Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

aurora, pop, roeings, several others


  • Please log in to reply

#1
cbarro1

cbarro1

    New Member

  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:58:14 AM, on 5/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\psa\legisinventory\legisinventoryservice.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\seeve.exe
C:\program files\tvs\tvs_b.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\comreg1\Desktop\HijackThis.exe
C:\WINDOWS\System32\pjlsdpia.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\userinit.exe
c:\windows\system32\kshkruu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\krndll.exe
C:\Program Files\RightFAX\FaxCtrl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legis.state.la.us./
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysettings.legis.state.la.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaserv:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.legis.state.la.us*,*.gov.state.la.us*,http://www.sos.louisiana.gov:8090,*.lanewsbureau.com*,*.house.louisiana.gov*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {14709C50-E832-4050-A02C-1E32A53F4C99} - C:\WINDOWS\ccyvahnvb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6b3ef6e2-f4d4-4033-92fb-1ff949099eb6} - (no file)
O2 - BHO: (no name) - {6cfe9025-e923-4a69-982e-3d73a6dc1f3f} - (no file)
O2 - BHO: (no name) - {77261383-3d96-4776-805f-092f237f9d57} - (no file)
O2 - BHO: (no name) - {82783513-c26a-44c0-b6f0-99336dfb4d13} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {9dd0a9e0-e059-4703-aaa2-663d52818243} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {ed421b64-4bc3-4f00-a499-d9332382b155} - (no file)
O2 - BHO: (no name) - {f224531b-e389-49d4-8d05-f45ab66f9d51} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PCUpdate] C:\psa\pcupdate\pcupdate.exe
O4 - HKLM\..\Run: [Legiscribe] C:\legis_50\Psawpdlg.exe
O4 - HKLM\..\Run: [jhfaxkrk] C:\WINDOWS\System32\jhfaxkrk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [oG3m7j] C:\docume~1\comreg1\locals~1\temp\oG3m7j.exe
O4 - HKLM\..\Run: [HRZCB] C:\docume~1\comreg1\locals~1\temp\HRZCB.exe
O4 - HKLM\..\Run: [DEABlC] C:\docume~1\comreg1\locals~1\temp\DEABlC.exe
O4 - HKLM\..\Run: [iLTrZrhh] C:\documents and settings\comreg1\local settings\temp\iLTrZrhh.exe
O4 - HKLM\..\Run: [Dj] C:\documents and settings\comreg1\local settings\temp\Dj.exe
O4 - HKLM\..\Run: [06vNgT] C:\documents and settings\comreg1\local settings\temp\06vNgT.exe
O4 - HKLM\..\Run: [YWEiCwFxQ] C:\documents and settings\comreg1\local settings\temp\YWEiCwFxQ.exe
O4 - HKLM\..\Run: [*winvb] C:\WINDOWS\Web\winvb.exe
O4 - HKLM\..\Run: [Bk1k7KFl] C:\windows\Bk1k7KFl.exe
O4 - HKLM\..\Run: [Be0tNPW] C:\windows\Be0tNPW.exe
O4 - HKLM\..\Run: [9VwCc] C:\documents and settings\comreg1\local settings\temp\9VwCc.exe
O4 - HKLM\..\Run: [f0j5Id] C:\documents and settings\comreg1\local settings\temp\f0j5Id.exe
O4 - HKLM\..\Run: [bx7S9] C:\documents and settings\comreg1\local settings\temp\bx7S9.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\comreg1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [uS] C:\documents and settings\comreg1\local settings\temp\uS.exe
O4 - HKLM\..\Run: [Ak] C:\documents and settings\comreg1\local settings\temp\Ak.exe
O4 - HKLM\..\Run: [p] C:\documents and settings\comreg1\local settings\temp\p.exe
O4 - HKLM\..\Run: [WOiq4v] C:\documents and settings\comreg1\local settings\temp\WOiq4v.exe
O4 - HKLM\..\Run: [LOwO] C:\documents and settings\comreg1\local settings\temp\LOwO.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [qn6O3sj] pjlsdpia.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ozmbcl] c:\windows\system32\kshkruu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bCpERiH3R] krndll.exe
O4 - Startup: radio@netscape.lnk = C:\Program Files\Radio@Netscape Plus\Program\radio@netscape.exe
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.appserv
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://appserv.legis.state.la.us
O15 - Trusted Zone: http://*.appserv (HKLM)
O15 - Trusted Zone: http://appserv.legis.state.la.us (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\Software\..\Telephony: DomainName = legis.state.la.us
O17 - HKLM\System\CCS\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Legis Inventory - Louisiana Legislature - c:\psa\legisinventory\legisinventoryservice.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
  • 0

Advertisements


#2
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.
  • 0

#3
cbarro1

cbarro1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here's my new log

Logfile of HijackThis v1.99.1
Scan saved at 3:22:48 PM, on 5/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\psa\legisinventory\legisinventoryservice.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\seeve.exe
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\pjlsdpia.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
c:\windows\system32\tcflfx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\krndll.exe
C:\Program Files\RightFAX\FaxCtrl.exe
C:\Documents and Settings\comreg1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legis.state.la.us./
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysettings.legis.state.la.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaserv:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.legis.state.la.us*,*.gov.state.la.us*,http://www.sos.louisiana.gov:8090,*.lanewsbureau.com*,*.house.louisiana.gov*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {14709C50-E832-4050-A02C-1E32A53F4C99} - C:\WINDOWS\ccyvahnvb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6b3ef6e2-f4d4-4033-92fb-1ff949099eb6} - (no file)
O2 - BHO: (no name) - {6cfe9025-e923-4a69-982e-3d73a6dc1f3f} - (no file)
O2 - BHO: (no name) - {77261383-3d96-4776-805f-092f237f9d57} - (no file)
O2 - BHO: (no name) - {82783513-c26a-44c0-b6f0-99336dfb4d13} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {9dd0a9e0-e059-4703-aaa2-663d52818243} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {ed421b64-4bc3-4f00-a499-d9332382b155} - (no file)
O2 - BHO: (no name) - {f224531b-e389-49d4-8d05-f45ab66f9d51} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PCUpdate] C:\psa\pcupdate\pcupdate.exe
O4 - HKLM\..\Run: [Legiscribe] C:\legis_50\Psawpdlg.exe
O4 - HKLM\..\Run: [jhfaxkrk] C:\WINDOWS\System32\jhfaxkrk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [oG3m7j] C:\docume~1\comreg1\locals~1\temp\oG3m7j.exe
O4 - HKLM\..\Run: [HRZCB] C:\docume~1\comreg1\locals~1\temp\HRZCB.exe
O4 - HKLM\..\Run: [DEABlC] C:\docume~1\comreg1\locals~1\temp\DEABlC.exe
O4 - HKLM\..\Run: [iLTrZrhh] C:\documents and settings\comreg1\local settings\temp\iLTrZrhh.exe
O4 - HKLM\..\Run: [Dj] C:\documents and settings\comreg1\local settings\temp\Dj.exe
O4 - HKLM\..\Run: [06vNgT] C:\documents and settings\comreg1\local settings\temp\06vNgT.exe
O4 - HKLM\..\Run: [YWEiCwFxQ] C:\documents and settings\comreg1\local settings\temp\YWEiCwFxQ.exe
O4 - HKLM\..\Run: [*winvb] C:\WINDOWS\Web\winvb.exe
O4 - HKLM\..\Run: [Bk1k7KFl] C:\windows\Bk1k7KFl.exe
O4 - HKLM\..\Run: [Be0tNPW] C:\windows\Be0tNPW.exe
O4 - HKLM\..\Run: [9VwCc] C:\documents and settings\comreg1\local settings\temp\9VwCc.exe
O4 - HKLM\..\Run: [f0j5Id] C:\documents and settings\comreg1\local settings\temp\f0j5Id.exe
O4 - HKLM\..\Run: [bx7S9] C:\documents and settings\comreg1\local settings\temp\bx7S9.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\comreg1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [uS] C:\documents and settings\comreg1\local settings\temp\uS.exe
O4 - HKLM\..\Run: [Ak] C:\documents and settings\comreg1\local settings\temp\Ak.exe
O4 - HKLM\..\Run: [p] C:\documents and settings\comreg1\local settings\temp\p.exe
O4 - HKLM\..\Run: [WOiq4v] C:\documents and settings\comreg1\local settings\temp\WOiq4v.exe
O4 - HKLM\..\Run: [LOwO] C:\documents and settings\comreg1\local settings\temp\LOwO.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [qn6O3sj] pjlsdpia.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [jcshmav] c:\windows\system32\tcflfx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bCpERiH3R] krndll.exe
O4 - Startup: radio@netscape.lnk = C:\Program Files\Radio@Netscape Plus\Program\radio@netscape.exe
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.appserv
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://appserv.legis.state.la.us
O15 - Trusted Zone: http://*.appserv (HKLM)
O15 - Trusted Zone: http://appserv.legis.state.la.us (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\Software\..\Telephony: DomainName = legis.state.la.us
O17 - HKLM\System\CCS\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Legis Inventory - Louisiana Legislature - c:\psa\legisinventory\legisinventoryservice.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
  • 0

#4
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
You Have a CoolWebSearch Infection.
Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. close all browser and windows, including this one, then click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP