Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson Postmortem Problem[RESOLVED]


  • This topic is locked This topic is locked

#1
Dr. Fate

Dr. Fate

    New Member

  • Member
  • Pip
  • 5 posts
I have read and done most of the 5 steps your team has suggested prior to starting a new post. I have the same proble I was reading about from someone writing into you. Currently even my mouse is very symptomatic and I have to log on to the internet several times before I can actually get to your web site. I have run several virus searches and they do locate infected files. My problem is that I have no idea what is spyware and what just needs to be cleaned. I hope you can help. Well here is my Hijack This post.

Logfile of HijackThis v1.99.0
Scan saved at 11:13:27 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apirg32.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "D:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [crlf32.exe] C:\WINDOWS\system32\crlf32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Steam] d:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Voice Alarm.lnk = D:\Program Files\LHSP\Now You're Talking Classic\VAlarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra 'Tools' menuitem: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Boxtop - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin....ugin/111069.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1088956135375
O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...370/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O18 - Protocol: bw+0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) - Unknown - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\javalo32.exe (file missing)
  • 0

Advertisements


#2
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
You are using an outdated version of HijackThis. Please download HijackThis version 1.99.1 from here:
http://www.downloads.../hijackthis.zip
and make sure to unzip it to a permanent folder. Then please run HijackThis, click Scan and Save log, and post the new log here. I would be happy to take a look at it.
  • 0

#3
Dr. Fate

Dr. Fate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for your help. I do not mean to sound totally stupid but you will pretty much need to tell me step by step what I need to do. I have downloaded the revised version of Hijack This and have re-ran the report. Here it is. Let me know what you need me to do. As I stated in my first post, my mouse is really acting up and it jumps all over the place.

Logfile of HijackThis v1.99.0
Scan saved at 11:13:27 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apirg32.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "D:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [crlf32.exe] C:\WINDOWS\system32\crlf32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Steam] d:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Voice Alarm.lnk = D:\Program Files\LHSP\Now You're Talking Classic\VAlarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra 'Tools' menuitem: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Boxtop - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin....ugin/111069.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1088956135375
O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...370/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O18 - Protocol: bw+0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) - Unknown - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\javalo32.exe (file missing)
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Dr. Fate

Welcome to geekstogo ;)

You are running an out-of-date version of HijackThis; can you please download a new copy (there is a link in my signature), unzip it, and replace your existing copy with the new version.


I would advise you to use the Control Panel / Add/Remove Programs to remove the LogitechDesktopMessenger program. It is responsible for all of the 018 entries. It has a bad reputation as a resource hog.

Using Add Remove Program File uninstall the following:
C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
c:\spywarevanisher-free\FreeScanner.exe -FastScan

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs to your desktop - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove

cwsserviceremove.zip


Download CW-Shredder at the link below:
CWShredder

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - Click here to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:


Remote Procedure Call

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dont find this service listed go ahead with the next steps.

a.) Copy the contents of the Quote Box below to Notepad.
b.) Save the file as RemoveTrustedZone.reg
c.) Change the Save as Type to All Files.
d.) Save this file to the desktop.

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]


--
e.) Double-click on RemoveTrustedZone.reg.
f.) When it asks you to merge the information to the registry click Yes.



2. Reboot into Safe Mode: Click here if you don't know how to do this.


3. Press Ctrl+Alt+Delete once -> Click Task Manager -> Click the Processes tab -> Double-click the Image Name column header to alphabetically sort the processes -> Scroll through the list and look for:

C:\WINDOWS\ltekb.dll
C:\WINDOWS\system32\apirg32.dll
C:\WINDOWS\system32\crlf32.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
C:\WINDOWS\javalo32.exe

If you find the files, click on them, and then click End Process -> Exit the Task Manager.

4. CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put checks next to all the following,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ltekb.dll/sp.html#10213
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apirg32.dll
O4 - HKLM\..\Run: [crlf32.exe] C:\WINDOWS\system32\crlf32.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O9 - Extra button: Boxtop - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin....ugin/111069.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O18 - Protocol: bw+0 - {177A849D-452C-4308-8FFD-63520DADC298} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\javalo32.exe (file missing)


Then click on "Fix Checked"

5. Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\javalo32.exe<--Delete this file
C:\WINDOWS\ltekb.dll<--Delete this file
C:\WINDOWS\system32\apirg32.dll<--Delete this file
C:\WINDOWS\system32\crlf32.exe<--Delete this file
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\<--Delete this folder
c:\spywarevanisher-free\<--Delete this folder
C:\Program Files\BoxTopsShoppingReminder\<--Delete this folder

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Download the ccleaner
I use this Program and is setup like this all boxs are check.

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox, and click the radio button that says Delete a file on reboot.
Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.
C:\WINDOWS\ltekb.dll
C:\WINDOWS\system32\apirg32.dll
C:\WINDOWS\system32\crlf32.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
C:\WINDOWS\javalo32.exe

End off kilbox files

12. Reboot into normal mode.

13. Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
Dr. Fate

Dr. Fate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK, I received your posting and have read all of the way through it. I have agqain down loaded the programs to my desktop and have updated the small debugging programs. Just to let you know, I stopped before I finished because I was unsure what files I was supposed to place a check next to. Here are the problems I have come across:

Problems:

1) I was able to remove the LogitechDesktopMessanger. The file still shows under the Add/remove programs but there is nothing in the file any longer.

2) For the C:\Program Files\BoxTopsSoppingReminder.... It gave me the following errormessage: "Error:Could not Exectute Main: The System Cannot Find File Specified"... ??? Should I do anything?

3) For the C:\spywarevanisher-free..... There was no reference to it under the Add/Remove Program file.

4) For the Remote Procedure Call... I could not click the Stop button. No buttons were highlighted for me to do this action. In fact I saw 2 lines referencing the Remote Procedure Call and I tried to do this on both. Could not.

5) When I copied the "Regedit4" to Word Notes it would not let me save it as "All" File Types. I saved the file to the desk top anyway and when Itried to double click on it it did not do anything. It just opened.

6) After rebooting in Safe Mode - I could not locate the following files you suggested:

C:\WINDOWS\ltekb.dll
C:\WINDOWS\system32\apirg32.dll
C:\WINDOWS\system32\crlf32.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
C:\WINDOWS\javalo32.exe

7) After closing all Windows and Browsers, I re-ran Hijack This. Here is where I stopped. I could not find the file you were asking me to place check marks next to... All of my files that sarted with "R1" have "System32\vuidz.dll" in the wording where you are asking for "itekb.dll"... I stoped because I do not want to deleate anything that does not match word for word....

I have attached the Hijack This report that I ran last. As you can see it is quite smaller than before now that all of the Logitech stuff has been removed. Can you tell me what to do by matching my lines to what you want me to place check marks by?

Thank you again, My computer is in your hands.

Logfile of HijackThis v1.99.1
Scan saved at 6:30:19 PM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apirg32.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "D:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Steam] d:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Voice Alarm.lnk = D:\Program Files\LHSP\Now You're Talking Classic\VAlarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra 'Tools' menuitem: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Boxtop - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O15 - Trusted Zone: http://*.searchsquire.com
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin....ugin/111069.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1088956135375
O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...370/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\d3dj32.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Dr. Fate

Please read through the instructions before you start (you may want to print this out).

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:


Network Security Service

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dont find this service listed go ahead with the next steps.

(QUOTE) When I copied the "Regedit4" to Word Notes<this is not Notepad >Click start > click run > inside the box type Notepad > now click ok. Now follow the instruction below

a.) Copy the contents of the Quote Box below to Notepad.
b.) Save the file as RemoveTrustedZone.reg
c.) Change the Save as Type to All Files.
d.) Save this file to the desktop.


Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]


--
e.) Double-click on RemoveTrustedZone.reg.
f.) When it asks you to merge the information to the registry click Yes.



2. Reboot into Safe Mode: Click here if you don't know how to do this.


3. Press Ctrl+Alt+Delete once -> Click Task Manager -> Click the Processes tab -> Double-click the Image Name column header to alphabetically sort the processes -> Scroll through the list and look for:


If you find the files, click on them, and then click End Process -> Exit the Task Manager.

4. CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put check mark in the little boxes on the left side, next to all the following,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vuidz.dll/sp.html#10213
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O15 - Trusted Zone: http://*.searchsquire.com
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin....ugin/111069.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe
O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O23 - Service: Network Security Service ( 11F_#`I) - Unknown owner - C:\WINDOWS\system32\d3dj32.exe


Then click on "Fix Checked"

5. Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\system32\vuidz.dll<--Delete this file
c:\ spywarevanisher-free\<--Delete the whole folder
C:\WINDOWS\system32\d3dj32.exe<--Delete this file

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make all are checked and then press *ok* to remove:

Download the ccleaner
I use this Program and is setup like this all boxs are check.
Now run the ccleaner

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Reboot into normal mode.

12. Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
Dr. Fate

Dr. Fate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for that last post. It has helped out a whole lot. I am not sure what did what, but I now have full control of the Mouse and "Start up" comand screen.

In regards to items 1:
Found "Network Security Service" I disabled it as told.
Sorry about the "Word Notes" vs. Notepad mix-up. I saved "RemoveTrustedZone.reg" and merged it into my system.

In regards to item 4:
I have one question, in my first post I realized my Hijack This Post, did have as you suggested, files listed as "Itekb.dll" when I ran it again after your post they said "Vuidz.dll". You graciously changed your post to match. Here is my problem, when I re-opened the Hijack This to fix what was suggested they read "tmojr.dll" as you will see below. Why did they change? Are they supposed to?
Well anyway....
All of the "015 - Trusted Zone" items where not there.

In regards to item 5:
C:\WINDOWS\system32\vuidz.dll<--Deleted
c:\ spywarevanisher-free\<--Not Found
C:\WINDOWS\system32\d3dj32.exe<--Deleted
C:\WINDOWS\ltekb.dll<--Not Found
C:\WINDOWS\system32\apirg32.dll<--Deleted
C:\WINDOWS\system32\crlf32.exe<--Deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe<--Deleted
C:\WINDOWS\javalo32.exe<--Deleted

In regards to item 6:
Ran AboutBuster - following is the report.

Scanned at: 2:04:19 PM on: 3/20/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Removed 4 Random Key Entries
Removed! : C:\WINDOWS\n_dqvxzt.dat
Removed! : C:\WINDOWS\n_drzktt.dat
Removed! : C:\WINDOWS\n_pieora.dat
Removed! : C:\WINDOWS\n_qmhivv.dat
Removed! : C:\WINDOWS\n_qotbfo.dat
Removed! : C:\WINDOWS\obniwb.dat
Removed! : C:\WINDOWS\phbnh.dll
Removed! : C:\WINDOWS\pnpzj.dat
Removed! : C:\WINDOWS\pusna.dat
Removed! : C:\WINDOWS\pvbre.dll
Removed! : C:\WINDOWS\pxplx.dat
Removed! : C:\WINDOWS\pxplx.dll
Removed! : C:\WINDOWS\pzvti.dat
Removed! : C:\WINDOWS\qlnmq.dat
Removed! : C:\WINDOWS\qzrmzw.dat
Removed! : C:\WINDOWS\rbdig.dll
Removed! : C:\WINDOWS\rfcztc.dat
Removed! : C:\WINDOWS\rmntp.dat
Removed! : C:\WINDOWS\rpqmf.dat
Removed! : C:\WINDOWS\rriot.dat
Removed! : C:\WINDOWS\rthlc.dat
Removed! : C:\WINDOWS\rwbnzt.dat
Removed! : C:\WINDOWS\scqxl.dat
Removed! : C:\WINDOWS\sguis.dat
Removed! : C:\WINDOWS\SiSUSBrg.exe
Removed! : C:\WINDOWS\smaql.dat
Removed! : C:\WINDOWS\sutbyd.dat
Removed! : C:\WINDOWS\tnaty.dll
Removed! : C:\WINDOWS\tofbz.dat
Removed! : C:\WINDOWS\uajws.dat
Removed! : C:\WINDOWS\ubfbvy.dat
Removed! : C:\WINDOWS\ucpmz.dat
Removed! : C:\WINDOWS\ucsyp.dat
Removed! : C:\WINDOWS\ukzxr.dll
Removed! : C:\WINDOWS\uoevg.dat
Removed! : C:\WINDOWS\upihx.dll
Removed! : C:\WINDOWS\vhqdjt.dat
Removed! : C:\WINDOWS\vmdwj.dat
Removed! : C:\WINDOWS\wkcud.dat
Removed! : C:\WINDOWS\xkpea.dat
Removed! : C:\WINDOWS\xpbrjo.dat
Removed! : C:\WINDOWS\xvohv.dll
Removed! : C:\WINDOWS\xwmed.dat
Removed! : C:\WINDOWS\ydqqk.dll
Removed! : C:\WINDOWS\ynuqq.dll
Removed! : C:\WINDOWS\yvnlpw.dat
Removed! : C:\WINDOWS\yzmnc.dat
Removed! : C:\WINDOWS\zqdql.dll
Removed! : C:\WINDOWS\system32\agbdt.dll
Removed! : C:\WINDOWS\system32\atlpo.dll
Removed! : C:\WINDOWS\system32\baafy.dat
Removed! : C:\WINDOWS\system32\byuyu.dat
Removed! : C:\WINDOWS\system32\cczib.dat
Removed! : C:\WINDOWS\system32\clezo.dat
Removed! : C:\WINDOWS\system32\crju32.dll
Removed! : C:\WINDOWS\system32\d3bj.dll
Removed! : C:\WINDOWS\system32\d3xc32.dll
Removed! : C:\WINDOWS\system32\darnm.dat
Removed! : C:\WINDOWS\system32\darnm.dll
Removed! : C:\WINDOWS\system32\dawzs.dat
Removed! : C:\WINDOWS\system32\dbrgg.dat
Removed! : C:\WINDOWS\system32\dllbl.dat
Removed! : C:\WINDOWS\system32\dllbl.dll
Removed! : C:\WINDOWS\system32\dmzev.dll
Removed! : C:\WINDOWS\system32\dorod.dat
Removed! : C:\WINDOWS\system32\easdi.dat
Removed! : C:\WINDOWS\system32\emwiq.dat
Removed! : C:\WINDOWS\system32\fpgcm.dat
Removed! : C:\WINDOWS\system32\fvvua.dll
Removed! : C:\WINDOWS\system32\fwmxp.dat
Removed! : C:\WINDOWS\system32\gfdpt.dll
Removed! : C:\WINDOWS\system32\gtcyl.dat
Removed! : C:\WINDOWS\system32\gxnzb.dat
Removed! : C:\WINDOWS\system32\higvo.dat
Removed! : C:\WINDOWS\system32\hphlt.dat
Removed! : C:\WINDOWS\system32\ihydn.dat
Removed! : C:\WINDOWS\system32\jeksu.dat
Removed! : C:\WINDOWS\system32\jkavk.dat
Removed! : C:\WINDOWS\system32\jqbfy.dat
Removed! : C:\WINDOWS\system32\jqfwv.dat
Removed! : C:\WINDOWS\system32\jujto.dll
Removed! : C:\WINDOWS\system32\kavgi.dll
Removed! : C:\WINDOWS\system32\kibdm.dll
Removed! : C:\WINDOWS\system32\kvhgj.dat
Removed! : C:\WINDOWS\system32\kvqgl.dat
Removed! : C:\WINDOWS\system32\mmdiv.dat
Removed! : C:\WINDOWS\system32\ndxuk.dat
Removed! : C:\WINDOWS\system32\netce.dll
Removed! : C:\WINDOWS\system32\nmcvc.dll
Removed! : C:\WINDOWS\system32\nrnck.dat
Removed! : C:\WINDOWS\system32\nrnck.dll
Removed! : C:\WINDOWS\system32\nslbs.dat
Removed! : C:\WINDOWS\system32\nvwos.dat
Removed! : C:\WINDOWS\system32\nvwos.dll
Removed! : C:\WINDOWS\system32\ocuoz.dll
Removed! : C:\WINDOWS\system32\odusf.dll
Removed! : C:\WINDOWS\system32\okwpt.dat
Removed! : C:\WINDOWS\system32\omjin.dat
Removed! : C:\WINDOWS\system32\opwsw.dat
Removed! : C:\WINDOWS\system32\oqcun.dll
Removed! : C:\WINDOWS\system32\pauqe.dat
Removed! : C:\WINDOWS\system32\pimkz.dat
Removed! : C:\WINDOWS\system32\qiyov.dat
Removed! : C:\WINDOWS\system32\qyhvw.dll
Removed! : C:\WINDOWS\system32\rwdta.dat
Removed! : C:\WINDOWS\system32\rwdta.dll
Removed! : C:\WINDOWS\system32\rwsgb.dll
Removed! : C:\WINDOWS\system32\stcpx.dat
Removed! : C:\WINDOWS\system32\tcpxw.dll
Removed! : C:\WINDOWS\system32\tdkbt.dll
Removed! : C:\WINDOWS\system32\tjcko.dat
Removed! : C:\WINDOWS\system32\tpzci.dll
Removed! : C:\WINDOWS\system32\vvxba.dll
Removed! : C:\WINDOWS\system32\wzcam.dll
Removed! : C:\WINDOWS\system32\xyvka.dll
Removed! : C:\WINDOWS\system32\ybern.dat
Removed! : C:\WINDOWS\system32\ycuve.dat
Removed! : C:\WINDOWS\system32\yefao.dat
Removed! : C:\WINDOWS\system32\ypalp.dll
Removed! : C:\WINDOWS\system32\ypyxq.dll
Removed! : C:\WINDOWS\system32\yziee.dll
Removed! : C:\WINDOWS\system32\zcwkx.dat
Removed! : C:\WINDOWS\system32\zcwkx.dll
Removed! : C:\WINDOWS\system32\zgisn.dll
Removed! : C:\WINDOWS\system32\zuipp.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


In regards to item 7:
Ran AdAware - following is the report.

Incident Status Location

Adware:Adware/Gator No disinfected C:\Program Files\Common Files\GMT
Adware:Adware/PurityScan No disinfected Windows Registry
Adware:Adware/Comet No disinfected C:\Program Files\Comet
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Michelle\Favorites\Sites about\Ab scissor.url
Adware:Adware/ShowSearch No disinfected C:\Documents and Settings\Michelle\Application Data\sysns\mssearch.dll
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Michelle\Application Data\sysns\sysns.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\comet.exe
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\csband.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\csbrange.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\csctx.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\cseng.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\fileutil.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Bin\skinui.dll
Adware:Adware/Comet No disinfected C:\Program Files\Comet\Data\csres.dat
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18400750.asw
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18400843.asw
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18400937.asw
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18401078.asw
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18401171.asw
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18401312.asw
Adware:Adware/Comet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18401390.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41645406.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41646218.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41646718.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41648265.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41648593.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41648703.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41648937.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41649093.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41649609.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41649796.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41649906.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650125.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650234.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650375.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650562.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650687.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650812.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41650906.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41651281.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41651468.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41651796.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41651890.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41652015.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41652218.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41652468.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41652625.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41652781.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41652968.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41653234.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41653375.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41653796.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41654015.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41654109.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41654406.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41654750.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41654921.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41655031.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41655234.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41655343.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41655453.asw
Adware:Adware/SearchAid No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41655625.asw
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\GMT\GMT.exe
Adware:Adware/SearchSquire No disinfected C:\SearchInstall.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\bjshpq.dat
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\dvhit.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iailsd.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\jxaqhb.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcec.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mszg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_atuuuj.dat
Virus:Trj/Agent.DW Disinfected C:\WINDOWS\n_bkovig.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_bnydwe.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_bysldl.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_durnnw.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_elnlcw.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_huyfmw.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_hxrdsh.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_isioas.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_kkrzht.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_lcqrzq.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_lludbq.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_lrusxv.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_mmeujo.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ncchdp.dat
Virus:Trj/Agent.DW Disinfected C:\WINDOWS\n_nydgyf.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_okgyzc.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_puxyxe.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_qidbnw.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_rqjeuv.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_todtva.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ugndvl.dat
Virus:Trj/Agent.DW Disinfected C:\WINDOWS\n_uolmdc.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_vrxvyg.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_wdnilk.dat
Virus:Trj/Agent.DW Disinfected C:\WINDOWS\n_xuvvtb.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_xuwtob.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_zhlkis.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_zhwxve.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_zmhwse.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\olqdv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\pnzikd.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\qlmtgi.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\qrank.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atlny.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\cczib.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crcq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crjo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\gypkt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\olnoc.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\orrom.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\pihlr.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sdkly32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\seava.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysot.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysve.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\tycpei.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\vjsium.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\xvohvk.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\xxoncn.dat

In Regards to item 8:
Completed

In regards to item 9:
Completed

In regards to item 10:
Completed

In regards to item 11:
Completed

In regards to item 12:
Completed - Restored Original Hosts

I ran the "Housecall" - Following is the report.
This report took a very long time to run. Not sure what happened, it said it finished but no report was generated. Sorry I will run it again and post tomorrow.

Following is my Hijack This report.

Logfile of HijackThis v1.99.1
Scan saved at 7:11:48 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apirg32.dll (file missing)
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "D:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Steam] d:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Voice Alarm.lnk = D:\Program Files\LHSP\Now You're Talking Classic\VAlarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra 'Tools' menuitem: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Boxtop - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1088956135375
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...370/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you for all of your help.
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Dr. Fate

Will explain what the problems are later when whave this under control.

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:


Skip this part

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dont find this service listed go ahead with the next steps.

2. Reboot into Safe Mode: Click here if you don't know how to do this.


3. Press Ctrl+Alt+Delete once -> Click Task Manager -> Click the Processes tab -> Double-click the Image Name column header to alphabetically sort the processes -> Scroll through the list and look for:
Skip this part

If you find the files, click on them, and then click End Process -> Exit the Task Manager.

4. CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put checks next to all the following,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tmojr.dll/sp.html#10213
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apirg32.dll (file missing)
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://enter.biz.ly/tiffany/webcam.exe


Then click on "Fix Checked"

5. Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\system32\tmojr.dll/sp.html#10213
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
c:\spywarevanisher-free\FreeScanner.exe -FastScan[/B]
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Now run the ccleaner.

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot.
Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.
C:\WINDOWS\system32\tmojr.dll
C:\WINDOWS\n_bnydwe.dat
C:\WINDOWS\n_bysldl.dat
C:\WINDOWS\n_durnnw.dat
C:\WINDOWS\n_elnlcw.dat
C:\WINDOWS\n_huyfmw.dat
C:\WINDOWS\n_hxrdsh.dat
C:\WINDOWS\n_isioas.dat
C:\WINDOWS\n_kkrzht.dat
C:\WINDOWS\n_lcqrzq.dat
C:\WINDOWS\n_lludbq.dat
C:\WINDOWS\n_lrusxv.dat
C:\WINDOWS\n_mmeujo.dat
C:\WINDOWS\n_ncchdp.dat
C:\WINDOWS\n_nydgyf.dat
C:\WINDOWS\n_okgyzc.dat
C:\WINDOWS\n_puxyxe.dat
C:\WINDOWS\n_qidbnw.dat
C:\WINDOWS\n_rqjeuv.dat
C:\WINDOWS\n_todtva.dat
C:\WINDOWS\n_ugndvl.dat
C:\WINDOWS\n_vrxvyg.dat
C:\WINDOWS\n_wdnilk.dat
C:\WINDOWS\n_xuwtob.dat
C:\WINDOWS\n_zhlkis.dat
C:\WINDOWS\n_zhwxve.dat
C:\WINDOWS\n_zmhwse.dat
C:\WINDOWS\olqdv.dll
C:\WINDOWS\pnzikd.dat
C:\WINDOWS\qlmtgi.dat
C:\WINDOWS\qrank.dll
C:\WINDOWS\system32\atlny.dll
C:\WINDOWS\system32\cczib.dll
C:\WINDOWS\system32\crcq.dll
C:\WINDOWS\system32\crjo.dll
C:\WINDOWS\system32\gypkt.dll
C:\WINDOWS\system32\olnoc.dll
C:\WINDOWS\system32\orrom.dll
C:\WINDOWS\system32\pihlr.dll
C:\WINDOWS\system32\sdkly32.dll
C:\WINDOWS\system32\seava.dll
C:\WINDOWS\system32\sysot.dll
C:\WINDOWS\system32\sysve.dll
C:\WINDOWS\tycpei.dat
C:\WINDOWS\vjsium.dat
C:\WINDOWS\xvohvk.dat
C:\WINDOWS\xxoncn.dat [/B]


12. Reboot into normal mode.

13. Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm

Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#9
Dr. Fate

Dr. Fate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry for missing a day I am pretty sick, but I knew I had to get this done.
Thank you very much for your help.
Here is what I have.

Items #1 and 3...
Could not find "Skip this Part"

Item # 4
Completed task

Item # 5
Completed task

Item # 6
Completed task - Report follows

Item # 7
Completed task

Item # 8
Completed task

Item # 9
Completed task

Item # 10
Completed task

Item # 11
Completed task

Item # 13
Completed task

Following is the two reports that you requested (Hijack This and About Buster)

Scanned at: 2:04:19 PM on: 3/20/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Removed 4 Random Key Entries
Removed! : C:\WINDOWS\n_dqvxzt.dat
Removed! : C:\WINDOWS\n_drzktt.dat
Removed! : C:\WINDOWS\n_pieora.dat
Removed! : C:\WINDOWS\n_qmhivv.dat
Removed! : C:\WINDOWS\n_qotbfo.dat
Removed! : C:\WINDOWS\obniwb.dat
Removed! : C:\WINDOWS\phbnh.dll
Removed! : C:\WINDOWS\pnpzj.dat
Removed! : C:\WINDOWS\pusna.dat
Removed! : C:\WINDOWS\pvbre.dll
Removed! : C:\WINDOWS\pxplx.dat
Removed! : C:\WINDOWS\pxplx.dll
Removed! : C:\WINDOWS\pzvti.dat
Removed! : C:\WINDOWS\qlnmq.dat
Removed! : C:\WINDOWS\qzrmzw.dat
Removed! : C:\WINDOWS\rbdig.dll
Removed! : C:\WINDOWS\rfcztc.dat
Removed! : C:\WINDOWS\rmntp.dat
Removed! : C:\WINDOWS\rpqmf.dat
Removed! : C:\WINDOWS\rriot.dat
Removed! : C:\WINDOWS\rthlc.dat
Removed! : C:\WINDOWS\rwbnzt.dat
Removed! : C:\WINDOWS\scqxl.dat
Removed! : C:\WINDOWS\sguis.dat
Removed! : C:\WINDOWS\SiSUSBrg.exe
Removed! : C:\WINDOWS\smaql.dat
Removed! : C:\WINDOWS\sutbyd.dat
Removed! : C:\WINDOWS\tnaty.dll
Removed! : C:\WINDOWS\tofbz.dat
Removed! : C:\WINDOWS\uajws.dat
Removed! : C:\WINDOWS\ubfbvy.dat
Removed! : C:\WINDOWS\ucpmz.dat
Removed! : C:\WINDOWS\ucsyp.dat
Removed! : C:\WINDOWS\ukzxr.dll
Removed! : C:\WINDOWS\uoevg.dat
Removed! : C:\WINDOWS\upihx.dll
Removed! : C:\WINDOWS\vhqdjt.dat
Removed! : C:\WINDOWS\vmdwj.dat
Removed! : C:\WINDOWS\wkcud.dat
Removed! : C:\WINDOWS\xkpea.dat
Removed! : C:\WINDOWS\xpbrjo.dat
Removed! : C:\WINDOWS\xvohv.dll
Removed! : C:\WINDOWS\xwmed.dat
Removed! : C:\WINDOWS\ydqqk.dll
Removed! : C:\WINDOWS\ynuqq.dll
Removed! : C:\WINDOWS\yvnlpw.dat
Removed! : C:\WINDOWS\yzmnc.dat
Removed! : C:\WINDOWS\zqdql.dll
Removed! : C:\WINDOWS\system32\agbdt.dll
Removed! : C:\WINDOWS\system32\atlpo.dll
Removed! : C:\WINDOWS\system32\baafy.dat
Removed! : C:\WINDOWS\system32\byuyu.dat
Removed! : C:\WINDOWS\system32\cczib.dat
Removed! : C:\WINDOWS\system32\clezo.dat
Removed! : C:\WINDOWS\system32\crju32.dll
Removed! : C:\WINDOWS\system32\d3bj.dll
Removed! : C:\WINDOWS\system32\d3xc32.dll
Removed! : C:\WINDOWS\system32\darnm.dat
Removed! : C:\WINDOWS\system32\darnm.dll
Removed! : C:\WINDOWS\system32\dawzs.dat
Removed! : C:\WINDOWS\system32\dbrgg.dat
Removed! : C:\WINDOWS\system32\dllbl.dat
Removed! : C:\WINDOWS\system32\dllbl.dll
Removed! : C:\WINDOWS\system32\dmzev.dll
Removed! : C:\WINDOWS\system32\dorod.dat
Removed! : C:\WINDOWS\system32\easdi.dat
Removed! : C:\WINDOWS\system32\emwiq.dat
Removed! : C:\WINDOWS\system32\fpgcm.dat
Removed! : C:\WINDOWS\system32\fvvua.dll
Removed! : C:\WINDOWS\system32\fwmxp.dat
Removed! : C:\WINDOWS\system32\gfdpt.dll
Removed! : C:\WINDOWS\system32\gtcyl.dat
Removed! : C:\WINDOWS\system32\gxnzb.dat
Removed! : C:\WINDOWS\system32\higvo.dat
Removed! : C:\WINDOWS\system32\hphlt.dat
Removed! : C:\WINDOWS\system32\ihydn.dat
Removed! : C:\WINDOWS\system32\jeksu.dat
Removed! : C:\WINDOWS\system32\jkavk.dat
Removed! : C:\WINDOWS\system32\jqbfy.dat
Removed! : C:\WINDOWS\system32\jqfwv.dat
Removed! : C:\WINDOWS\system32\jujto.dll
Removed! : C:\WINDOWS\system32\kavgi.dll
Removed! : C:\WINDOWS\system32\kibdm.dll
Removed! : C:\WINDOWS\system32\kvhgj.dat
Removed! : C:\WINDOWS\system32\kvqgl.dat
Removed! : C:\WINDOWS\system32\mmdiv.dat
Removed! : C:\WINDOWS\system32\ndxuk.dat
Removed! : C:\WINDOWS\system32\netce.dll
Removed! : C:\WINDOWS\system32\nmcvc.dll
Removed! : C:\WINDOWS\system32\nrnck.dat
Removed! : C:\WINDOWS\system32\nrnck.dll
Removed! : C:\WINDOWS\system32\nslbs.dat
Removed! : C:\WINDOWS\system32\nvwos.dat
Removed! : C:\WINDOWS\system32\nvwos.dll
Removed! : C:\WINDOWS\system32\ocuoz.dll
Removed! : C:\WINDOWS\system32\odusf.dll
Removed! : C:\WINDOWS\system32\okwpt.dat
Removed! : C:\WINDOWS\system32\omjin.dat
Removed! : C:\WINDOWS\system32\opwsw.dat
Removed! : C:\WINDOWS\system32\oqcun.dll
Removed! : C:\WINDOWS\system32\pauqe.dat
Removed! : C:\WINDOWS\system32\pimkz.dat
Removed! : C:\WINDOWS\system32\qiyov.dat
Removed! : C:\WINDOWS\system32\qyhvw.dll
Removed! : C:\WINDOWS\system32\rwdta.dat
Removed! : C:\WINDOWS\system32\rwdta.dll
Removed! : C:\WINDOWS\system32\rwsgb.dll
Removed! : C:\WINDOWS\system32\stcpx.dat
Removed! : C:\WINDOWS\system32\tcpxw.dll
Removed! : C:\WINDOWS\system32\tdkbt.dll
Removed! : C:\WINDOWS\system32\tjcko.dat
Removed! : C:\WINDOWS\system32\tpzci.dll
Removed! : C:\WINDOWS\system32\vvxba.dll
Removed! : C:\WINDOWS\system32\wzcam.dll
Removed! : C:\WINDOWS\system32\xyvka.dll
Removed! : C:\WINDOWS\system32\ybern.dat
Removed! : C:\WINDOWS\system32\ycuve.dat
Removed! : C:\WINDOWS\system32\yefao.dat
Removed! : C:\WINDOWS\system32\ypalp.dll
Removed! : C:\WINDOWS\system32\ypyxq.dll
Removed! : C:\WINDOWS\system32\yziee.dll
Removed! : C:\WINDOWS\system32\zcwkx.dat
Removed! : C:\WINDOWS\system32\zcwkx.dll
Removed! : C:\WINDOWS\system32\zgisn.dll
Removed! : C:\WINDOWS\system32\zuipp.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 11:00:24 PM on: 3/22/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Logfile of HijackThis v1.99.1
Scan saved at 12:38:33 AM, on 3/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\unzipped\hijackthis\HijackThis.exe

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "D:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Steam] d:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Voice Alarm.lnk = D:\Program Files\LHSP\Now You're Talking Classic\VAlarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra 'Tools' menuitem: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - D:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Boxtop - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1088956135375
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...370/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A29ADB-FF21-4C0A-9E6C-32BB971B16DD}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A29ADB-FF21-4C0A-9E6C-32BB971B16DD}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you for all of your help I truly appreciate your time and effort.
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Dr. Fate

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm

Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

How is your system running now.

Kc :tazz:
  • 0

#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Dr. Fate

If you are still having problems post a new HJT.Log

Kc :tazz:
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP