- downloaded and ran "Cleanup"
- downloaded and ran "Ad-Aware"
- downloaded and ran "CWShredder"
- ran "Spybot"
- ran virus scan at TrendMicro
- tried to install Windows Updates, but ran into problems with that
- downloaded and ran "HijackThis"
I think I still have problems, so I have posted my log from "HijackThis" for you to look over. Pleases let me know if I need to do anything else. Thank you very, very much.
Logfile of HijackThis v1.99.1
Scan saved at 2:27:20 PM, on 7/14/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\systemp.exe
C:\WINNT\System32\hkeyman.exe
C:\WINNT\smctrlw.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\UPDD\TBSysTry.exe
C:\WINNT\System32\fpapli.exe
C:\WINNT\System32\svcsysreg.exe
C:\WINNT\System32\mszx23.exe
C:\Program Files\aier\taet.exe
C:\WINNT\System32\n?lookup.exe
C:\Program Files\Navman\GPS100 series USB driver\GPSFinder.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program_Files\Virus Removal\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f525.mail....d=35rvpco3do9pn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {12CB8E8A-64B6-09D6-202A-79D9064BF9DA} - C:\WINNT\crvv32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TBSysTry] C:\Program Files\UPDD\TBSysTry.exe
O4 - HKLM\..\Run: [scroller] fpapli.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [2.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp.exe 4 10001
O4 - HKLM\..\Run: [Svcsys Registry Manager] C:\WINNT\System32\svcsysreg.exe
O4 - HKLM\..\Run: [AutoLoaderww3G1JMSdQLd] "C:\WINNT\System32\penrcl.exe"
O4 - HKLM\..\Run: [StatusCheck] uio.exe
O4 - HKLM\..\Run: [DTOURS] vxdman.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINNT\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [34763] xwiz.exe
O4 - HKCU\..\Run: [MsNetHelper] slamm.exe
O4 - HKCU\..\Run: [Serviceprocess] SysEntry.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Dane] C:\Program Files\aier\taet.exe
O4 - HKCU\..\Run: [Lbqasxh] C:\WINNT\System32\n?lookup.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: GPSPort v2_1.lnk = C:\Program Files\Navman\GPS100 series USB driver\GPSFinder.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 195.95.218.173
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D721167-163E-44C9-A15E-2B90844B9536}: NameServer = 69.50.188.180,85.255.112.5
O20 - Winlogon Notify: drct16 - C:\WINNT\SYSTEM32\drct16.dll
O21 - SSODL: systemp - {CEBC0134-F7B0-4C1A-884A-C5C7A07A6261} - systemp.dll (file missing)
O21 - SSODL: IE40 - {66F8C8C4-0061-72EF-1A3C-4AC994405A56} - c:\program files\internet explorer\winhhblex32.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINNT\svchost.exe
Edited by med8581, 14 July 2005 - 01:42 PM.
Sign In
Create Account
