Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mostly Cleared but not sure


  • Please log in to reply

#1
jkeller

jkeller

    New Member

  • Member
  • Pip
  • 1 posts
Here is the hijack this log, Not sure what to delete. Also cannot seem to get to Windows update.

Logfile of HijackThis v1.99.1
Scan saved at 9:55:58 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\emili\v32_emilio.exe
C:\Documents and Settings\Jerry.YOUR-2R8C4ODFB2\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jerry\Application Data\Mozilla\Profiles\default\d2342sn8.slt\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0023CF1A-01EF-441E-A5A7-5D2494B9CE66} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {07F3B284-3A45-4320-9E4C-F72E3C2C7653} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {15FFED3F-647D-4BD1-BF56-A7FB36950333} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2A4109B0-E7D4-4E77-A989-BEA98B07524F} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {3303CDFF-427C-44CA-B96C-27DD1ABC3DC7} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {361DA3BF-7313-43AF-9AC9-0520A7438654} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {394B03AE-5A96-4E33-931B-85440FEACB37} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {4760E4A2-FE3F-4FCE-8FEB-E172D760801C} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {50559985-7898-4A40-8A1C-9FEDF1AC284B} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {5228BCC6-5037-4AF3-BE3C-4B964BB29F05} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {5CC92BFE-8EE2-4444-A856-4F48BB76C241} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {671C3756-8D85-467B-BC6F-13933D13F498} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {6A288DFE-7628-440B-AB6E-99061F5AF8C4} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {7A6CC597-E829-4205-9A28-F88AAA6DD943} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7CC756F3-976B-4821-BA13-7BB2716DF570} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {7FB4E640-F14D-4EC6-8D76-E4B7791A6021} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {89E4CB22-D0E3-49CA-9535-457A437713E9} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {8E162406-DAEE-414D-A705-0E0979D01961} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {90E703F9-BB85-4E65-BD8D-E7097D660740} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {9E5425F2-4EBC-416E-8F07-C5B9A49591F1} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {A1F4FDAB-1D52-44BF-B7A4-32F40F1969A1} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {AAB3B1E0-F50D-49D7-86C3-60C0FE5D52A6} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {AAE4F312-70BE-441D-8A4D-4F6ED7457B2C} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {B7E9354A-B303-DE4E-C582-1B30F2E0D056} - C:\WINDOWS\system32\jqktzvlq.dll
O2 - BHO: (no name) - {B9808AA9-5F82-4014-8195-368050A6A118} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C05A1F35-D0C9-4F80-8655-F4490F70C53A} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C11F8566-A137-4168-82B8-690D517E8057} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C53DB70D-6448-4681-9A66-3A30E0A779AF} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C5A1775B-C524-45A7-8B70-429289CB3740} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {CBB07D4D-38A0-4162-8482-1DC71D98508E} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {D3C57ADE-52BB-4710-8478-5A02197A0658} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {D3CBAD26-8894-4A33-BB18-2CBDB5BB4A29} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D6A71097-5EFE-4A24-87F2-36398459226F} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {DA4D41D2-DE35-4ECD-8679-297BF6DF5BD3} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {E6F77C97-BF19-48FC-931A-860FD095B176} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {EBBBBFD3-7C5A-4166-996F-BE119E69208A} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {F42486CC-489B-4001-ABE2-40E0841D43AC} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {FD2F8522-89E4-463E-8BC4-8EE416A00AFB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS Updates] C:\WINDOWS\mscache.exe
O4 - HKLM\..\Run: [winde] c:\windows\system32\winde.exe /noconnect
O4 - HKLM\..\Run: [v32_emilio ml710e] "C:\Program Files\emili\v32_emilio.exe"
O4 - HKLM\..\Run: [<H] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System32\ <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINDOWS\System32\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINDOWS\System32\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net...net/">GANDI</A> then par] c:\WINDOWS\System32\<A HREF="http://www.gandi.net...net/">GANDI</A> then parked.
O4 - HKLM\..\Run: [</B] c:\WINDOWS\System32\</BODY>
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\oaflsq.exe
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [etpbev] c:\windows\system32\etpbev.exe
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ceoaibfa.dll
O21 - SSODL: mtklef - {C93459EA-B08D-4BD2-A090-39D16CFDC496} - C:\WINDOWS\System32\hjtkku32.dll
O21 - SSODL: mtklef - {C93459EA-B08D-4BD2-A090-39D16CFDC496} - C:\WINDOWS\System32\hjtkku32.dll
O21 - SSODL: mtklefap - {306B46B2-194D-4FF6-F3AB-B07274F38D96} - C:\WINDOWS\System32\drjwa32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

Advertisements


#2
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
jkeller,
Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read these instructions and follow them as posted.

Download the LSPfix here: http://www.cexx.org/lspfix.htm
HERE is the file.

Download this file and save it to your desktop.
Close all browsers and windows.
Now run LSPfix:

1. Check "I Know What I'm Doing" box.
2. Select all instances of fltmgr.dll (and nothing else).
3. Move these instances to the remove pane.
4. Click Finished.
Reboot your system and post back a new HJT log by using Add Reply

Thanks,
rstones12
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP