Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-ups and malicious programs [Resolved]


  • This topic is locked This topic is locked

#1
ansheth

ansheth

    New Member

  • Member
  • Pip
  • 4 posts
I have followed all the steps outlined in Your "You Must Read This Before Posting A Hijack This Log" site. I have run Ad_aware (three times and changed all the settings as outlined in the instructions), but it still cannot delete all the files. I have also run CWShredder, Spybot S&D, did a free online virus scan through Trend HOusecall, downloaded TDS-3 and updated my Windows to SP2
I am not posting my HijackThis log. Please help. I am quite desperate.

Thanks so much for this great site and all your help.

Log follows...................

----------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:33:18 AM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\nzapvi.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\WINDOWS\system32\wtsctr.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wmpes.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hijack_This\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QISAO] C:\WINDOWS\QISAO.exe
O4 - HKLM\..\Run: [FJPW] C:\WINDOWS\FJPW.exe
O4 - HKLM\..\Run: [DNIS] C:\WINDOWS\DNIS.exe
O4 - HKLM\..\Run: [szkv] C:\WINDOWS\szkv.exe
O4 - HKLM\..\Run: [Mmp] C:\WINDOWS\Fvbsh.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [dApGX1Ux] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [dIVGTc1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwFGS9Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bE0HYoEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fkpHWgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZgVJS9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bwpHWsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZM0GWg1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZEFHZ11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RA0HQs1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQ0GVg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cIVJV51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYpHZw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ag0GZkEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cw0HTcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YMpHTwEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aEVJYkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Yg0GSA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cM0HWkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QYpHWg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aUVJSAUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agVGVsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YI0GV1ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aMVHZAov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Qk0HZoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YAFJVcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QAVGYwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fMFJZcUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aUpGY51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dAVGSsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aAFGScEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QMVGS9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YIVHVsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RU0HWk1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QgFJZ11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fIVHZA1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fMVGVg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dkpGV51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dAVHYw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bIFJScow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fkFGYwow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bgVGYsox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fQpHScox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QM0HS9Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dYFHWkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eAVJVgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bwpGR9Ux] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bMVHVsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QEFGVgov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bUFJZ51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eQVHZoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QIFGSg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dEpHYA1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eIVHYw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YgFHSg1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cgFJS1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QY0GWwEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aMVGVkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eYpHR9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QkpGVwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cwFHVkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eQFGZ1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEpGZAUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cUVHUoUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bQFGV5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QQpHSAEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZYFHYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eYFHY51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwpGS9ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ewpGRo1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEFGWcUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEpHV91x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fQVHRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aQFHRcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZEpHR9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZYpGUsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RgFHVg1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwFGY51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYpGYs1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REVHSg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dAFGS51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fkpGYw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aAFHYkEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dQFGRcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YEpGS9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YUVHVkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fIVJR1ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQpHV9ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aI0GVkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYFHY1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agpHYAUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [awpGUoUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YMFHUgov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YEFGY5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QApGYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QQpHRcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eIpHS9ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eYVJXwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dgFHVkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eA0GR1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bMVJRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dEpHVgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bA0GV1ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bgFHYA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZApHYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZQpGUc1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REFHUwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RYFGYo1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cg0GYcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwFHR9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bIVJXkEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEpGXgEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZgVGR9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZAVJVsox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RE0GQAUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cAVJRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cgpHUgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aI0GU5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cYFHYwov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YkpHYcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aApGR5ow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YMVJSwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YEpHXkox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RU0GX1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QgFHRAUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fIpHRkUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cI0HQ1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YUVGRsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agVJUkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Yw0HU11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YM0GYA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RkVJYo1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QYpHUc1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fk0GU91x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fAFHXw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dMpHYcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dI0GR9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bUVJRsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YAVJRcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YI0GV11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RIVGUsox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fUFJUgUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fk0HQ1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dwVGYsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bk0HU5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dU0GXwov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QQVJYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bIpHRcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QU0GRwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QkFHXkox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ew0HX1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eMFJR9Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEVJRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bkVJQ1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ak0GUAov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YQVGUsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZQpHQcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [egVGYo1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ewVJTg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cQ0HT51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cIFJXw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bYVJXcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [akVGR9ow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Zw0GRsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bMVHUkox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REFGV11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZUFJQAUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQVHQgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RIVGU5Ux] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYFJUAov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aUpGTgEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [awVGYcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZwFGXA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RYpGXoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZEVHRc1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fAFGRw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQFJWk1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEVHXcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYVGQ9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agpGQsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dwVHUgEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YYFGU51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YwFJQA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QYVHYg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RAFHX5Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ewFJUw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEpGTgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEVGX1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aEFGXwov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dg0HRkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YQVHQ1ow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REpHS9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fwFGScEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wiztnn] c:\windows\system32\wiztnn.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKLM\..\Run: [93] C:\windows\system32\93.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekam32.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [BMan] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan1.exe
O4 - HKLM\..\Run: [738R37S] wtsctr.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [M0r5RXemU] wmpes.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c6.cab
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.../WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors...ocx/WonList.ocx
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0030.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.../ocx/PFMngr.ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F996C1D0-AC35-43EC-A024-68502CEC84AE} (Confidence Online Portal Edition for Ameritrade) - https://scan.wholese...ATOnlineW2K.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe

--------------End of Log-------------------------------------------------------------

Thanks,

Anish

Edited by ansheth, 09 April 2005 - 12:49 AM.

  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Anish and welcome to Geeks to Go.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen.

There is a lot to do. Now if you are ready, let’s get fixing!

Please set your system to show all files; please see here if you're unsure how to do this.

Two malicious .DLL files are disrupting the LSP chain on your computer. We need to get rid of them.

1. Please download LSP Fix.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of:

aklsp.dll
dolsp.dll


5. Select every instance of them and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

Your log shows that you either have a backdoor Trojan/Virus, or have had, and some of the remnants are remaining. To be on the safe side, I would recommend that you visit Panda Active Scan for an online scan.

You have a CoolWebSearch infection. Download CWShredder to its own folder.

Now run CWShredder. Click Check For Update, then Fix and thenOK followed by Next, let it fix everything it asks about.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [QISAO] C:\WINDOWS\QISAO.exe
O4 - HKLM\..\Run: [FJPW] C:\WINDOWS\FJPW.exe
O4 - HKLM\..\Run: [DNIS] C:\WINDOWS\DNIS.exe
O4 - HKLM\..\Run: [szkv] C:\WINDOWS\szkv.exe
O4 - HKLM\..\Run: [Mmp] C:\WINDOWS\Fvbsh.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [dApGX1Ux] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dIVGTc1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwFGS9Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bE0HYoEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fkpHWgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZgVJS9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bwpHWsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZM0GWg1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZEFHZ11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RA0HQs1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQ0GVg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cIVJV51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYpHZw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ag0GZkEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cw0HTcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YMpHTwEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aEVJYkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Yg0GSA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cM0HWkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QYpHWg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aUVJSAUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agVGVsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YI0GV1ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aMVHZAov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Qk0HZoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YAFJVcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QAVGYwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fMFJZcUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aUpGY51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dAVGSsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aAFGScEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QMVGS9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YIVHVsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RU0HWk1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QgFJZ11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fIVHZA1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fMVGVg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dkpGV51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dAVHYw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bIFJScow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fkFGYwow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bgVGYsox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fQpHScox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QM0HS9Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dYFHWkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eAVJVgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bwpGR9Ux] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bMVHVsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QEFGVgov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bUFJZ51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eQVHZoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QIFGSg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dEpHYA1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eIVHYw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YgFHSg1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cgFJS1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QY0GWwEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aMVGVkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eYpHR9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QkpGVwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cwFHVkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eQFGZ1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEpGZAUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cUVHUoUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bQFGV5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QQpHSAEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZYFHYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eYFHY51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwpGS9ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ewpGRo1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEFGWcUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEpHV91x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fQVHRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aQFHRcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZEpHR9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZYpGUsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RgFHVg1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwFGY51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYpGYs1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REVHSg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dAFGS51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fkpGYw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aAFHYkEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dQFGRcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YEpGS9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YUVHVkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fIVJR1ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQpHV9ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aI0GVkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYFHY1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agpHYAUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [awpGUoUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YMFHUgov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YEFGY5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QApGYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QQpHRcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eIpHS9ox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eYVJXwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dgFHVkUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eA0GR1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bMVJRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dEpHVgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bA0GV1ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bgFHYA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZApHYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZQpGUc1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REFHUwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RYFGYo1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cg0GYcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RwFHR9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bIVJXkEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEpGXgEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZgVGR9Ex] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZAVJVsox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RE0GQAUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cAVJRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cgpHUgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aI0GU5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cYFHYwov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YkpHYcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aApGR5ow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YMVJSwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YEpHXkox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RU0GX1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QgFHRAUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fIpHRkUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cI0HQ1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YUVGRsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agVJUkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Yw0HU11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YM0GYA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RkVJYo1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QYpHUc1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fk0GU91x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fAFHXw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dMpHYcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dI0GR9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bUVJRsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YAVJRcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YI0GV11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RIVGUsox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fUFJUgUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fk0HQ1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dwVGYsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bk0HU5ov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dU0GXwov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QQVJYoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bIpHRcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QU0GRwox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QkFHXkox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ew0HX1Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [eMFJR9Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cEVJRsUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bkVJQ1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ak0GUAov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YQVGUsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZQpHQcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [egVGYo1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ewVJTg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cQ0HT51x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [cIFJXw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bYVJXcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [akVGR9ow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [Zw0GRsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [bMVHUkox] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REFGV11v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZUFJQAUw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQVHQgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RIVGU5Ux] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYFJUAov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aUpGTgEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [awVGYcow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZwFGXA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RYpGXoow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ZEVHRc1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fAFGRw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RQFJWk1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEVHXcEw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fYVGQ9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [agpGQsEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dwVHUgEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YYFGU51v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YwFJQA1v] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [QYVHYg1w] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [RAFHX5Uw] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [ewFJUw1x] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEpGTgUx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fEVGX1Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [aEFGXwov] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [dg0HRkEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [YQVHQ1ow] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [REpHS9Ew] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [fwFGScEx] C:\PROGRA~1\oxosxtxr\uxvsqtst.exe
O4 - HKLM\..\Run: [wiztnn] c:\windows\system32\wiztnn.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKLM\..\Run: [93] C:\windows\system32\93.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekam32.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [BMan] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan1.exe
O4 - HKLM\..\Run: [738R37S] wtsctr.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [M0r5RXemU] wmpes.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c6.cab
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should appear where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Huntbar
Windupdates

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders using Windows Explorer (if present):

C:\PROGRA~1\Toolbar
C:\WINDOWS\system32\nsvsvc
C:\WINDOWS\system32\picsvr
C:\Program Files\WildTangent
C:\PROGRA~1\oxosxtxr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw
C:\Program Files\AdDestroyer

Please delete these files using Windows Explorer (if present):

C:\WINDOWS\system32\nzapvi.exe
C:\WINDOWS\system32\wmpes.exe
C:\WINDOWS\system32\wtsctr.exe
c:\windows\system32\wiztnn.exe
C:\windows\system32\93.exe
C:\windows\system32\elitekam32.exe
c:\windows\system32\aklsp.dll
c:\windows\system32\dolsp.dll
c:\WINDOWS\System32\zzb.exe
C:\WINDOWS\QISAO.exe
C:\WINDOWS\FJPW.exe
C:\WINDOWS\DNIS.exe
C:\WINDOWS\szkv.exe
C:\WINDOWS\Fvbsh.exe
C:\WINDOWS\aqadcup.exe

Close Windows Explorer and Reboot normally.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

I note that you appear to be running two anti virus programmes. This is considered bad practice as they tend to interfere with each other. Please uninstall one of them.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you download CCleaner update it, check the default setting in the left-hand pane, Analyze, Run Cleaner. You may be fairly surprised by how much it finds.

Post back a fresh HijackThis log and we will take another look.
  • 0

#3
ansheth

ansheth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
:tazz: You are very good. I have followed all your instructions completely and am happy to report that my computer is doing much better (though, I am still getting the annoying pop-ups, but not as bad as before). I am attaching the latest log of HijackThis. I just wanted to let you know how much I appreciate your help. I would like to make a small donation to show my appreciation. Can you please let me know how I go about doing this. Also, please let me know if there is anything else on my computer that I need to remove. I have also deleted one of the 2 anit-virus softwares (McCafee).
I am going to start using Firefox instead of Internet Explorer to avoid the pop-ups.

Thanks,

Anish

Logfile of HijackThis v1.99.1
Scan saved at 9:50:28 PM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\WINDOWS\system32\dnjmac.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\nzapvi.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\dmrkcert.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hijack_This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [738R37S] dnjmac.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekam32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [M0r5RXemU] dmrkcert.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.../WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors...ocx/WonList.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0030.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.../ocx/PFMngr.ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F996C1D0-AC35-43EC-A024-68502CEC84AE} (Confidence Online Portal Edition for Ameritrade) - https://scan.wholese...ATOnlineW2K.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

Edited by ansheth, 14 April 2005 - 09:06 PM.

  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Anish

I am working on a fix based upon your latest HJT log. As soon as it has been approved by members of the staff, I will post again.
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Anish

I can see pop-up problems in your HJT log, I am just going to have to persuade them to go away with some alterations. That Huntbar was obviously not impressed enough to go away last time, so we'll try again. Not so many this time you’ll be pleased to hear.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [738R37S] dnjmac.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekam32.exe
O4 - HKCU\..\Run: [M0r5RXemU] dmrkcert.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Elitebar
Huntbar

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders using Windows Explorer (if present):

C:\Program Files\AutoUpdate
C:\Program Files\CxtPls
C:\PROGRA~1\Toolbar

Please delete these files using Windows Explorer (if present):

C:\WINDOWS\system32\dnjmac.exe
C:\WINDOWS\system32\dmrkcert.exe
C:\windows\system32\elitekam32.exe
C:\WINDOWS\system32\nzapvi.exe

Close Windows Explorer and Reboot normally.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner again.

Post back a fresh HijackThis log and also an Uninstall Log:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

we will take another look.
  • 0

#6
ansheth

ansheth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you again for your help. I have done everything that you have requested. Here is my latest log.

Log follows>>>>>>
--------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:47:51 AM, on 4/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wscating.exe
C:\WINDOWS\system32\nzapvi.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wpnservc.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\Hijack_This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [738R37S] wscating.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [M0r5RXemU] wpnservc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.../WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors...ocx/WonList.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0030.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.../ocx/PFMngr.ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F996C1D0-AC35-43EC-A024-68502CEC84AE} (Confidence Online Portal Edition for Ameritrade) - https://scan.wholese...ATOnlineW2K.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks,

Anish
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Anish

Post back a fresh HijackThis log and also an Uninstall Log:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

we will take another look.


Could I please see the Uninstall Log also?

Thanks
  • 0

#8
ansheth

ansheth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you again for your help. Here is my latest HiJackThis log...

---------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:50:28 PM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\WINDOWS\system32\dnjmac.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\nzapvi.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\dmrkcert.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hijack_This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [738R37S] dnjmac.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekam32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [M0r5RXemU] dmrkcert.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.../WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors...ocx/WonList.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0030.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.../ocx/PFMngr.ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F996C1D0-AC35-43EC-A024-68502CEC84AE} (Confidence Online Portal Edition for Ameritrade) - https://scan.wholese...ATOnlineW2K.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

--------------------------------------------------------------------------

Here is my latest uninstall_list log

----------------------------------Uninstall list log--------------------------

ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
AIM Toolbar
AOL Instant Messenger
Backyard Football 2004
BCM V.92 56K Modem
CCleaner (remove only)
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support
DELL TrueMobile 1180 Wireless USB
DELL TrueMobile 1180 Wireless USB Language Localization
DELL TrueMobile 1180 Wireless USB Network Driver
DiamondCS TDS-3
Display Utility
DS21Patch
DVDSentry
EarthLink Setup Files
eMusic - 50 Free MP3 offer
Football Pro '98
Funcade
Google Deskbar
Google Gmail Notifier
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
IsoBuster 1.6
ItsDeductible Express
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2
Java Web Start
Jewel Quest (remove only)
LEGO Island
LEGO Island 2
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Shockwave Player
Magic Ball
Magic Ball 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Excel 2000 SR-1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 SR-1 Standard
Microsoft Office Web Components
Microsoft Outlook 2000 SR-1
Microsoft Word 2000 SR-1
Modem Helper
Mozilla Firefox (1.0)
Musicmatch® Jukebox
Nickelodeon™ Party Blast
Picasa 2
PowerDVD
RealOne Player
SBC Yahoo! Anti-Spy
SBC Yahoo! Toolbar
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.3
Spyware Doctor 3.1
Symantec AntiVirus
TurboTax Deluxe 2004
Web Browser Component Manager
Web Offer
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11
Yahoo! Install Manager

Thank You,

Anish
  • 0

#9
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Anish

Thanks for the uninstall log; I found what I was looking for nestled away in there.

Please note that the last HJT log you posted was dated two days earlier than the previous one. I am therefore basing my decisions upon the previous one (dated 16th April) and NOT the last one you posted (dated 14th April).

This fix is slightly different from the last two, we are going to employ the services of an advanced tool to persuade the malware to leave. Please ensure that you follow the instructions carefully and in the order they are written.

To start please download the following programme, we will run it later. Please save it to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit

Please set your system to show all files; please see here if you're unsure how to do this.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [738R37S] wscating.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nzapvi.exe
O4 - HKCU\..\Run: [M0r5RXemU] wpnservc.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0030.exe

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Web Offer

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the killbox programme, select the Delete on Reboot option.
*In the field labelled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\WINDOWS\system32\wscating.exe
C:\WINDOWS\system32\nzapvi.exe
C:\WINDOWS\system32\wpnservc.exe


Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered, press the YES button at both prompts so that your computer restarts.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

Post back a fresh HijackThis log and also an Uninstall Log:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click Save List (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

and we will take another look.

I'm hoping for a clean log this time.

Edited by Crustyoldbloke, 18 April 2005 - 02:35 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP