I cant seem to use Windows update, I think all the security things are set for enable (active X). Anyway, I've posted a hijack this log below. This is my daughters machine I am referring to.
Thanks,
Logfile of HijackThis v1.99.1
Scan saved at 9:55:58 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\emili\v32_emilio.exe
C:\Documents and Settings\Jerry.YOUR-2R8C4ODFB2\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jerry\Application Data\Mozilla\Profiles\default\d2342sn8.slt\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0023CF1A-01EF-441E-A5A7-5D2494B9CE66} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {07F3B284-3A45-4320-9E4C-F72E3C2C7653} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {15FFED3F-647D-4BD1-BF56-A7FB36950333} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2A4109B0-E7D4-4E77-A989-BEA98B07524F} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {3303CDFF-427C-44CA-B96C-27DD1ABC3DC7} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {361DA3BF-7313-43AF-9AC9-0520A7438654} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {394B03AE-5A96-4E33-931B-85440FEACB37} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {4760E4A2-FE3F-4FCE-8FEB-E172D760801C} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {50559985-7898-4A40-8A1C-9FEDF1AC284B} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {5228BCC6-5037-4AF3-BE3C-4B964BB29F05} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {5CC92BFE-8EE2-4444-A856-4F48BB76C241} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {671C3756-8D85-467B-BC6F-13933D13F498} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {6A288DFE-7628-440B-AB6E-99061F5AF8C4} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {7A6CC597-E829-4205-9A28-F88AAA6DD943} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7CC756F3-976B-4821-BA13-7BB2716DF570} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {7FB4E640-F14D-4EC6-8D76-E4B7791A6021} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {89E4CB22-D0E3-49CA-9535-457A437713E9} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {8E162406-DAEE-414D-A705-0E0979D01961} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {90E703F9-BB85-4E65-BD8D-E7097D660740} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {9E5425F2-4EBC-416E-8F07-C5B9A49591F1} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {A1F4FDAB-1D52-44BF-B7A4-32F40F1969A1} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {AAB3B1E0-F50D-49D7-86C3-60C0FE5D52A6} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {AAE4F312-70BE-441D-8A4D-4F6ED7457B2C} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {B7E9354A-B303-DE4E-C582-1B30F2E0D056} - C:\WINDOWS\system32\jqktzvlq.dll
O2 - BHO: (no name) - {B9808AA9-5F82-4014-8195-368050A6A118} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C05A1F35-D0C9-4F80-8655-F4490F70C53A} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C11F8566-A137-4168-82B8-690D517E8057} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C53DB70D-6448-4681-9A66-3A30E0A779AF} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {C5A1775B-C524-45A7-8B70-429289CB3740} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {CBB07D4D-38A0-4162-8482-1DC71D98508E} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {D3C57ADE-52BB-4710-8478-5A02197A0658} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {D3CBAD26-8894-4A33-BB18-2CBDB5BB4A29} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D6A71097-5EFE-4A24-87F2-36398459226F} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {DA4D41D2-DE35-4ECD-8679-297BF6DF5BD3} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {E6F77C97-BF19-48FC-931A-860FD095B176} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {EBBBBFD3-7C5A-4166-996F-BE119E69208A} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {F42486CC-489B-4001-ABE2-40E0841D43AC} - C:\Program Files\xktskmwd\xktskmwd.dll
O2 - BHO: (no name) - {FD2F8522-89E4-463E-8BC4-8EE416A00AFB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS Updates] C:\WINDOWS\mscache.exe
O4 - HKLM\..\Run: [winde] c:\windows\system32\winde.exe /noconnect
O4 - HKLM\..\Run: [v32_emilio ml710e] "C:\Program Files\emili\v32_emilio.exe"
O4 - HKLM\..\Run: [<H] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System32\ <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINDOWS\System32\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINDOWS\System32\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net...net/">GANDI</A> then par] c:\WINDOWS\System32\<A HREF="http://www.gandi.net...net/">GANDI</A> then parked.
O4 - HKLM\..\Run: [</B] c:\WINDOWS\System32\</BODY>
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\oaflsq.exe
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [etpbev] c:\windows\system32\etpbev.exe
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ceoaibfa.dll
O21 - SSODL: mtklef - {C93459EA-B08D-4BD2-A090-39D16CFDC496} - C:\WINDOWS\System32\hjtkku32.dll
O21 - SSODL: mtklef - {C93459EA-B08D-4BD2-A090-39D16CFDC496} - C:\WINDOWS\System32\hjtkku32.dll
O21 - SSODL: mtklefap - {306B46B2-194D-4FF6-F3AB-B07274F38D96} - C:\WINDOWS\System32\drjwa32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe