[jkeller]

Here is the hijack this log, Not sure what to delete. Also cannot seem to get to Windows update.

Logfile of HijackThis v1.99.1
Scan saved at 9:55:58 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\emili\v32_emilio.exe
C:\Documents and Settings\Jerry.YOUR-2R8C4ODFB2\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jerry\Application Data\Mozilla\Profiles\default\d2342sn8.slt\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0023CF1A-01EF-441E-A5A7-5D2494B9CE66} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {07F3B284-3A45-4320-9E4C-F72E3C2C7653} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {15FFED3F-647D-4BD1-BF56-A7FB36950333} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2A4109B0-E7D4-4E77-A989-BEA98B07524F} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {3303CDFF-427C-44CA-B96C-27DD1ABC3DC7} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {361DA3BF-7313-43AF-9AC9-0520A7438654} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {394B03AE-5A96-4E33-931B-85440FEACB37} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {4760E4A2-FE3F-4FCE-8FEB-E172D760801C} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {50559985-7898-4A40-8A1C-9FEDF1AC284B} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {5228BCC6-5037-4AF3-BE3C-4B964BB29F05} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {5CC92BFE-8EE2-4444-A856-4F48BB76C241} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {671C3756-8D85-467B-BC6F-13933D13F498} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {6A288DFE-7628-440B-AB6E-99061F5AF8C4} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {7A6CC597-E829-4205-9A28-F88AAA6DD943} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7CC756F3-976B-4821-BA13-7BB2716DF570} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {7FB4E640-F14D-4EC6-8D76-E4B7791A6021} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {89E4CB22-D0E3-49CA-9535-457A437713E9} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {8E162406-DAEE-414D-A705-0E0979D01961} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {90E703F9-BB85-4E65-BD8D-E7097D660740} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {9E5425F2-4EBC-416E-8F07-C5B9A49591F1} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {A1F4FDAB-1D52-44BF-B7A4-32F40F1969A1} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {AAB3B1E0-F50D-49D7-86C3-60C0FE5D52A6} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {AAE4F312-70BE-441D-8A4D-4F6ED7457B2C} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {B7E9354A-B303-DE4E-C582-1B30F2E0D056} - C:\WINDOWS\system32\jqktzvlq.dll
O2 - BHO: (no name) - {B9808AA9-5F82-4014-8195-368050A6A118} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C05A1F35-D0C9-4F80-8655-F4490F70C53A} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C11F8566-A137-4168-82B8-690D517E8057} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C53DB70D-6448-4681-9A66-3A30E0A779AF} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C5A1775B-C524-45A7-8B70-429289CB3740} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {CBB07D4D-38A0-4162-8482-1DC71D98508E} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {D3C57ADE-52BB-4710-8478-5A02197A0658} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {D3CBAD26-8894-4A33-BB18-2CBDB5BB4A29} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D6A71097-5EFE-4A24-87F2-36398459226F} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {DA4D41D2-DE35-4ECD-8679-297BF6DF5BD3} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {E6F77C97-BF19-48FC-931A-860FD095B176} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {EBBBBFD3-7C5A-4166-996F-BE119E69208A} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {F42486CC-489B-4001-ABE2-40E0841D43AC} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {FD2F8522-89E4-463E-8BC4-8EE416A00AFB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS Updates] C:\WINDOWS\mscache.exe
O4 - HKLM\..\Run: [winde] c:\windows\system32\winde.exe /noconnect
O4 - HKLM\..\Run: [v32_emilio ml710e] "C:\Program Files\emili\v32_emilio.exe"
O4 - HKLM\..\Run: [<H] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System32\ <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINDOWS\System32\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINDOWS\System32\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net...net/">GANDI</A> then par] c:\WINDOWS\System32\<A HREF="http://www.gandi.net...net/">GANDI</A> then parked.
O4 - HKLM\..\Run: [</B] c:\WINDOWS\System32\</BODY>
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\oaflsq.exe
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [etpbev] c:\windows\system32\etpbev.exe
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ceoaibfa.dll
O21 - SSODL: mtklef - {C93459EA-B08D-4BD2-A090-39D16CFDC496} - C:\WINDOWS\System32\hjtkku32.dll
O21 - SSODL: mtklef - {C93459EA-B08D-4BD2-A090-39D16CFDC496} - C:\WINDOWS\System32\hjtkku32.dll
O21 - SSODL: mtklefap - {306B46B2-194D-4FF6-F3AB-B07274F38D96} - C:\WINDOWS\System32\drjwa32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

[Advertisements]

jkeller,
Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read these instructions and follow them as posted.

Download the LSPfix here: http://www.cexx.org/lspfix.htm
HERE is the file.

Download this file and save it to your desktop.
Close all browsers and windows.
Now run LSPfix:

1. Check "I Know What I'm Doing" box.
2. Select all instances of fltmgr.dll (and nothing else).
3. Move these instances to the remove pane.
4. Click Finished.
Reboot your system and post back a new HJT log by using Add Reply

Thanks,
rstones12

[rstones12]

jkeller,
Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read these instructions and follow them as posted.

Download the LSPfix here: http://www.cexx.org/lspfix.htm
HERE is the file.

Download this file and save it to your desktop.
Close all browsers and windows.
Now run LSPfix:

1. Check "I Know What I'm Doing" box.
2. Select all instances of fltmgr.dll (and nothing else).
3. Move these instances to the remove pane.
4. Click Finished.
Reboot your system and post back a new HJT log by using Add Reply

Thanks,
rstones12