOnce: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\RunOnce: [mfcce32.exe] C:\WINDOWS\mfcce32.exe
O4 - HKLM\..\RunOnce: [d3ds.exe] C:\WINDOWS\d3ds.exe
O4 - HKLM\..\RunOnce: [ipqr.exe] C:\WINDOWS\system32\ipqr.exe
O4 - HKLM\..\RunOnce: [addvo.exe] C:\WINDOWS\system32\addvo.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\system32\atlgr.exe
O4 - HKLM\..\RunOnce: [winzo32.exe] C:\WINDOWS\system32\winzo32.exe
O4 - HKLM\..\RunOnce: [iecp.exe] C:\WINDOWS\system32\iecp.exe
O4 - HKLM\..\RunOnce: [mfcsk.exe] C:\WINDOWS\mfcsk.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [winau32.exe] C:\WINDOWS\system32\winau32.exe
O4 - HKLM\..\RunOnce: [javaul.exe] C:\WINDOWS\javaul.exe
O4 - HKLM\..\RunOnce: [javafc32.exe] C:\WINDOWS\javafc32.exe
O4 - HKLM\..\RunOnce: [addho32.exe] C:\WINDOWS\system32\addho32.exe
O4 - HKLM\..\RunOnce: [winrk.exe] C:\WINDOWS\winrk.exe
O4 - HKLM\..\RunOnce: [ipjf32.exe] C:\WINDOWS\ipjf32.exe
O4 - HKLM\..\RunOnce: [ieou.exe] C:\WINDOWS\ieou.exe
O4 - HKLM\..\RunOnce: [atlbi32.exe] C:\WINDOWS\atlbi32.exe
O4 - HKLM\..\RunOnce: [d3bo.exe] C:\WINDOWS\system32\d3bo.exe
O4 - HKLM\..\RunOnce: [syspq.exe] C:\WINDOWS\system32\syspq.exe
O4 - HKLM\..\RunOnce: [syseq32.exe] C:\WINDOWS\syseq32.exe
O4 - HKLM\..\RunOnce: [syshi.exe] C:\WINDOWS\system32\syshi.exe
O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe
O4 - HKLM\..\RunOnce: [msop32.exe] C:\WINDOWS\msop32.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\system32\msgb.exe
O4 - HKLM\..\RunOnce: [addew32.exe] C:\WINDOWS\addew32.exe
O4 - HKLM\..\RunOnce: [addtr32.exe] C:\WINDOWS\addtr32.exe
O4 - HKLM\..\RunOnce: [crni.exe] C:\WINDOWS\system32\crni.exe
O4 - HKLM\..\RunOnce: [msno32.exe] C:\WINDOWS\msno32.exe
O4 - HKLM\..\RunOnce: [crrf32.exe] C:\WINDOWS\crrf32.exe
O4 - HKLM\..\RunOnce: [ipwq32.exe] C:\WINDOWS\ipwq32.exe
O4 - HKLM\..\RunOnce: [mszz32.exe] C:\WINDOWS\system32\mszz32.exe
O4 - HKLM\..\RunOnce: [crdb32.exe] C:\WINDOWS\crdb32.exe
O4 - HKLM\..\RunOnce: [ipco32.exe] C:\WINDOWS\system32\ipco32.exe
O4 - HKLM\..\RunOnce: [netlu32.exe] C:\WINDOWS\netlu32.exe
O4 - HKLM\..\RunOnce: [addkc.exe] C:\WINDOWS\addkc.exe
O4 - HKLM\..\RunOnce: [mfcvb.exe] C:\WINDOWS\system32\mfcvb.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [sdkxl32.exe] C:\WINDOWS\system32\sdkxl32.exe
O4 - HKLM\..\RunOnce: [atlqc.exe] C:\WINDOWS\atlqc.exe
O4 - HKLM\..\RunOnce: [apiqq32.exe] C:\WINDOWS\system32\apiqq32.exe
O4 - HKLM\..\RunOnce: [javarv.exe] C:\WINDOWS\system32\javarv.exe
O4 - HKLM\..\RunOnce: [ieww.exe] C:\WINDOWS\system32\ieww.exe
O4 - HKLM\..\RunOnce: [syswk.exe] C:\WINDOWS\system32\syswk.exe
O4 - HKLM\..\RunOnce: [ipoo.exe] C:\WINDOWS\system32\ipoo.exe
O4 - HKLM\..\RunOnce: [apidj.exe] C:\WINDOWS\system32\apidj.exe
O4 - HKLM\..\RunOnce: [ipgg32.exe] C:\WINDOWS\system32\ipgg32.exe
O4 - HKLM\..\RunOnce: [apiqf.exe] C:\WINDOWS\system32\apiqf.exe
O4 - HKLM\..\RunOnce: [apisw.exe] C:\WINDOWS\apisw.exe
O4 - HKLM\..\RunOnce: [windn32.exe] C:\WINDOWS\system32\windn32.exe
O4 - HKLM\..\RunOnce: [addmb32.exe] C:\WINDOWS\system32\addmb32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\msqm32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

windows-virus

4 Contributors
12 Replies
251 Views
3 Days Discussion Span
Latest Post 19 Years Ago Latest Post by amill18

crunchie 990 Most Valuable Poster

19 Years Ago

Hi and welcome to Daniweb RPeeteRules. Please follow the below links and repost a new log when you have done all the steps advised.
We will then complete the clean up manually.

http://www.daniweb.com/techtalkforums/thread24085.html

http://www.daniweb.com/techtalkforums/thread27570.html

swatkat 14 Practically a Master Poster

19 Years Ago

Hi,
Let's start by cleaning!
Download these Tools and Install them:-
CleanUp!
TrojanHunter Trial
WebRoot SpySweeper Trial
CWShredder
About:Buster

Run these tools, and remove any of the malwares they may find:-
TrojanHunter

Select all the Hard Disk partitions.
Click "Full Scan".

WebRoot SpySweeper

Click "Options" button.
Click "Sweep Options" tab, and here select all the Hard Disk Partitions.
In the "Where to sweep" option box, select "Sweep all folders on the selected drives".
In the "What to sweep" option box, make sure all the items are selected.
Then click "Sweep Now" button and click "Start".

CWShredder

Run CWShredder and click "Fix"

About:Buster

Run About:Buster and click "Begin Removal".

CleanUp!

Click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options.
Click "CleanUp!" to start cleaning.
After cleaning, click "Close", and choose "Yes" to restart the PC.

After the restart, perform an online virus scan at Panda ActiveScan, with the "Disinfection" option enabled.Save the log file it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Panda ActiveScan log.

swatkat 14 Practically a Master Poster

19 Years Ago

Hi,
Have you performed the other scans (Panda, Webroot SpySweeper etc)?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

RPeeteRules 0 Newbie Poster · Answer 1 · 2005-07-11T22:54:36+00:00

I believe I've done all of the steps so far needed. Here's the updated log...

Logfile of HijackThis v1.99.1
Scan saved at 12:53:12 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\system32\sysjk32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JDG\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F6CAF395-C955-F696-02FD-372CDFEFF452} - C:\WINDOWS\d3wn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [onsozfzxokeu] C:\WINDOWS\System32\tjepsvos.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sound32] C:\WINDOWS\system32\gotem\sound32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [mseq.exe] C:\WINDOWS\system32\mseq.exe
O4 - HKLM\..\Run: [sysjk32.exe] C:\WINDOWS\system32\sysjk32.exe
O4 - HKLM\..\RunOnce: [msqm32.exe] C:\WINDOWS\system32\msqm32.exe
O4 - HKLM\..\RunOnce: [crdw32.exe] C:\WINDOWS\system32\crdw32.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINDOWS\ipmk.exe
O4 - HKLM\..\RunOnce: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\RunOnce: [d3ds.exe] C:\WINDOWS\d3ds.exe
O4 - HKLM\..\RunOnce: [ipqr.exe] C:\WINDOWS\system32\ipqr.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\system32\atlgr.exe
O4 - HKLM\..\RunOnce: [iecp.exe] C:\WINDOWS\system32\iecp.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [winau32.exe] C:\WINDOWS\system32\winau32.exe
O4 - HKLM\..\RunOnce: [javafc32.exe] C:\WINDOWS\javafc32.exe
O4 - HKLM\..\RunOnce: [winrk.exe] C:\WINDOWS\winrk.exe
O4 - HKLM\..\RunOnce: [ieou.exe] C:\WINDOWS\ieou.exe
O4 - HKLM\..\RunOnce: [atlbi32.exe] C:\WINDOWS\atlbi32.exe
O4 - HKLM\..\RunOnce: [d3bo.exe] C:\WINDOWS\system32\d3bo.exe
O4 - HKLM\..\RunOnce: [syseq32.exe] C:\WINDOWS\syseq32.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [iejx32.exe] C:\WINDOWS\iejx32.exe
O4 - HKLM\..\RunOnce: [addnb.exe] C:\WINDOWS\system32\addnb.exe
O4 - HKLM\..\RunOnce: [apieg.exe] C:\WINDOWS\apieg.exe
O4 - HKLM\..\RunOnce: [javaji.exe] C:\WINDOWS\javaji.exe
O4 - HKLM\..\RunOnce: [ntsg.exe] C:\WINDOWS\system32\ntsg.exe
O4 - HKLM\..\RunOnce: [d3ch.exe] C:\WINDOWS\d3ch.exe
O4 - HKLM\..\RunOnce: [winyv32.exe] C:\WINDOWS\winyv32.exe
O4 - HKLM\..\RunOnce: [apihi.exe] C:\WINDOWS\apihi.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\msqm32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

RPeeteRules 0 Newbie Poster · Answer 2 · 2005-07-12T01:26:48+00:00

Logfile of HijackThis v1.99.1
Scan saved at 3:25:47 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\system32\sysjk32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JDG\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {32A6CEC2-152D-9C47-1D16-97AAFF45661E} - C:\WINDOWS\msej32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F6CAF395-C955-F696-02FD-372CDFEFF452} - C:\WINDOWS\d3wn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [onsozfzxokeu] C:\WINDOWS\System32\tjepsvos.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sound32] C:\WINDOWS\system32\gotem\sound32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [mseq.exe] C:\WINDOWS\system32\mseq.exe
O4 - HKLM\..\Run: [sysjk32.exe] C:\WINDOWS\system32\sysjk32.exe
O4 - HKLM\..\RunOnce: [msqm32.exe] C:\WINDOWS\system32\msqm32.exe
O4 - HKLM\..\RunOnce: [crdw32.exe] C:\WINDOWS\system32\crdw32.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINDOWS\ipmk.exe
O4 - HKLM\..\RunOnce: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\RunOnce: [d3ds.exe] C:\WINDOWS\d3ds.exe
O4 - HKLM\..\RunOnce: [ipqr.exe] C:\WINDOWS\system32\ipqr.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\system32\atlgr.exe
O4 - HKLM\..\RunOnce: [iecp.exe] C:\WINDOWS\system32\iecp.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [winau32.exe] C:\WINDOWS\system32\winau32.exe
O4 - HKLM\..\RunOnce: [javafc32.exe] C:\WINDOWS\javafc32.exe
O4 - HKLM\..\RunOnce: [winrk.exe] C:\WINDOWS\winrk.exe
O4 - HKLM\..\RunOnce: [ieou.exe] C:\WINDOWS\ieou.exe
O4 - HKLM\..\RunOnce: [atlbi32.exe] C:\WINDOWS\atlbi32.exe
O4 - HKLM\..\RunOnce: [d3bo.exe] C:\WINDOWS\system32\d3bo.exe
O4 - HKLM\..\RunOnce: [syseq32.exe] C:\WINDOWS\syseq32.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [iejx32.exe] C:\WINDOWS\iejx32.exe
O4 - HKLM\..\RunOnce: [addnb.exe] C:\WINDOWS\system32\addnb.exe
O4 - HKLM\..\RunOnce: [apieg.exe] C:\WINDOWS\apieg.exe
O4 - HKLM\..\RunOnce: [javaji.exe] C:\WINDOWS\javaji.exe
O4 - HKLM\..\RunOnce: [ntsg.exe] C:\WINDOWS\system32\ntsg.exe
O4 - HKLM\..\RunOnce: [d3ch.exe] C:\WINDOWS\d3ch.exe
O4 - HKLM\..\RunOnce: [winyv32.exe] C:\WINDOWS\winyv32.exe
O4 - HKLM\..\RunOnce: [apihi.exe] C:\WINDOWS\apihi.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\msqm32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

RPeeteRules 0 Newbie Poster · Answer 3 · 2005-07-12T02:30:59+00:00

I have performed many scans with a good amount of programs.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2005-07-12T03:12:39+00:00

Please be specific about what you have done. Each piece of information is necessary for us to be able to help you the best.
You are still running hijackthis from a temp folder.

C:\Documents and Settings\JDG\Local Settings\Temp\HijackThis.exe

I provided a link earlier for you to follow regarding this. Please move hijackthis to a permanent folder so that we can be certain that any backups created are not lost :).

swatkat 14 Practically a Master Poster · Answer 5 · 2005-07-12T03:19:50+00:00

Download CWShredder. Download CleanUp! and install it.

Please print or save this Webpage.
Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdaeo.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {32A6CEC2-152D-9C47-1D16-97AAFF45661E} - C:\WINDOWS\msej32.dll
O2 - BHO: Class - {F6CAF395-C955-F696-02FD-372CDFEFF452} - C:\WINDOWS\d3wn.dll
O4 - HKLM\..\Run: [onsozfzxokeu] C:\WINDOWS\System32\tjepsvos.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Sound32] C:\WINDOWS\system32\gotem\sound32.exe
O4 - HKLM\..\Run: [mseq.exe] C:\WINDOWS\system32\mseq.exe
O4 - HKLM\..\Run: [sysjk32.exe] C:\WINDOWS\system32\sysjk32.exe
O4 - HKLM\..\RunOnce: [msqm32.exe] C:\WINDOWS\system32\msqm32.exe
O4 - HKLM\..\RunOnce: [crdw32.exe] C:\WINDOWS\system32\crdw32.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINDOWS\ipmk.exe
O4 - HKLM\..\RunOnce: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\RunOnce: [d3ds.exe] C:\WINDOWS\d3ds.exe
O4 - HKLM\..\RunOnce: [ipqr.exe] C:\WINDOWS\system32\ipqr.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\system32\atlgr.exe
O4 - HKLM\..\RunOnce: [iecp.exe] C:\WINDOWS\system32\iecp.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [winau32.exe] C:\WINDOWS\system32\winau32.exe
O4 - HKLM\..\RunOnce: [javafc32.exe] C:\WINDOWS\javafc32.exe
O4 - HKLM\..\RunOnce: [winrk.exe] C:\WINDOWS\winrk.exe
O4 - HKLM\..\RunOnce: [ieou.exe] C:\WINDOWS\ieou.exe
O4 - HKLM\..\RunOnce: [atlbi32.exe] C:\WINDOWS\atlbi32.exe
O4 - HKLM\..\RunOnce: [d3bo.exe] C:\WINDOWS\system32\d3bo.exe
O4 - HKLM\..\RunOnce: [syseq32.exe] C:\WINDOWS\syseq32.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [iejx32.exe] C:\WINDOWS\iejx32.exe
O4 - HKLM\..\RunOnce: [addnb.exe] C:\WINDOWS\system32\addnb.exe
O4 - HKLM\..\RunOnce: [apieg.exe] C:\WINDOWS\apieg.exe
O4 - HKLM\..\RunOnce: [javaji.exe] C:\WINDOWS\javaji.exe
O4 - HKLM\..\RunOnce: [ntsg.exe] C:\WINDOWS\system32\ntsg.exe
O4 - HKLM\..\RunOnce: [d3ch.exe] C:\WINDOWS\d3ch.exe
O4 - HKLM\..\RunOnce: [winyv32.exe] C:\WINDOWS\winyv32.exe
O4 - HKLM\..\RunOnce: [apihi.exe] C:\WINDOWS\apihi.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\msqm32.exe" /s (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Exit from HijackThis. Delete these files:-
C:\WINDOWS\System32\tjepsvos.exe
C:\WINDOWS\system32\gotem\sound32.exe
C:\WINDOWS\system32\mseq.exe
C:\WINDOWS\system32\sysjk32.exe
C:\WINDOWS\system32\msqm32.exe
C:\WINDOWS\system32\crdw32.exe
C:\WINDOWS\ipmk.exe
C:\WINDOWS\ntoz32.exe
C:\WINDOWS\d3ds.exe
C:\WINDOWS\system32\ipqr.exe
C:\WINDOWS\system32\atlgr.exe
C:\WINDOWS\system32\iecp.exe
C:\WINDOWS\system32\netym32.exe
C:\WINDOWS\system32\winau32.exe
C:\WINDOWS\javafc32.exe
C:\WINDOWS\winrk.exe
C:\WINDOWS\ieou.exe
C:\WINDOWS\atlbi32.exe
C:\WINDOWS\system32\d3bo.exe
C:\WINDOWS\syseq32.exe
C:\WINDOWS\system32\d3uw.exe
C:\WINDOWS\iejx32.exe
C:\WINDOWS\system32\addnb.exe
C:\WINDOWS\apieg.exe
C:\WINDOWS\javaji.exe
C:\WINDOWS\system32\ntsg.exe
C:\WINDOWS\d3ch.exe
C:\WINDOWS\winyv32.exe
C:\WINDOWS\apihi.exe
C:\WINDOWS\system32\msqm32.exe

Delete this folder:-
C:\WINDOWS\system32\gotem

Run CWShredder, and click "Fix".
Next, run CleanUp!, and click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options. Click "CleanUp!" to start cleaning. After cleaning, click "Close", and choose "Yes" to restart the PC.

Reboot to Normal Mode and run HijackThis again. Then click Do a System scan and save log, and post the fresh log.

RPeeteRules 0 Newbie Poster · Answer 6 · 2005-07-13T10:59:10+00:00

Oh boy, I'm not sure what I've done wrong, I'm not too good when it comes to computers. I thought I did everything that was instructed, but I'm not positive what I missed. I ran the software scans, and got rid of everything that I could like was stated to do in the safe mode. Should I just try to reinstall Windows after saving files that I need from my computer, or should I try this all again? I apologize for my lack of knowledge, I think I may need more exact instructions, I may have been confused by the other instructions.

amill18 0 Newbie Poster · Answer 7 · 2005-07-14T02:24:11+00:00

I have the ABout:blank virus and don't know what to delete. Here's my logfile.. help is appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:21:23 PM, on 7/13/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\HPHMON03.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\BATTERYSCOPE\BATMGR.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_6_2_0.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_6_2_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HKserv.exe] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe
O4 - HKLM\..\Run: [Smart Label OServer] C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\SYSTEM\HPHMON03.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
O4 - Startup: BatteryScope.lnk = C:\Program Files\BatteryScope\batmgr.exe
O4 - Startup: VAIO Action Setup (server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0a\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2005-07-14T15:36:33+00:00

Hi amill18.

First of all- welcome to Daniweb :).

We ask that members not piggy-back questions on to a thread previously started by another member here in the Viruses, Spyware & other Nasties forum, (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

amill18 0 Newbie Poster · Answer 9 · 2005-07-14T21:44:35+00:00

ok sorry about that

if you'd like to help the new thread is at http://www.daniweb.com/techtalkforums/showthread.php?p=141622#post141622