Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud.c trojan Please Help! [CLOSED]


  • This topic is locked This topic is locked

#16
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i can't get online due to the Iexplore error i get...it comes up everytime i bring up ie...any suggestions...

thanks,
  • 0

Advertisements


#17
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Whats the error?
  • 0

#18
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
everytime i bring up IE i get this message....Iexplore has caused an error in <unknown>. Iexplore will now close...i don't have the ME cd to reinstall IE...

Edited by wolfpacker, 21 May 2005 - 08:26 PM.

  • 0

#19
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Hmm not sure if you could download a new install from http://www.microsoft...p1/default.mspx and find away to download it on another PC and transfer it over.
  • 0

#20
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i just did a search for the desktop search that keeps popping up in the lower right corner and i see a ton of coolwwwsearch, isearchtechISTsvcUpdater, hotsearchbar, etc....should i try to manually delete this files...

i also went to program files>internet explorer and i see a svchost...i don't see it on the notebook that i'm using...is this file suppose to be there or is it part of the problem...

thanks,

Edited by wolfpacker, 21 May 2005 - 08:40 PM.

  • 0

#21
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
You could try deleting then files and svchost is not supposed to be in c:\program files\internet explorer

I'm also going for the nite soon so I may not get back to you untill tomorrow.
  • 0

#22
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
no problem...thanks for your help so far...i won't be home tomorrow to bother you with this, so i'll hopefully talk with you on monday....again, thanks for help
  • 0

#23
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
for some reason i'm not able to open up the links for cleanup, ewido, or nailfix...any other recommendations...i did the other steps minus cleanup...it seems to be running a little better but it's still running a little weird...i'm still getting the pop ups during startup and when online...i also have a red circle with a red x thru it, bottom right of screen, and a text message keeps coming up saying that my computer is infected...i can't get the properties of it, so i don't know where it's coming from...here is my current HJT log.


i notice i still have atiupdpl.exe...is this another malware????

Logfile of HijackThis v1.99.1
Scan saved at 11:42:37 AM, on 5/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SVHOST.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\VIDEO2.EXE
C:\WINDOWS\APPLICATION DATA\AREA.EXE
C:\WINDOWS\SYSTEM\SYNAVA.EXE
C:\WINDOWS\SYSTEM\WINNOOK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET V SERIES\BIN\HPOANT07.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOEVM07.EXE
C:\WINDOWS\SYSTEM\HPOIPM07.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=C:\WINDOWS\SYSTEM\svhost.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {5B0D37D5-6A1E-4C53-98B8-D13214B81864} - (no file)
O2 - BHO: (no name) - {299851C8-BC6D-4E85-9107-7FC989E0934A} - (no file)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\SYSTEM\RSYNCMON.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [msdos423] c:\windows\msdos423.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [DealHelperDown] "C:\WINDOWS\TEMP\ms295.TMP"
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\VIDEO2.EXE
O4 - HKCU\..\Run: [Uate] C:\WINDOWS\Application Data\area.exe
O4 - HKCU\..\Run: [Yyt5RWHmU] SYNAVA.EXE
O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\winnook.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {03A4BCC3-2C53-43CB-94CA-82441AF90D53} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {03A4BCC3-2C53-43CB-94CA-82441AF90D53} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.sp2[bleep]ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

Edited by wolfpacker, 23 May 2005 - 09:59 AM.

  • 0

#24
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

2. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

3. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

4. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F1 - win.ini: run=C:\WINDOWS\SYSTEM\svhost.exe
O2 - BHO: (no name) - {5B0D37D5-6A1E-4C53-98B8-D13214B81864} - (no file)
O2 - BHO: (no name) - {299851C8-BC6D-4E85-9107-7FC989E0934A} - (no file)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\SYSTEM\RSYNCMON.DLL
O4 - HKLM\..\Run: [msdos423] c:\windows\msdos423.exe
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [DealHelperDown] "C:\WINDOWS\TEMP\ms295.TMP"
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\VIDEO2.EXE
O4 - HKCU\..\Run: [Uate] C:\WINDOWS\Application Data\area.exe
O4 - HKCU\..\Run: [Yyt5RWHmU] SYNAVA.EXE
O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\winnook.exe
O9 - Extra button: Microsoft AntiSpyware helper - {03A4BCC3-2C53-43CB-94CA-82441AF90D53} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {03A4BCC3-2C53-43CB-94CA-82441AF90D53} - (no file) (HKCU)

5. Delete the files. (if present)

C:\WINDOWS\SYSTEM\RSYNCMON.DLL
c:\windows\msdos423.exe
C:\WINDOWS\SYSTEM\WEB.EXE
C:\WINDOWS\SYSTEM\netsync.exe
C:\WINDOWS\SYSTEM\atiupdpl.exe
C:\WINDOWS\TEMP\ms295.TMP
C:\WINDOWS\SYSTEM\msmc.exe
C:\WINDOWS\SYSTEM\WEB.EXE
C:\WINDOWS\SYSTEM\VIDEO2.EXE
C:\WINDOWS\Application Data\area.exe
C:\Windows\System32\SYNAVA.EXE or C:\Windows\SYNAVA.EXE
C:\WINDOWS\SYSTEM\atiupdpl.exe
C:\WINDOWS\SYSTEM\winnook.exe

6. Reboot and post a new Hijackthis log here in a reply.
  • 0

#25
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
when i click on install nothing happens...should i go onto the other steps???
  • 0

Advertisements


#26
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Yes.
  • 0

#27
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
it's working a lot better...no pop ups or errors during startup...but i get a grey screen when i click on my documents to run HJT...
  • 0

#28
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Can you try going into safemode and getting a Hijackthis loh or going into safemode and moving Hijackthis from My Documents to the dekstop then trying it in normal mode.

Also download this file http://www.bleepingc...g/smitfraud.reg save it to the desktop and open it it will ask to merge into the registery say yes.
  • 0

#29
wolfpacker

wolfpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
it continues to happen when i open other folders as well...got lucky and ran hjt...here is the log...

Logfile of HijackThis v1.99.1
Scan saved at 3:17:44 PM, on 5/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET V SERIES\BIN\HPOANT07.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOEVM07.EXE
C:\WINDOWS\SYSTEM\HPOIPM07.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#30
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1, Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

2. Then post a new Hijackthis log here in a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP