This topic is locked
I humbly defer to your collective, infinite wisdom to tell me what to do! My solution would be to do a clean installation of XP, but after three years of use, Karen's computer is exactly the way she likes it.
Something's in here which starts up all kinds of stuff like popups, requests to install browser and toolbar enhancers which my best fast-clicking on the "end process tree" cannot keep up with.
It's. Horrible. Here's a link to a screenshot
So... after a few hours of following directions in other posts, i'm starting my own thread. Here's my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 3:54:34 PM, on 5/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\vznuma.exe
C:\WINDOWS\system\aoxal.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\adsldpc3.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\eZula\mmod.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e14.email.exc...5e50d892189a58a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchforit.com/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.findyourcouple.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll (file missing)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\2742545527\iefwbar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrl32.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [brlepc] C:\WINDOWS\System32\brlepc.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vznuma.exe reg_run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [8daa8707ae99] C:\WINDOWS\System32\adsldpc3.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Excite Community Tools Notifier] "C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} (Excite Installer Start) - http://imgfarm.com/i...etup1.0.0.4.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos....plorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_0_2_7.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Here's my ewido security suite log file:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:53:10 PM, 5/31/2005
+ Report-Checksum: 45DC4A78
+ Date of database: 5/31/2005
+ Version of scan engine: v3.0
+ Duration: 72 min
+ Scanned Files: 210045
+ Speed: 48.05 Files/Second
+ Infected files: 66
+ Removed files: 65
+ Files put in quarantine: 65
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\!Submit\nail.exe -> Trojan.Nail -> Cleaned with backup
C:\!Submit\svcproc.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\karyn\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\karyn\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\karyn\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temp\f2117705.exe -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temp\toc_0018.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\0LABSLUF\130[1].bin -> TrojanDropper.Agent.kd -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\0LABSLUF\142[1].bin -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\0LABSLUF\29[1].bin -> TrojanDropper.Delf.z -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\45AB89AB\aun_0035[1].exe -> TrojanDownloader.Small.akz -> Error during cleaning
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\GDIJGHMJ\164[1].bin -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\GDIJGHMJ\inst12[1].exe -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\GDIJGHMJ\pcs_0019[1].exe -> Spyware.Pacer.b -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\GDIJGHMJ\trk_0025[1].exe -> Spyware.Pacer.e -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\GDIJGHMJ\winupdt[1].exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\KLQNOTMV\fwbar2_main2[1].dll -> Spyware.CoolBar.a -> Cleaned with backup
C:\Documents and Settings\karyn\Local Settings\Temporary Internet Files\Content.IE5\KLQNOTMV\toc_0018[1].exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Program Files\AutoUpdate\AutoUpdate.exe -> TrojanDownloader.Apropo.g -> Cleaned with backup
C:\Program Files\Common Files\tsa\tsl.exe -> TrojanDownloader.TSUpdate.f -> Cleaned with backup
C:\Program Files\Common Files\WinTools\WSup.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\Program Files\Common Files\WinTools\WToolsA.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\Program Files\Common Files\WinTools\WToolsB.dll -> Spyware.Wintol.y -> Cleaned with backup
C:\Program Files\Common Files\WinTools\WToolsS.exe -> TrojanDownloader.Wintool.f -> Cleaned with backup
C:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu -> Cleaned with backup
C:\Program Files\sf\sf.exe -> TrojanDownloader.Small.hs -> Cleaned with backup
C:\Program Files\Toolbar\common.dll -> Spyware.WebSearch.aj -> Cleaned with backup
C:\Program Files\Toolbar\gykhxlmu.rmr -> Spyware.IBISToolbar -> Cleaned with backup
C:\Program Files\Toolbar\IExploreSkins.exe -> Spyware.Websearch -> Cleaned with backup
C:\Program Files\Toolbar\PIB.exe -> Spyware.WebSearch.aj -> Cleaned with backup
C:\Program Files\Toolbar\radio.exe -> Spyware.WebSearch -> Cleaned with backup
C:\Program Files\Toolbar\TBPS.exe -> Spyware.WebSearch.aj -> Cleaned with backup
C:\Program Files\Toolbar\toolbar.dll -> Spyware.WebSearch -> Cleaned with backup
C:\Program Files\Toolbar\xlmurin.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1682526488-1343024091-1003\Dc5.exe -> Trojan.Nail -> Cleaned with backup
C:\temporary\aun_0018.exe -> TrojanDownloader.Small.akz -> Cleaned with backup
C:\temporary\aun_0036.exe -> TrojanDownloader.Small.akz -> Cleaned with backup
C:\WINDOWS\Helper101.dll -> Spyware.Delf.r -> Cleaned with backup
C:\WINDOWS\LastGood\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\LastGood\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\WINDOWS\sfita.exe -> Trojan.Favadd.o -> Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Small.ez -> Cleaned with backup
C:\WINDOWS\system32\auto_update_uninstall.exe -> Spyware.Apropos -> Cleaned with backup
C:\WINDOWS\system32\brlml2.exe -> Trojan.AproposAd -> Cleaned with backup
C:\WINDOWS\system32\Cache\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\Cache\EDow_AS2.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
C:\WINDOWS\system32\Cache\HelperInstall.exe -> TrojanDropper.Delf.z -> Cleaned with backup
C:\WINDOWS\system32\Cache\installer.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\WINDOWS\system32\Cache\thin-175-1-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\Cache\ven_d1.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINDOWS\system32\cfgscard.exe -> Trojan.AproposAd -> Cleaned with backup
C:\WINDOWS\system32\D0CE0C16B1.DLL -> Spyware.Agent.dh -> Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d -> Cleaned with backup
C:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
C:\WINDOWS\system32\pinstaller.exe -> Spyware.UrlSpy.b -> Cleaned with backup
C:\WINDOWS\system32\puvwb.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\replaceSearch.dll -> Spyware.ReSearch.a -> Cleaned with backup
C:\WINDOWS\system32\stlb2.dll -> TrojanDownloader.Braidupdate.d -> Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
C:\WINDOWS\system32\winup2date.dll -> Spyware.Small.et -> Cleaned with backup
C:\WINDOWS\system32\winupdt.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\WINDOWS\system32\wmconfig.cpl -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\unadbeh.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\WINDOWS\woinstall.exe -> Spyware.EzuLa -> Cleaned with backup
::Report End
Sign In
Create Account
