Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help please[RESOLVED]

Started by slurbs , May 17 2005 01:54 AM

  • This topic is locked This topic is locked

#1
slurbs
Posted 17 May 2005 - 01:54 AM

slurbs

    New Member

  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:35:12 AM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\cn\Desktop\spy blasters\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {083BAD41-B411-8FA3-5200-8522A771770B} - C:\windows\sysip.dll
O2 - BHO: (no name) - {0B1BB08E-50CD-5561-D255-BD8ED1F5FD01} - C:\windows\addfj32.dll
O2 - BHO: (no name) - {0B3E8C42-F9F1-2337-3429-738F7B7654F8} - C:\windows\system32\msum32.dll
O2 - BHO: (no name) - {0B540EFA-2AC6-5866-AF53-D93A51569CDC} - C:\windows\system32\msqo.dll
O2 - BHO: (no name) - {0B910E65-4CD0-713C-7AEC-596165F29413} - C:\windows\iejq.dll
O2 - BHO: (no name) - {0FA5CD9C-AEC3-F607-492D-C465589A5E8E} - C:\windows\d3sl32.dll
O2 - BHO: (no name) - {12F8E92D-F22C-2060-6EAA-4A13C8E0E63A} - C:\windows\appre32.dll
O2 - BHO: (no name) - {14CE5B7A-6546-0088-A736-F486C8A0A93F} - C:\windows\msfs32.dll
O2 - BHO: (no name) - {1BF99432-062E-70AF-0CDB-DD7B52B34282} - C:\windows\atlsb32.dll
O2 - BHO: (no name) - {1D0E04D5-6A8C-E6CF-283E-D25418CADEF9} - C:\windows\system32\mszs.dll
O2 - BHO: (no name) - {20624CF4-3AF3-5A88-257F-7E0B78D56A51} - C:\windows\system32\d3qu32.dll
O2 - BHO: (no name) - {2069D5FC-B9B3-6FBF-EAE9-C9AD1EAA0AA6} - C:\windows\system32\atllp.dll
O2 - BHO: (no name) - {21BE668F-FBD9-89AE-A365-9FC69E461971} - C:\windows\system32\iedl32.dll
O2 - BHO: (no name) - {21EADA2E-FF24-A508-1802-13989D825ABA} - C:\windows\system32\appnu.dll
O2 - BHO: (no name) - {2569FBB3-D534-A987-8E7F-7AA3ADFC70C4} - C:\windows\system32\winlv.dll
O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - C:\windows\system32\ntmb32.dll
O2 - BHO: (no name) - {2A7363DF-C45A-5954-477D-0C78AF4A207C} - C:\windows\atltk.dll
O2 - BHO: (no name) - {2B7CDB2C-16B5-286B-C7F1-C5C80397E087} - C:\windows\system32\apioz.dll
O2 - BHO: (no name) - {2FDECE36-9908-3C07-94EF-739590374096} - C:\windows\crhj32.dll
O2 - BHO: (no name) - {32B40341-3648-02F0-7D04-5B8F58EEBA63} - C:\windows\addnx32.dll
O2 - BHO: (no name) - {342544FC-9066-3A08-5442-F1039ADD4765} - C:\windows\system32\javamo32.dll
O2 - BHO: (no name) - {38684DAB-CE7D-692F-F285-5CE5F24E21F4} - C:\windows\system32\iebh32.dll
O2 - BHO: (no name) - {3A21BE6B-7A02-5B85-3FE9-2B6EC6CF21E6} - C:\windows\netnk32.dll
O2 - BHO: (no name) - {3C12D570-FD02-5A01-B5D2-CA3B9D74D61F} - C:\windows\netqk.dll
O2 - BHO: (no name) - {3DC5D292-C5C0-FCBB-38A3-D792D6BB1F26} - C:\windows\system32\crnm32.dll
O2 - BHO: (no name) - {3EB92E28-EE9A-43B7-6D25-F4D8822B3138} - C:\windows\sysox32.dll
O2 - BHO: (no name) - {46D4E454-70DA-2B3F-1D10-69C7CE8C375C} - C:\windows\sysjg32.dll
O2 - BHO: (no name) - {4D1EDB57-DC5A-74B0-7BA8-B823E3519DB0} - C:\windows\d3zp32.dll
O2 - BHO: (no name) - {4EE12872-1521-4B63-1BB4-09617436BD48} - C:\windows\javalk32.dll
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - C:\windows\ntrk32.dll
O2 - BHO: (no name) - {51FF3DF8-38BA-EDB0-674D-45926004A3A5} - C:\windows\system32\ipxi32.dll
O2 - BHO: (no name) - {52DA67B7-88BC-6D44-FC8E-869AC8F79662} - C:\windows\crhs32.dll
O2 - BHO: (no name) - {52FEDAFD-7116-8034-52FF-C710EA25905B} - C:\windows\system32\atlog32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C9AB6D-6031-E16B-125B-94A3A319C53F} - C:\windows\system32\d3nu32.dll
O2 - BHO: (no name) - {54351455-EFE9-7EFE-3393-B2622AF47B0F} - C:\windows\system32\javazs.dll
O2 - BHO: (no name) - {5655D1F2-041F-172B-24A6-490B92FF5C0F} - C:\windows\crkl32.dll
O2 - BHO: (no name) - {5932D6CD-5850-EB9A-AF22-5C40F8C3A50A} - C:\windows\system32\sdkkc32.dll
O2 - BHO: (no name) - {5F0DB282-2C0A-AE7B-A81A-1451175E7CC1} - C:\windows\system32\ipao.dll
O2 - BHO: (no name) - {61BED734-12F8-5DA2-C2B0-73927CFBD801} - C:\windows\sysai32.dll
O2 - BHO: (no name) - {633C8BFF-B1D2-9627-66F6-74124A682441} - C:\windows\system32\d3kw.dll
O2 - BHO: (no name) - {64CA0FC6-5085-C447-8988-25C5AC6CDBBE} - C:\windows\system32\netuu32.dll
O2 - BHO: (no name) - {66EF0D72-55A0-257D-BE1E-869C17411C8A} - C:\windows\system32\sysro32.dll
O2 - BHO: (no name) - {68761E0C-A678-2B1F-4293-E427E94D1A2D} - C:\windows\system32\ipqd.dll
O2 - BHO: (no name) - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\windows\system32\winal.dll
O2 - BHO: (no name) - {6F8A1992-AF2F-5DB6-2B3E-65738F300B53} - C:\windows\system32\ntlp32.dll
O2 - BHO: (no name) - {708A3F77-2B37-C3B7-492A-8F7BB57030BB} - C:\windows\system32\iejq.dll
O2 - BHO: (no name) - {709366A3-52C9-A38A-CAED-3E4124CAE61A} - C:\windows\system32\atluu.dll
O2 - BHO: (no name) - {70B30880-F84D-EE39-FE16-EDB1E1A80F9A} - C:\windows\system32\ieoa32.dll
O2 - BHO: (no name) - {72AA7708-1476-67AE-5708-6CAEC456C02F} - C:\windows\system32\apith32.dll
O2 - BHO: (no name) - {7350B9D3-B9DA-2054-675C-9E8EE4DF6C68} - C:\windows\crhd32.dll
O2 - BHO: (no name) - {74D26490-9E7F-905B-3BAA-08765509E086} - C:\windows\javany.dll
O2 - BHO: (no name) - {83F01EC6-1966-280C-39C0-52CF1BB626F6} - C:\windows\system32\sdkqb32.dll
O2 - BHO: (no name) - {8682881C-0143-08BD-57E1-64CD99067C6B} - C:\windows\system32\iprm32.dll
O2 - BHO: (no name) - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\windows\winog32.dll
O2 - BHO: (no name) - {8791D346-D816-E97B-3F20-C6CB9E19B5C2} - C:\windows\system32\ntwi.dll
O2 - BHO: (no name) - {8D283F17-6393-2336-7062-61B53CA2D259} - C:\windows\system32\iekf32.dll
O2 - BHO: (no name) - {8D32F80A-AB76-8C8A-C145-95961BCC455D} - C:\windows\system32\wintf32.dll
O2 - BHO: (no name) - {8E0B929C-BD26-1EC1-6F48-E2127DBFF8F2} - C:\windows\nthn32.dll
O2 - BHO: (no name) - {8E97E342-2F8F-9814-A393-F31425698173} - C:\windows\system32\javaee.dll
O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\windows\system32\ntya32.dll
O2 - BHO: (no name) - {95744E08-BCA9-7DC5-8D02-05BAA6A2035F} - C:\windows\appwm.dll
O2 - BHO: (no name) - {960130C2-7AFF-4036-AC76-1E709CC49FD6} - C:\windows\system32\msgs32.dll
O2 - BHO: (no name) - {9B86CC76-3686-802D-B036-D25C675E70D8} - C:\windows\mfcpj.dll
O2 - BHO: (no name) - {9E40464B-CE86-2A95-419A-510B0FC95988} - C:\windows\crwu32.dll
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - C:\windows\system32\atlyk.dll
O2 - BHO: (no name) - {9FEA258A-0E2B-3771-3FF5-CF33BA97EBDB} - C:\windows\system32\ierl.dll
O2 - BHO: (no name) - {9FF77B6F-0152-8F68-E3D0-97180E42AF81} - C:\windows\appmd32.dll
O2 - BHO: (no name) - {A0D6035B-399F-77CC-3D27-652A6827CD9A} - C:\windows\system32\crql.dll
O2 - BHO: (no name) - {A24BD6EC-9DA1-E120-7138-CBB1D4CD32FD} - C:\windows\d3pl.dll
O2 - BHO: (no name) - {A3DEAD28-EE65-AB87-0D4A-5AA324BCB9A7} - C:\windows\mfcwz.dll
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - C:\windows\system32\mfcrb.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\lwpywf.dll (file missing)
O2 - BHO: (no name) - {AAF322C0-53A3-24FC-C5E6-B062F9D982F9} - C:\windows\mfcoq32.dll
O2 - BHO: (no name) - {B30E47DA-686A-F6BD-2D76-4574041F4B05} - C:\windows\system32\d3zd.dll
O2 - BHO: (no name) - {B39C4AEF-9AA2-A69C-4290-1822AC726C70} - C:\windows\system32\iemw32.dll
O2 - BHO: (no name) - {B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} - C:\windows\appna.dll
O2 - BHO: (no name) - {BA8F7883-AD34-8DF4-84CB-B375DD8257A8} - C:\windows\system32\sysxp.dll
O2 - BHO: (no name) - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\windows\javarj.dll
O2 - BHO: (no name) - {BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} - C:\windows\wincx32.dll
O2 - BHO: (no name) - {BD6292E2-CEBD-27AC-7BB6-566F7436B592} - C:\windows\addsf.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BEE7E5D8-569A-9AC1-5C5F-875B2717BDB1} - C:\windows\system32\winwp32.dll
O2 - BHO: (no name) - {BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} - C:\windows\system32\msmz.dll
O2 - BHO: (no name) - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\windows\winff.dll
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - C:\windows\d3eg32.dll
O2 - BHO: (no name) - {C2B0FE3D-0615-8B34-FA6B-29114249CFF5} - C:\windows\system32\winxt32.dll
O2 - BHO: (no name) - {C3BE4E91-99A9-E524-1E89-7C2CF7929063} - C:\windows\javaau32.dll
O2 - BHO: (no name) - {C3BE66A7-5D8D-CE88-E63D-D32D9FEE6546} - C:\windows\atlap32.dll
O2 - BHO: (no name) - {C404EDA8-19CF-74E0-0E22-C3C50B6D21D1} - C:\windows\system32\d3gz32.dll
O2 - BHO: (no name) - {C50C3867-EF0D-F996-B6E2-672B60D6ED50} - C:\windows\apiyi32.dll
O2 - BHO: (no name) - {C57A97CE-E8D2-2292-3692-AE5AD4A452E1} - C:\windows\ipfo.dll
O2 - BHO: (no name) - {C5DD24AA-44CE-3AF3-2B3D-6EB6F2ECB4A6} - C:\windows\syssy.dll
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - C:\windows\netwx32.dll
O2 - BHO: (no name) - {C8BEE708-6D04-1677-F2EE-681F5D9D77B5} - C:\windows\atlzn32.dll
O2 - BHO: (no name) - {CC06353D-3621-07FC-2B7B-A3933ADD6C59} - C:\windows\system32\addqh.dll
O2 - BHO: (no name) - {CC403086-622D-83F3-2BD1-79D3F203A547} - C:\windows\system32\atlbv32.dll
O2 - BHO: (no name) - {CEC4AD1D-81ED-5AAF-BE11-815FB8F0FFA6} - C:\windows\system32\ntxy.dll
O2 - BHO: (no name) - {CFFA8321-97AC-D558-B2CD-D278699292B1} - C:\windows\system32\apphy32.dll
O2 - BHO: (no name) - {D010E2E2-A168-789D-9E57-563AC50A66D0} - C:\windows\ntoz32.dll
O2 - BHO: (no name) - {DA514823-9119-64E0-C464-A68EB4D3DA4A} - C:\windows\system32\ipgw32.dll
O2 - BHO: (no name) - {E13F3FF4-7686-8A2F-D80E-02A8DFA5DCF6} - C:\windows\addra.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\windows\javalu32.dll
O2 - BHO: (no name) - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\windows\apikv32.dll
O2 - BHO: (no name) - {EBB02D60-86DF-C802-E656-4267939DA210} - C:\windows\system32\ieou32.dll
O2 - BHO: (no name) - {EC15436C-2D60-3C5B-5647-2F041E89CB49} - C:\windows\msyf32.dll
O2 - BHO: (no name) - {EE64D601-3718-A3A2-8684-040FA0D9ABAE} - C:\windows\mshv.dll
O2 - BHO: (no name) - {EFBC894E-C716-CF6F-30F0-1F1AE60E2401} - C:\windows\mfccq.dll
O2 - BHO: (no name) - {F1DEDB5C-B92F-230D-58CA-E65403705AD0} - C:\windows\system32\ieby32.dll
O2 - BHO: (no name) - {F30B013D-7D54-F210-8ECF-CDD34588F69A} - C:\windows\system32\crzn32.dll
O2 - BHO: (no name) - {F3B884B1-3181-A180-8EA9-B6E06DF7844E} - C:\windows\nthd.dll
O2 - BHO: (no name) - {F3E99352-A6A5-0406-6727-CC5DD480E2A3} - C:\windows\system32\d3cp.dll
O2 - BHO: (no name) - {F74D5213-8A18-F9CF-E487-AA203A37CEB8} - C:\windows\system32\addwf.dll
O2 - BHO: (no name) - {F8EA49DA-2095-ABD3-7D85-A5D74D47966F} - C:\windows\mfczf32.dll
O2 - BHO: (no name) - {F9ABE119-352C-F1BB-5DD5-681EF19595DD} - C:\windows\system32\ipek.dll
O2 - BHO: (no name) - {FF697DC7-80E5-BFEF-F6DE-3A230F014608} - C:\windows\system32\atlxe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [desktop] C:\windows\System32\desktop.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunOnce: [5qohnw.exe] C:\windows\System32\5qohnw.exe /k
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [5qohnw.exe] C:\windows\System32\5qohnw.exe /k
O4 - Startup: winupdate34943492[1].exe
O4 - Startup: winupdate81698341[1].exe
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\windows\atlyk32.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe



thanks, Casey
  • 0

Advertisements

#2
Guest_thatman_*
Posted 20 May 2005 - 01:37 PM

Guest_thatman_*
  • Guest
Hello

If you are still in need of help please post a new HijackThis.log

Thank you

Kc :tazz:
  • 0

#3
slurbs
Posted 22 May 2005 - 02:06 AM

slurbs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:47:35 PM, on 5/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\System32\RUNDLL32.EXE
C:\windows\System32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\cn\Desktop\spy blasters\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {083BAD41-B411-8FA3-5200-8522A771770B} - C:\windows\sysip.dll
O2 - BHO: (no name) - {0B1BB08E-50CD-5561-D255-BD8ED1F5FD01} - C:\windows\addfj32.dll
O2 - BHO: (no name) - {0B3E8C42-F9F1-2337-3429-738F7B7654F8} - C:\windows\system32\msum32.dll
O2 - BHO: (no name) - {0B540EFA-2AC6-5866-AF53-D93A51569CDC} - C:\windows\system32\msqo.dll
O2 - BHO: (no name) - {0B910E65-4CD0-713C-7AEC-596165F29413} - C:\windows\iejq.dll
O2 - BHO: (no name) - {0FA5CD9C-AEC3-F607-492D-C465589A5E8E} - C:\windows\d3sl32.dll
O2 - BHO: (no name) - {12F8E92D-F22C-2060-6EAA-4A13C8E0E63A} - C:\windows\appre32.dll
O2 - BHO: (no name) - {14CE5B7A-6546-0088-A736-F486C8A0A93F} - C:\windows\msfs32.dll
O2 - BHO: (no name) - {1BF99432-062E-70AF-0CDB-DD7B52B34282} - C:\windows\atlsb32.dll
O2 - BHO: (no name) - {1D0E04D5-6A8C-E6CF-283E-D25418CADEF9} - C:\windows\system32\mszs.dll
O2 - BHO: (no name) - {20624CF4-3AF3-5A88-257F-7E0B78D56A51} - C:\windows\system32\d3qu32.dll
O2 - BHO: (no name) - {2069D5FC-B9B3-6FBF-EAE9-C9AD1EAA0AA6} - C:\windows\system32\atllp.dll
O2 - BHO: (no name) - {21BE668F-FBD9-89AE-A365-9FC69E461971} - C:\windows\system32\iedl32.dll
O2 - BHO: (no name) - {21EADA2E-FF24-A508-1802-13989D825ABA} - C:\windows\system32\appnu.dll
O2 - BHO: (no name) - {2569FBB3-D534-A987-8E7F-7AA3ADFC70C4} - C:\windows\system32\winlv.dll
O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - C:\windows\system32\ntmb32.dll
O2 - BHO: (no name) - {2A7363DF-C45A-5954-477D-0C78AF4A207C} - C:\windows\atltk.dll
O2 - BHO: (no name) - {2B7CDB2C-16B5-286B-C7F1-C5C80397E087} - C:\windows\system32\apioz.dll
O2 - BHO: (no name) - {2FDECE36-9908-3C07-94EF-739590374096} - C:\windows\crhj32.dll
O2 - BHO: (no name) - {32B40341-3648-02F0-7D04-5B8F58EEBA63} - C:\windows\addnx32.dll
O2 - BHO: (no name) - {342544FC-9066-3A08-5442-F1039ADD4765} - C:\windows\system32\javamo32.dll
O2 - BHO: (no name) - {38684DAB-CE7D-692F-F285-5CE5F24E21F4} - C:\windows\system32\iebh32.dll
O2 - BHO: (no name) - {3A21BE6B-7A02-5B85-3FE9-2B6EC6CF21E6} - C:\windows\netnk32.dll
O2 - BHO: (no name) - {3C12D570-FD02-5A01-B5D2-CA3B9D74D61F} - C:\windows\netqk.dll
O2 - BHO: (no name) - {3DC5D292-C5C0-FCBB-38A3-D792D6BB1F26} - C:\windows\system32\crnm32.dll
O2 - BHO: (no name) - {3EB92E28-EE9A-43B7-6D25-F4D8822B3138} - C:\windows\sysox32.dll
O2 - BHO: (no name) - {46D4E454-70DA-2B3F-1D10-69C7CE8C375C} - C:\windows\sysjg32.dll
O2 - BHO: (no name) - {4D1EDB57-DC5A-74B0-7BA8-B823E3519DB0} - C:\windows\d3zp32.dll
O2 - BHO: (no name) - {4EE12872-1521-4B63-1BB4-09617436BD48} - C:\windows\javalk32.dll
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - C:\windows\ntrk32.dll
O2 - BHO: (no name) - {51FF3DF8-38BA-EDB0-674D-45926004A3A5} - C:\windows\system32\ipxi32.dll
O2 - BHO: (no name) - {52DA67B7-88BC-6D44-FC8E-869AC8F79662} - C:\windows\crhs32.dll
O2 - BHO: (no name) - {52FEDAFD-7116-8034-52FF-C710EA25905B} - C:\windows\system32\atlog32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C9AB6D-6031-E16B-125B-94A3A319C53F} - C:\windows\system32\d3nu32.dll
O2 - BHO: (no name) - {54351455-EFE9-7EFE-3393-B2622AF47B0F} - C:\windows\system32\javazs.dll
O2 - BHO: (no name) - {5655D1F2-041F-172B-24A6-490B92FF5C0F} - C:\windows\crkl32.dll
O2 - BHO: (no name) - {5932D6CD-5850-EB9A-AF22-5C40F8C3A50A} - C:\windows\system32\sdkkc32.dll
O2 - BHO: (no name) - {5F0DB282-2C0A-AE7B-A81A-1451175E7CC1} - C:\windows\system32\ipao.dll
O2 - BHO: (no name) - {61BED734-12F8-5DA2-C2B0-73927CFBD801} - C:\windows\sysai32.dll
O2 - BHO: (no name) - {633C8BFF-B1D2-9627-66F6-74124A682441} - C:\windows\system32\d3kw.dll
O2 - BHO: (no name) - {64CA0FC6-5085-C447-8988-25C5AC6CDBBE} - C:\windows\system32\netuu32.dll
O2 - BHO: (no name) - {66EF0D72-55A0-257D-BE1E-869C17411C8A} - C:\windows\system32\sysro32.dll
O2 - BHO: (no name) - {68761E0C-A678-2B1F-4293-E427E94D1A2D} - C:\windows\system32\ipqd.dll
O2 - BHO: (no name) - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\windows\system32\winal.dll
O2 - BHO: (no name) - {6F8A1992-AF2F-5DB6-2B3E-65738F300B53} - C:\windows\system32\ntlp32.dll
O2 - BHO: (no name) - {708A3F77-2B37-C3B7-492A-8F7BB57030BB} - C:\windows\system32\iejq.dll
O2 - BHO: (no name) - {709366A3-52C9-A38A-CAED-3E4124CAE61A} - C:\windows\system32\atluu.dll
O2 - BHO: (no name) - {70B30880-F84D-EE39-FE16-EDB1E1A80F9A} - C:\windows\system32\ieoa32.dll
O2 - BHO: (no name) - {72AA7708-1476-67AE-5708-6CAEC456C02F} - C:\windows\system32\apith32.dll
O2 - BHO: (no name) - {7350B9D3-B9DA-2054-675C-9E8EE4DF6C68} - C:\windows\crhd32.dll
O2 - BHO: (no name) - {74D26490-9E7F-905B-3BAA-08765509E086} - C:\windows\javany.dll
O2 - BHO: (no name) - {83F01EC6-1966-280C-39C0-52CF1BB626F6} - C:\windows\system32\sdkqb32.dll
O2 - BHO: (no name) - {8682881C-0143-08BD-57E1-64CD99067C6B} - C:\windows\system32\iprm32.dll
O2 - BHO: (no name) - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\windows\winog32.dll
O2 - BHO: (no name) - {8791D346-D816-E97B-3F20-C6CB9E19B5C2} - C:\windows\system32\ntwi.dll
O2 - BHO: (no name) - {8D283F17-6393-2336-7062-61B53CA2D259} - C:\windows\system32\iekf32.dll
O2 - BHO: (no name) - {8D32F80A-AB76-8C8A-C145-95961BCC455D} - C:\windows\system32\wintf32.dll
O2 - BHO: (no name) - {8E0B929C-BD26-1EC1-6F48-E2127DBFF8F2} - C:\windows\nthn32.dll
O2 - BHO: (no name) - {8E97E342-2F8F-9814-A393-F31425698173} - C:\windows\system32\javaee.dll
O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\windows\system32\ntya32.dll
O2 - BHO: (no name) - {95744E08-BCA9-7DC5-8D02-05BAA6A2035F} - C:\windows\appwm.dll
O2 - BHO: (no name) - {960130C2-7AFF-4036-AC76-1E709CC49FD6} - C:\windows\system32\msgs32.dll
O2 - BHO: (no name) - {9B86CC76-3686-802D-B036-D25C675E70D8} - C:\windows\mfcpj.dll
O2 - BHO: (no name) - {9E40464B-CE86-2A95-419A-510B0FC95988} - C:\windows\crwu32.dll
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - C:\windows\system32\atlyk.dll
O2 - BHO: (no name) - {9FEA258A-0E2B-3771-3FF5-CF33BA97EBDB} - C:\windows\system32\ierl.dll
O2 - BHO: (no name) - {9FF77B6F-0152-8F68-E3D0-97180E42AF81} - C:\windows\appmd32.dll
O2 - BHO: (no name) - {A0D6035B-399F-77CC-3D27-652A6827CD9A} - C:\windows\system32\crql.dll
O2 - BHO: (no name) - {A24BD6EC-9DA1-E120-7138-CBB1D4CD32FD} - C:\windows\d3pl.dll
O2 - BHO: (no name) - {A3DEAD28-EE65-AB87-0D4A-5AA324BCB9A7} - C:\windows\mfcwz.dll
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - C:\windows\system32\mfcrb.dll
O2 - BHO: (no name) - {AAF322C0-53A3-24FC-C5E6-B062F9D982F9} - C:\windows\mfcoq32.dll
O2 - BHO: (no name) - {B30E47DA-686A-F6BD-2D76-4574041F4B05} - C:\windows\system32\d3zd.dll
O2 - BHO: (no name) - {B39C4AEF-9AA2-A69C-4290-1822AC726C70} - C:\windows\system32\iemw32.dll
O2 - BHO: (no name) - {B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} - C:\windows\appna.dll
O2 - BHO: (no name) - {BA8F7883-AD34-8DF4-84CB-B375DD8257A8} - C:\windows\system32\sysxp.dll
O2 - BHO: (no name) - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\windows\javarj.dll
O2 - BHO: (no name) - {BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} - C:\windows\wincx32.dll
O2 - BHO: (no name) - {BD6292E2-CEBD-27AC-7BB6-566F7436B592} - C:\windows\addsf.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BEE7E5D8-569A-9AC1-5C5F-875B2717BDB1} - C:\windows\system32\winwp32.dll
O2 - BHO: (no name) - {BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} - C:\windows\system32\msmz.dll
O2 - BHO: (no name) - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\windows\winff.dll
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - C:\windows\d3eg32.dll
O2 - BHO: (no name) - {C2B0FE3D-0615-8B34-FA6B-29114249CFF5} - C:\windows\system32\winxt32.dll
O2 - BHO: (no name) - {C3BE4E91-99A9-E524-1E89-7C2CF7929063} - C:\windows\javaau32.dll
O2 - BHO: (no name) - {C3BE66A7-5D8D-CE88-E63D-D32D9FEE6546} - C:\windows\atlap32.dll
O2 - BHO: (no name) - {C404EDA8-19CF-74E0-0E22-C3C50B6D21D1} - C:\windows\system32\d3gz32.dll
O2 - BHO: (no name) - {C50C3867-EF0D-F996-B6E2-672B60D6ED50} - C:\windows\apiyi32.dll
O2 - BHO: (no name) - {C57A97CE-E8D2-2292-3692-AE5AD4A452E1} - C:\windows\ipfo.dll
O2 - BHO: (no name) - {C5DD24AA-44CE-3AF3-2B3D-6EB6F2ECB4A6} - C:\windows\syssy.dll
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - C:\windows\netwx32.dll
O2 - BHO: (no name) - {C8BEE708-6D04-1677-F2EE-681F5D9D77B5} - C:\windows\atlzn32.dll
O2 - BHO: (no name) - {CC06353D-3621-07FC-2B7B-A3933ADD6C59} - C:\windows\system32\addqh.dll
O2 - BHO: (no name) - {CC403086-622D-83F3-2BD1-79D3F203A547} - C:\windows\system32\atlbv32.dll
O2 - BHO: (no name) - {CEC4AD1D-81ED-5AAF-BE11-815FB8F0FFA6} - C:\windows\system32\ntxy.dll
O2 - BHO: (no name) - {CFFA8321-97AC-D558-B2CD-D278699292B1} - C:\windows\system32\apphy32.dll
O2 - BHO: (no name) - {D010E2E2-A168-789D-9E57-563AC50A66D0} - C:\windows\ntoz32.dll
O2 - BHO: (no name) - {DA514823-9119-64E0-C464-A68EB4D3DA4A} - C:\windows\system32\ipgw32.dll
O2 - BHO: (no name) - {E13F3FF4-7686-8A2F-D80E-02A8DFA5DCF6} - C:\windows\addra.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\windows\javalu32.dll
O2 - BHO: (no name) - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\windows\apikv32.dll
O2 - BHO: (no name) - {EBB02D60-86DF-C802-E656-4267939DA210} - C:\windows\system32\ieou32.dll
O2 - BHO: (no name) - {EC15436C-2D60-3C5B-5647-2F041E89CB49} - C:\windows\msyf32.dll
O2 - BHO: (no name) - {EE64D601-3718-A3A2-8684-040FA0D9ABAE} - C:\windows\mshv.dll
O2 - BHO: (no name) - {EFBC894E-C716-CF6F-30F0-1F1AE60E2401} - C:\windows\mfccq.dll
O2 - BHO: (no name) - {F1DEDB5C-B92F-230D-58CA-E65403705AD0} - C:\windows\system32\ieby32.dll
O2 - BHO: (no name) - {F30B013D-7D54-F210-8ECF-CDD34588F69A} - C:\windows\system32\crzn32.dll
O2 - BHO: (no name) - {F3B884B1-3181-A180-8EA9-B6E06DF7844E} - C:\windows\nthd.dll
O2 - BHO: (no name) - {F3E99352-A6A5-0406-6727-CC5DD480E2A3} - C:\windows\system32\d3cp.dll
O2 - BHO: (no name) - {F74D5213-8A18-F9CF-E487-AA203A37CEB8} - C:\windows\system32\addwf.dll
O2 - BHO: (no name) - {F8EA49DA-2095-ABD3-7D85-A5D74D47966F} - C:\windows\mfczf32.dll
O2 - BHO: (no name) - {F9ABE119-352C-F1BB-5DD5-681EF19595DD} - C:\windows\system32\ipek.dll
O2 - BHO: (no name) - {FF697DC7-80E5-BFEF-F6DE-3A230F014608} - C:\windows\system32\atlxe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [desktop] C:\windows\System32\desktop.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\windows\atlyk32.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

Thanks again
  • 0

#4
Guest_thatman_*
Posted 22 May 2005 - 04:30 AM

Guest_thatman_*
  • Guest
Hi slurbs

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan save the log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {083BAD41-B411-8FA3-5200-8522A771770B} - C:\windows\sysip.dll
O2 - BHO: (no name) - {0B1BB08E-50CD-5561-D255-BD8ED1F5FD01} - C:\windows\addfj32.dll
O2 - BHO: (no name) - {0B3E8C42-F9F1-2337-3429-738F7B7654F8} - C:\windows\system32\msum32.dll
O2 - BHO: (no name) - {0B540EFA-2AC6-5866-AF53-D93A51569CDC} - C:\windows\system32\msqo.dll
O2 - BHO: (no name) - {0B910E65-4CD0-713C-7AEC-596165F29413} - C:\windows\iejq.dll
O2 - BHO: (no name) - {0FA5CD9C-AEC3-F607-492D-C465589A5E8E} - C:\windows\d3sl32.dll
O2 - BHO: (no name) - {12F8E92D-F22C-2060-6EAA-4A13C8E0E63A} - C:\windows\appre32.dll
O2 - BHO: (no name) - {14CE5B7A-6546-0088-A736-F486C8A0A93F} - C:\windows\msfs32.dll
O2 - BHO: (no name) - {1BF99432-062E-70AF-0CDB-DD7B52B34282} - C:\windows\atlsb32.dll
O2 - BHO: (no name) - {1D0E04D5-6A8C-E6CF-283E-D25418CADEF9} - C:\windows\system32\mszs.dll
O2 - BHO: (no name) - {20624CF4-3AF3-5A88-257F-7E0B78D56A51} - C:\windows\system32\d3qu32.dll
O2 - BHO: (no name) - {2069D5FC-B9B3-6FBF-EAE9-C9AD1EAA0AA6} - C:\windows\system32\atllp.dll
O2 - BHO: (no name) - {21BE668F-FBD9-89AE-A365-9FC69E461971} - C:\windows\system32\iedl32.dll
O2 - BHO: (no name) - {21EADA2E-FF24-A508-1802-13989D825ABA} - C:\windows\system32\appnu.dll
O2 - BHO: (no name) - {2569FBB3-D534-A987-8E7F-7AA3ADFC70C4} - C:\windows\system32\winlv.dll
O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - C:\windows\system32\ntmb32.dll
O2 - BHO: (no name) - {2A7363DF-C45A-5954-477D-0C78AF4A207C} - C:\windows\atltk.dll
O2 - BHO: (no name) - {2B7CDB2C-16B5-286B-C7F1-C5C80397E087} - C:\windows\system32\apioz.dll
O2 - BHO: (no name) - {2FDECE36-9908-3C07-94EF-739590374096} - C:\windows\crhj32.dll
O2 - BHO: (no name) - {32B40341-3648-02F0-7D04-5B8F58EEBA63} - C:\windows\addnx32.dll
O2 - BHO: (no name) - {342544FC-9066-3A08-5442-F1039ADD4765} - C:\windows\system32\javamo32.dll
O2 - BHO: (no name) - {38684DAB-CE7D-692F-F285-5CE5F24E21F4} - C:\windows\system32\iebh32.dll
O2 - BHO: (no name) - {3A21BE6B-7A02-5B85-3FE9-2B6EC6CF21E6} - C:\windows\netnk32.dll
O2 - BHO: (no name) - {3C12D570-FD02-5A01-B5D2-CA3B9D74D61F} - C:\windows\netqk.dll
O2 - BHO: (no name) - {3DC5D292-C5C0-FCBB-38A3-D792D6BB1F26} - C:\windows\system32\crnm32.dll
O2 - BHO: (no name) - {3EB92E28-EE9A-43B7-6D25-F4D8822B3138} - C:\windows\sysox32.dll
O2 - BHO: (no name) - {46D4E454-70DA-2B3F-1D10-69C7CE8C375C} - C:\windows\sysjg32.dll
O2 - BHO: (no name) - {4D1EDB57-DC5A-74B0-7BA8-B823E3519DB0} - C:\windows\d3zp32.dll
O2 - BHO: (no name) - {4EE12872-1521-4B63-1BB4-09617436BD48} - C:\windows\javalk32.dll
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - C:\windows\ntrk32.dll
O2 - BHO: (no name) - {51FF3DF8-38BA-EDB0-674D-45926004A3A5} - C:\windows\system32\ipxi32.dll
O2 - BHO: (no name) - {52DA67B7-88BC-6D44-FC8E-869AC8F79662} - C:\windows\crhs32.dll
O2 - BHO: (no name) - {52FEDAFD-7116-8034-52FF-C710EA25905B} - C:\windows\system32\atlog32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C9AB6D-6031-E16B-125B-94A3A319C53F} - C:\windows\system32\d3nu32.dll
O2 - BHO: (no name) - {54351455-EFE9-7EFE-3393-B2622AF47B0F} - C:\windows\system32\javazs.dll
O2 - BHO: (no name) - {5655D1F2-041F-172B-24A6-490B92FF5C0F} - C:\windows\crkl32.dll
O2 - BHO: (no name) - {5932D6CD-5850-EB9A-AF22-5C40F8C3A50A} - C:\windows\system32\sdkkc32.dll
O2 - BHO: (no name) - {5F0DB282-2C0A-AE7B-A81A-1451175E7CC1} - C:\windows\system32\ipao.dll
O2 - BHO: (no name) - {61BED734-12F8-5DA2-C2B0-73927CFBD801} - C:\windows\sysai32.dll
O2 - BHO: (no name) - {633C8BFF-B1D2-9627-66F6-74124A682441} - C:\windows\system32\d3kw.dll
O2 - BHO: (no name) - {64CA0FC6-5085-C447-8988-25C5AC6CDBBE} - C:\windows\system32\netuu32.dll
O2 - BHO: (no name) - {66EF0D72-55A0-257D-BE1E-869C17411C8A} - C:\windows\system32\sysro32.dll
O2 - BHO: (no name) - {68761E0C-A678-2B1F-4293-E427E94D1A2D} - C:\windows\system32\ipqd.dll
O2 - BHO: (no name) - {6D6F824E-4876-24B2-D11B-49F9A8DF9F1B} - C:\windows\system32\winal.dll
O2 - BHO: (no name) - {6F8A1992-AF2F-5DB6-2B3E-65738F300B53} - C:\windows\system32\ntlp32.dll
O2 - BHO: (no name) - {708A3F77-2B37-C3B7-492A-8F7BB57030BB} - C:\windows\system32\iejq.dll
O2 - BHO: (no name) - {709366A3-52C9-A38A-CAED-3E4124CAE61A} - C:\windows\system32\atluu.dll
O2 - BHO: (no name) - {70B30880-F84D-EE39-FE16-EDB1E1A80F9A} - C:\windows\system32\ieoa32.dll
O2 - BHO: (no name) - {72AA7708-1476-67AE-5708-6CAEC456C02F} - C:\windows\system32\apith32.dll
O2 - BHO: (no name) - {7350B9D3-B9DA-2054-675C-9E8EE4DF6C68} - C:\windows\crhd32.dll
O2 - BHO: (no name) - {74D26490-9E7F-905B-3BAA-08765509E086} - C:\windows\javany.dll
O2 - BHO: (no name) - {83F01EC6-1966-280C-39C0-52CF1BB626F6} - C:\windows\system32\sdkqb32.dll
O2 - BHO: (no name) - {8682881C-0143-08BD-57E1-64CD99067C6B} - C:\windows\system32\iprm32.dll
O2 - BHO: (no name) - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\windows\winog32.dll
O2 - BHO: (no name) - {8791D346-D816-E97B-3F20-C6CB9E19B5C2} - C:\windows\system32\ntwi.dll
O2 - BHO: (no name) - {8D283F17-6393-2336-7062-61B53CA2D259} - C:\windows\system32\iekf32.dll
O2 - BHO: (no name) - {8D32F80A-AB76-8C8A-C145-95961BCC455D} - C:\windows\system32\wintf32.dll
O2 - BHO: (no name) - {8E0B929C-BD26-1EC1-6F48-E2127DBFF8F2} - C:\windows\nthn32.dll
O2 - BHO: (no name) - {8E97E342-2F8F-9814-A393-F31425698173} - C:\windows\system32\javaee.dll
O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\windows\system32\ntya32.dll
O2 - BHO: (no name) - {95744E08-BCA9-7DC5-8D02-05BAA6A2035F} - C:\windows\appwm.dll
O2 - BHO: (no name) - {960130C2-7AFF-4036-AC76-1E709CC49FD6} - C:\windows\system32\msgs32.dll
O2 - BHO: (no name) - {9B86CC76-3686-802D-B036-D25C675E70D8} - C:\windows\mfcpj.dll
O2 - BHO: (no name) - {9E40464B-CE86-2A95-419A-510B0FC95988} - C:\windows\crwu32.dll
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - C:\windows\system32\atlyk.dll
O2 - BHO: (no name) - {9FEA258A-0E2B-3771-3FF5-CF33BA97EBDB} - C:\windows\system32\ierl.dll
O2 - BHO: (no name) - {9FF77B6F-0152-8F68-E3D0-97180E42AF81} - C:\windows\appmd32.dll
O2 - BHO: (no name) - {A0D6035B-399F-77CC-3D27-652A6827CD9A} - C:\windows\system32\crql.dll
O2 - BHO: (no name) - {A24BD6EC-9DA1-E120-7138-CBB1D4CD32FD} - C:\windows\d3pl.dll
O2 - BHO: (no name) - {A3DEAD28-EE65-AB87-0D4A-5AA324BCB9A7} - C:\windows\mfcwz.dll
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - C:\windows\system32\mfcrb.dll
O2 - BHO: (no name) - {AAF322C0-53A3-24FC-C5E6-B062F9D982F9} - C:\windows\mfcoq32.dll
O2 - BHO: (no name) - {B30E47DA-686A-F6BD-2D76-4574041F4B05} - C:\windows\system32\d3zd.dll
O2 - BHO: (no name) - {B39C4AEF-9AA2-A69C-4290-1822AC726C70} - C:\windows\system32\iemw32.dll
O2 - BHO: (no name) - {B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} - C:\windows\appna.dll
O2 - BHO: (no name) - {BA8F7883-AD34-8DF4-84CB-B375DD8257A8} - C:\windows\system32\sysxp.dll
O2 - BHO: (no name) - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\windows\javarj.dll
O2 - BHO: (no name) - {BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} - C:\windows\wincx32.dll
O2 - BHO: (no name) - {BD6292E2-CEBD-27AC-7BB6-566F7436B592} - C:\windows\addsf.dll
O2 - BHO: (no name) - {BEE7E5D8-569A-9AC1-5C5F-875B2717BDB1} - C:\windows\system32\winwp32.dll
O2 - BHO: (no name) - {BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} - C:\windows\system32\msmz.dll
O2 - BHO: (no name) - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\windows\winff.dll
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - C:\windows\d3eg32.dll
O2 - BHO: (no name) - {C2B0FE3D-0615-8B34-FA6B-29114249CFF5} - C:\windows\system32\winxt32.dll
O2 - BHO: (no name) - {C3BE4E91-99A9-E524-1E89-7C2CF7929063} - C:\windows\javaau32.dll
O2 - BHO: (no name) - {C3BE66A7-5D8D-CE88-E63D-D32D9FEE6546} - C:\windows\atlap32.dll
O2 - BHO: (no name) - {C404EDA8-19CF-74E0-0E22-C3C50B6D21D1} - C:\windows\system32\d3gz32.dll
O2 - BHO: (no name) - {C50C3867-EF0D-F996-B6E2-672B60D6ED50} - C:\windows\apiyi32.dll
O2 - BHO: (no name) - {C57A97CE-E8D2-2292-3692-AE5AD4A452E1} - C:\windows\ipfo.dll
O2 - BHO: (no name) - {C5DD24AA-44CE-3AF3-2B3D-6EB6F2ECB4A6} - C:\windows\syssy.dll
O2 - BHO: (no name) - {C72B4089-65FD-6816-11BF-DEB6F68FAA46} - C:\windows\netwx32.dll
O2 - BHO: (no name) - {C8BEE708-6D04-1677-F2EE-681F5D9D77B5} - C:\windows\atlzn32.dll
O2 - BHO: (no name) - {CC06353D-3621-07FC-2B7B-A3933ADD6C59} - C:\windows\system32\addqh.dll
O2 - BHO: (no name) - {CC403086-622D-83F3-2BD1-79D3F203A547} - C:\windows\system32\atlbv32.dll
O2 - BHO: (no name) - {CEC4AD1D-81ED-5AAF-BE11-815FB8F0FFA6} - C:\windows\system32\ntxy.dll
O2 - BHO: (no name) - {CFFA8321-97AC-D558-B2CD-D278699292B1} - C:\windows\system32\apphy32.dll
O2 - BHO: (no name) - {D010E2E2-A168-789D-9E57-563AC50A66D0} - C:\windows\ntoz32.dll
O2 - BHO: (no name) - {DA514823-9119-64E0-C464-A68EB4D3DA4A} - C:\windows\system32\ipgw32.dll
O2 - BHO: (no name) - {E13F3FF4-7686-8A2F-D80E-02A8DFA5DCF6} - C:\windows\addra.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\windows\javalu32.dll
O2 - BHO: (no name) - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\windows\apikv32.dll
O2 - BHO: (no name) - {EBB02D60-86DF-C802-E656-4267939DA210} - C:\windows\system32\ieou32.dll
O2 - BHO: (no name) - {EC15436C-2D60-3C5B-5647-2F041E89CB49} - C:\windows\msyf32.dll
O2 - BHO: (no name) - {EE64D601-3718-A3A2-8684-040FA0D9ABAE} - C:\windows\mshv.dll
O2 - BHO: (no name) - {EFBC894E-C716-CF6F-30F0-1F1AE60E2401} - C:\windows\mfccq.dll
O2 - BHO: (no name) - {F1DEDB5C-B92F-230D-58CA-E65403705AD0} - C:\windows\system32\ieby32.dll
O2 - BHO: (no name) - {F30B013D-7D54-F210-8ECF-CDD34588F69A} - C:\windows\system32\crzn32.dll
O2 - BHO: (no name) - {F3B884B1-3181-A180-8EA9-B6E06DF7844E} - C:\windows\nthd.dll
O2 - BHO: (no name) - {F3E99352-A6A5-0406-6727-CC5DD480E2A3} - C:\windows\system32\d3cp.dll
O2 - BHO: (no name) - {F74D5213-8A18-F9CF-E487-AA203A37CEB8} - C:\windows\system32\addwf.dll
O2 - BHO: (no name) - {F8EA49DA-2095-ABD3-7D85-A5D74D47966F} - C:\windows\mfczf32.dll
O2 - BHO: (no name) - {F9ABE119-352C-F1BB-5DD5-681EF19595DD} - C:\windows\system32\ipek.dll
O2 - BHO: (no name) - {FF697DC7-80E5-BFEF-F6DE-3A230F014608} - C:\windows\system32\atlxe.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [desktop] C:\windows\System32\desktop.exe
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O9 - Extra button: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0CB57DA-C2D7-4C42-AF34-B18D05F418FA} - C:\windows\System32\wldr.dll (HKCU)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\windows\atlyk32.exe (file missing)
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
Click on Fix Checked when finished and exit HijackThis.

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\windows\sysip.dll
C:\windows\System32\mousehs.exe
C:\windows\addfj32.dll
C:\windows\system32\msum32.dll
C:\windows\system32\msqo.dll
C:\windows\iejq.dll
C:\windows\d3sl32.dll
C:\windows\appre32.dll
C:\windows\msfs32.dll
C:\windows\atlsb32.dll
C:\windows\system32\mszs.dll
C:\windows\system32\d3qu32.dll
C:\windows\system32\atllp.dll
C:\windows\system32\iedl32.dll
C:\windows\system32\appnu.dll
C:\windows\system32\winlv.dll
C:\windows\system32\ntmb32.dll
C:\windows\atltk.dll
C:\windows\system32\apioz.dll
C:\windows\crhj32.dll
C:\windows\addnx32.dll
C:\windows\system32\javamo32.dll
C:\windows\system32\iebh32.dll
C:\windows\netnk32.dll
C:\windows\netqk.dll
C:\windows\system32\crnm32.dll
C:\windows\sysox32.dll
C:\windows\sysjg32.dll
C:\windows\d3zp32.dll
C:\windows\javalk32.dll
C:\windows\ntrk32.dll
C:\windows\system32\ipxi32.dll
C:\windows\crhs32.dll
C:\windows\system32\atlog32.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\windows\system32\d3nu32.dll
C:\windows\system32\javazs.dll
C:\windows\crkl32.dll
C:\windows\system32\sdkkc32.dll
C:\windows\system32\ipao.dll
C:\windows\sysai32.dll
C:\windows\system32\d3kw.dll
C:\windows\system32\netuu32.dll
C:\windows\system32\sysro32.dll
C:\windows\system32\ipqd.dll
C:\windows\system32\winal.dll
C:\windows\system32\ntlp32.dll
C:\windows\system32\iejq.dll
C:\windows\system32\atluu.dll
C:\windows\system32\ieoa32.dll
C:\windows\system32\apith32.dll
C:\windows\crhd32.dll
C:\windows\javany.dll
C:\windows\system32\sdkqb32.dll
C:\windows\system32\iprm32.dll
C:\windows\winog32.dll
C:\windows\system32\ntwi.dll
C:\windows\system32\iekf32.dll
C:\windows\system32\wintf32.dll
C:\windows\nthn32.dll
C:\windows\system32\javaee.dll
C:\windows\system32\ntya32.dll
C:\windows\appwm.dll
C:\windows\system32\msgs32.dll
C:\windows\mfcpj.dll
C:\windows\crwu32.dll
C:\windows\system32\atlyk.dll
C:\windows\system32\ierl.dll
C:\windows\appmd32.dll
C:\windows\system32\crql.dll
C:\windows\d3pl.dll
C:\windows\mfcwz.dll
C:\windows\system32\mfcrb.dll
C:\windows\mfcoq32.dll
C:\windows\system32\d3zd.dll
C:\windows\system32\iemw32.dll
C:\windows\appna.dll
C:\windows\system32\sysxp.dll
C:\windows\javarj.dll
C:\windows\wincx32.dll
C:\windows\addsf.dll
C:\windows\system32\winwp32.dll
C:\windows\system32\msmz.dll
C:\windows\winff.dll
C:\windows\d3eg32.dll
C:\windows\system32\winxt32.dll
C:\windows\javaau32.dll
C:\windows\atlap32.dll
C:\windows\system32\d3gz32.dll
C:\windows\apiyi32.dll
C:\windows\ipfo.dll
C:\windows\syssy.dll
C:\windows\netwx32.dll
C:\windows\atlzn32.dll
C:\windows\system32\addqh.dll
C:\windows\system32\atlbv32.dll
C:\windows\system32\ntxy.dll
C:\windows\system32\apphy32.dll
C:\windows\ntoz32.dll
C:\windows\system32\ipgw32.dll
C:\windows\addra.dll
C:\windows\javalu32.dll
C:\windows\apikv32.dll
C:\windows\system32\ieou32.dll
C:\windows\msyf32.dll
C:\windows\mshv.dll
C:\windows\mfccq.dll
C:\windows\system32\ieby32.dll
C:\windows\system32\crzn32.dll
C:\windows\nthd.dll
C:\windows\system32\d3cp.dll
C:\windows\system32\addwf.dll
C:\windows\mfczf32.dll
C:\windows\system32\ipek.dll
C:\windows\system32\atlxe.dll
C:\windows\System32\desktop.exe
msnmssgr.exe
C:\windows\System32\wldr.dll
C:\windows\atlyk32.exe
Let the system reboot.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted Reboot to let it clean out the remaining files.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
[B]Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
slurbs
Posted 23 May 2005 - 08:57 PM

slurbs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:59:37 PM, 5/22/2005
+ Report-Checksum: 2FE91B0B

+ Date of database: 5/17/2005
+ Version of scan engine: v3.0

+ Duration: 172 min
+ Scanned Files: 250711
+ Speed: 24.16 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\
D:\
G:\

+ Scan result:
No infected files found!


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 12:43:22 AM, on 5/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\windows\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\windows\System32\wuauclt.exe
C:\Documents and Settings\cn\Desktop\spy blasters\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\windows\atlyk32.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

#6
slurbs
Posted 24 May 2005 - 12:09 AM

slurbs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
panda log..


Incident Status Location

Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\cn\Application Data\tvm*.dll
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\cn\Application Data\Lycos
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Ab scissor.url
Adware:Adware/IGuard No disinfected C:\windows\System32\wldr.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\cn\Application Data\tvmcwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\cn\Application Data\tvmuknwrd.dll
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\cn\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/Adtomi No disinfected C:\WINDOWS\7dtgttc.sys
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\5qohnw.exe
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\7dtgttc.sys
Adware:Adware/BlueScreenWarningNo disinfected C:\WINDOWS\system32\wldr.dll

thanks for the help!
Casey :tazz:
  • 0

#7
Guest_thatman_*
Posted 24 May 2005 - 08:38 AM

Guest_thatman_*
  • Guest
Hi slurbs

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Remote Procedure Call (RPC) Helper
Mouse Hardware Sync (mousehs)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

Run HJThis delete the following
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\windows\atlyk32.exe (file missing)
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)

Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
C:\Documents and Settings\All Users\Favorites\AdultGambling.url
C:\Documents and Settings\cn\Application Data\tvm*.dll
C:\Documents and Settings\cn\Application Data\Lycos
C:\Documents and Settings\cn\Favorites\Sites about\Ab scissor.url
C:\windows\System32\wldr.dll
C:\Documents and Settings\All Users\Favorites\AdultGambling.url
C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
C:\Documents and Settings\cn\Application Data\tvmcwrd.dll
C:\Documents and Settings\cn\Application Data\tvmuknwrd.dll
C:\Documents and Settings\cn\Favorites\Sites about\Ab scissor.url
C:\Documents and Settings\cn\Favorites\Sites about\Broadband comparison.url
C:\Documents and Settings\cn\Favorites\Sites about\Credit counseling.url
C:\Documents and Settings\cn\Favorites\Sites about\Credit report.url
C:\Documents and Settings\cn\Favorites\Sites about\Crm software.url
C:\Documents and Settings\cn\Favorites\Sites about\Debt credit card.url
C:\Documents and Settings\cn\Favorites\Sites about\Escorts.url
C:\Documents and Settings\cn\Favorites\Sites about\Fha.url
C:\Documents and Settings\cn\Favorites\Sites about\Health insurance.url
C:\Documents and Settings\cn\Favorites\Sites about\Help desk software.url
C:\Documents and Settings\cn\Favorites\Sites about\Insurance home.url
C:\Documents and Settings\cn\Favorites\Sites about\Loan for debt consolidation.url
C:\Documents and Settings\cn\Favorites\Sites about\Loan for people with bad credit.url
C:\Documents and Settings\cn\Favorites\Sites about\Marketing email.url
C:\Documents and Settings\cn\Favorites\Sites about\Mortgage insurance.url
C:\Documents and Settings\cn\Favorites\Sites about\Mortgage life insurance.url
C:\Documents and Settings\cn\Favorites\Sites about\Nevada corporations.url
C:\Documents and Settings\cn\Favorites\Sites about\Online Betting Site.url
C:\Documents and Settings\cn\Favorites\Sites about\Online gambling casino.url
C:\Documents and Settings\cn\Favorites\Sites about\Online instant loan.url
C:\Documents and Settings\cn\Favorites\Sites about\Order phentermine.url
C:\Documents and Settings\cn\Favorites\Sites about\Payroll advance.url
C:\Documents and Settings\cn\Favorites\Sites about\Personal loans online.url
C:\Documents and Settings\cn\Favorites\Sites about\Personal loans with bad credit.url
C:\Documents and Settings\cn\Favorites\Sites about\Prescription Drugs Rx Online.url
C:\Documents and Settings\cn\Favorites\Sites about\Refinancing my mortgage.url
C:\Documents and Settings\cn\Favorites\Sites about\Tahoe vacation rental.url
C:\Documents and Settings\cn\Favorites\Sites about\Unsecured bad credit loans.url
C:\Documents and Settings\cn\Favorites\Sites about\Videos.url
C:\Documents and Settings\cn\Favorites\Sites about\What is hydrocodone.url
C:\WINDOWS\7dtgttc.sys
C:\WINDOWS\system32\5qohnw.exe
C:\WINDOWS\system32\7dtgttc.sys
C:\WINDOWS\system32\wldr.dll
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#8
slurbs
Posted 25 May 2005 - 10:17 AM

slurbs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:43:51 PM, on 5/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\cn\Desktop\spy blasters\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

will post the panda log later
  • 0

#9
Guest_thatman_*
Posted 25 May 2005 - 10:24 AM

Guest_thatman_*
  • Guest
Hi slurbs

Your HJT.log is clean, await the virus scan

Kc :tazz:
  • 0

#10
slurbs
Posted 26 May 2005 - 02:31 AM

slurbs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
panda log


Incident Status Location

Virus:Trj/Downloader.CML Disinfected C:\Documents and Settings\cn\Local Settings\Temporary Internet Files\Content.IE5\4N9MT3A8\winupdate16507410[1].exe
  • 0

#11
Guest_thatman_*
Posted 26 May 2005 - 03:22 AM

Guest_thatman_*
  • Guest
Hi slurbs

How is the system running now.

Let me know

Kc :tazz:
  • 0

#12
slurbs
Posted 26 May 2005 - 11:39 PM

slurbs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Running Great now. Thanks so much!
Casey D Nease :tazz: ;)
  • 0

#13
Guest_thatman_*
Posted 27 May 2005 - 02:58 AM

Guest_thatman_*
  • Guest
Hi slurbs

Congratulations! Your system is CLEAN ;)

Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.
SpyBot Search & Destroy v1.3
Spybot Tutorial
Disable Spybot Tutorial

Winpatrol Free

Ad-Aware SE Personal Edition Free
AdAware Tutorial

Turn of system restore
Disabling or enabling Windows XP System Restore
WIndows ME
Defrag your hard drive. Turn system restore back on and create a new restore point.

Tony Klien: So how did I get infected in the first place

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox.
http://www.mozilla.o...oducts/firefox/
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .
You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.
http://www.java.com/...load/manual.jsp Windows (Offline Installation)

After doing all these, your system will be thoroughly protected from future threats.

Kc :tazz:
  • 0

#14
Guest_thatman_*
Posted 30 May 2005 - 08:13 PM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP