Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trek Blue Error Nuker [RESOLVED]


  • This topic is locked This topic is locked

#1
belle88

belle88

    Member

  • Member
  • PipPip
  • 35 posts
I've tried everything I can think of and this spyware won't go away! SpyBot and SpySweeper can't touch it, and everytime I run CWShredder it crashes the system as soon as it finds the CWS.HomeSearch (only crashes on fix (not scan only)- and comp will even crash in safe mode)
Hi by the way! I was wondering if you had any ideas on how to nuetralize this.

Symptoms:
- pop-ups at any time, any where with one specifically telling me that my computer is infected.
- sites added to IE favorites
- about:blank homepage garbage
- My spysweeper is coming up every thirty seconds to run and tell me about the same infected files.
Lastly before I list my HiJack this report I was wondering if you had any ideas or a quick run through on how to unzip cwsservicemove to my desktop, assuming that will be part of the solution.

Thank You inadvance for any help!

Nick

HiJack this says-

Logfile of HijackThis v1.99.1
Scan saved at 6:23:50 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\mfcal.exe
C:\Documents and Settings\Nick H\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\scjic.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: Class - {283C8D07-3D28-27CD-F6A1-A3A0CAC05587} - C:\WINDOWS\system32\d3zk32.dll
O2 - BHO: Class - {2D803A3C-BE44-E371-10B4-8A9913C5F1C1} - C:\WINDOWS\ipgo32.dll
O2 - BHO: Class - {368522E6-DCE8-EC39-B6BD-A6FA508764AB} - C:\WINDOWS\ipdz.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [winot32.exe] C:\WINDOWS\system32\winot32.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msbb.exe] C:\WINDOWS\system32\msbb.exe
O4 - HKLM\..\Run: [d3ju.exe] C:\WINDOWS\d3ju.exe
O4 - HKLM\..\Run: [mfcal.exe] C:\WINDOWS\mfcal.exe
O4 - HKLM\..\RunOnce: [ielg.exe] C:\WINDOWS\ielg.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [netbm32.exe] C:\WINDOWS\netbm32.exe
O4 - HKLM\..\RunOnce: [javasn.exe] C:\WINDOWS\javasn.exe
O4 - HKLM\..\RunOnce: [ipjf32.exe] C:\WINDOWS\system32\ipjf32.exe
O4 - HKLM\..\RunOnce: [apivd32.exe] C:\WINDOWS\system32\apivd32.exe
O4 - HKLM\..\RunOnce: [addil32.exe] C:\WINDOWS\addil32.exe
O4 - HKLM\..\RunOnce: [netsj32.exe] C:\WINDOWS\system32\netsj32.exe
O4 - HKLM\..\RunOnce: [msvv32.exe] C:\WINDOWS\system32\msvv32.exe
O4 - HKLM\..\RunOnce: [ipiu.exe] C:\WINDOWS\system32\ipiu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\ielg.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp! Click CleanUp and allow it to delete all the temporary files. REBOOT!!

Please run an free online anti-virus scan; Kaspersky or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:
  • 0

#3
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok so as I am typing this, E pop-up jumps in and I lose almost all of my reply. Man!!! Thank-You for your time as well.

Ok I will try this again -

I downloaded all of the items needed and saved them to my desktop.

I updated all of the downloads and was good to go there.

I booted into safe mode and ran AB. It froze a couple of times and said the program was not responding but I made it through the third time. I was unsure whaqt you meant by clicking start and then OK for Alternate Data Streams. I just ran it normally and we could be just hashing words here.

I rebooted again in safe mode.

Ran AB again and had the same problem of freezing. I made it through and moved to CWShredder.

CWShredder was on fix and as soon as it got towards the bottom it froze into the blue screen. I restarted in safe mode again and tried again. Blue Screen.

I rebooted into safe mode again and just passed the CWShredder phase. I did update it at the start.

I ran SSHfix but it did not seem to do anything after I hit disinfect. I got a log out of the deal so I was OK and moved on.

I ran CleanUp and it had a ton of stuff and cleaned up alot of things.

I rebooted and as soon as I hopped on the favorites were on there and Spysweeper asked me if I wanted to change my homepage to AboutBlank.

I have posted all of the logs below and hope we can find what the heck is going on.

Thanks again for the help!

HiJack Log

Logfile of HijackThis v1.99.1
Scan saved at 3:18:22 PM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\winot32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nick H\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lquzf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: Class - {8C38E844-57F2-3EDD-FEEA-F53BAA76633A} - C:\WINDOWS\crgs32.dll
O2 - BHO: Class - {B9117FC9-B02C-936C-F1BC-6D227B226339} - C:\WINDOWS\system32\winak.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {F9F0D49F-C740-D5E3-0FCC-BE0B70DE122C} - C:\WINDOWS\ntwx32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [winot32.exe] C:\WINDOWS\system32\winot32.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msbb.exe] C:\WINDOWS\system32\msbb.exe
O4 - HKLM\..\Run: [d3ju.exe] C:\WINDOWS\d3ju.exe
O4 - HKLM\..\Run: [mfcal.exe] C:\WINDOWS\mfcal.exe
O4 - HKLM\..\Run: [mfcei32.exe] C:\WINDOWS\mfcei32.exe
O4 - HKLM\..\Run: [winiy.exe] C:\WINDOWS\winiy.exe
O4 - HKLM\..\RunOnce: [ielg.exe] C:\WINDOWS\ielg.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [crgs32.exe] C:\WINDOWS\crgs32.exe
O4 - HKLM\..\RunOnce: [javavn.exe] C:\WINDOWS\system32\javavn.exe
O4 - HKLM\..\RunOnce: [netjv32.exe] C:\WINDOWS\netjv32.exe
O4 - HKLM\..\RunOnce: [javafj.exe] C:\WINDOWS\system32\javafj.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\ielg.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)


AB Log -

AboutBuster 5.0 reference file 31
Scan started on [8/15/2005] at [11:55:33 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\SchedLgU.Txt:yqrsh
Removed Stream! C:\WINDOWS\uyeeb.txt:zther
Removed Stream! C:\WINDOWS\WINNT256.BMP:puhql
------------------------------------------------
Removed File! : C:\Windows\iaixv.dll
Removed File! : C:\Windows\kggoi.dll
Removed File! : C:\Windows\lshkw.dll
Removed File! : C:\Windows\mjnal.dat
Removed File! : C:\Windows\pntwf.dll
Removed File! : C:\Windows\ppveb.dat
Removed File! : C:\Windows\qmkfb.dat
Removed File! : C:\Windows\System32\nckvq.dll
Removed File! : C:\Windows\System32\nhcqa.dll
Removed File! : C:\Windows\System32\scjic.dll
Removed File! : C:\Windows\System32\trstj.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:04:14 PM


AboutBuster 5.0 reference file 31
Scan started on [8/15/2005] at [12:51:31 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:abolg
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:04:13 PM


AboutBuster 5.0 reference file 31
Scan started on [8/15/2005] at [1:22:41 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\_DEFAULT(2).PIF:adypv
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:addur
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:24:31 PM


AboutBuster 5.0 reference file 31
Scan started on [8/15/2005] at [1:56:28 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\bbwwb.txt:jngwz
Removed Stream! C:\WINDOWS\_DEFAULT(2).PIF:adzia
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:adimzz
------------------------------------------------
Removed File! : C:\Windows\System32\sakcp.dll
Removed File! : C:\Windows\System32\ytkxi.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:14:33 PM



SSHfix log -


(8/15/05 1:26:51 PM) SPSeHjFix started v1.1.2
(8/15/05 1:26:51 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/15/05 1:26:51 PM) Language: english
(8/15/05 1:26:51 PM) Win-Path: C:\WINDOWS
(8/15/05 1:26:51 PM) System-Path: C:\WINDOWS\system32
(8/15/05 1:26:51 PM) Temp-Path: C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\
(8/15/05 1:26:53 PM) Disinfection started
(8/15/05 1:26:53 PM) Bad-Dll(IEP): c:\docume~1\nickh~1\locals~1\temp\se.dll
(8/15/05 1:26:53 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\system32\mfajma.dll
(8/15/05 1:26:53 PM) Searchassistant Uninstaller - Keys Deleted
(8/15/05 1:26:53 PM) UBF: 10 - UBB: 3 - UBR: 289
(8/15/05 1:26:53 PM) FilterKey: HKCR\text/html (deleted)
(8/15/05 1:26:53 PM) FilterKey: HKCR\CLSID\{7850AC87-D6BE-4F0F-9694-D51C71C9BEA1} (deleted)
(8/15/05 1:26:53 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(8/15/05 1:26:53 PM) FilterKey: HKCR\text/plain (deleted)
(8/15/05 1:26:53 PM) FilterKey: HKCR\CLSID\{7850AC87-D6BE-4F0F-9694-D51C71C9BEA1} (error while deleting)
(8/15/05 1:26:53 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(8/15/05 1:26:53 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB2978C7-51A5-42DC-83C0-AADDFED0F39F} (deleted)
(8/15/05 1:26:53 PM) BHO-Key: HKCR\CLSID\{EB2978C7-51A5-42DC-83C0-AADDFED0F39F} (deleted)
(8/15/05 1:26:53 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(8/15/05 1:26:53 PM) UBF: 8 - UBB: 2 - UBR: 288
(8/15/05 1:26:53 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\nickh~1\locals~1\temp\se.dll/sp.html

Sorry so long but this is driving me crazy!
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, let's see what Ewido can do.

Please print these instructions out, or write them down, as you can't read them during the fix.

First;

Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Finally reboot into normal mode and post the Ewido log along with a fresh HiJackThis log.

- Rawe :tazz:
  • 0

#5
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK, I am about to flip.

I downloaded Ewido and it started running before I could get to the update section. It said I had over 6000 infected files and so I started to fix them. Once I got to about 5000 fixed it stopped and said it was not responding.

I figured OK I will just follow the steps. I tried to open and update and every time the program would not respond. I tried to uninstall and reinstall and the program told me once that it could not download. I tried again and then it went through.

I went to update again and the program was not responding. I mean not responding from the beginning. I try to push anything on the screen it pops up and nothing. I have uninstalled and reinstalled several times and cannot get this thing to work.

Any Ideas? Help!

Thank-You in advance

Nick
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you post a fresh HiJackThis log.
  • 0

#7
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok, I was able to run ewido but I have to attach that log as its own attachment since it is so long. I will put the new HiJack log (last night) on this message and attach the ewido log to it.
let me know if you need anything else.


HiJack This -

Logfile of HijackThis v1.99.1
Scan saved at 3:23:21 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nick H\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfxxe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: Class - {907B55AA-EFD4-7FFC-2B65-F6817EFA2EE5} - C:\WINDOWS\system32\appfq.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {F9F0D49F-C740-D5E3-0FCC-BE0B70DE122C} - C:\WINDOWS\ntwx32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msbb.exe] C:\WINDOWS\system32\msbb.exe
O4 - HKLM\..\Run: [d3ju.exe] C:\WINDOWS\d3ju.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\ielg.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

Attached is the Ewido log -

Hopefully this come through.

like I said it is from late last night so if we need to update this I can. I have not been surfing or anything since that so it should be stat quo.

Are we getting closer????
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Where's the attachment?

Can't see it there.. There's still a lot of things to do maybe, would like to see the Ewido log. :tazz:
  • 0

#9
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK I am back and it looks like I am worse off then before.

I am sending this from a different computer now because I cannot get on to IE. I am able to boot into safe mode and I ran clean up and Ewido this morning. I tried to boot normally so that I could send you the logs but I cannot get on. I keep double clicking on IE and nothing comes up. My other programs start no problem (bearshare, kodak, spysweeper, etc.) but once I close them all and try to get on the net I get nothing.

I dont imagine we can do anyhting like this but I am at aloss and have no idea of how to get my computer well enough to get on the net. If you know of anything I would really appreciate the help.

I was wondering? I see alot of posts here now regarding this and the fixes are different alot of the times. Should I try one of those I have read on here or are all of these different?

I wish I could post you some logs but as I said I am having trouble getting on the net.

I will continue to try but wanted to update you on the progress,, or lack thereof.

i hope you are having a good friday!

Nick
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello!

Can you please check your ALL programs and see if there is an Netscape installer (an browser -- alternative to IE).

IF there is, run the installer and try if you can get on the net with it--

If not, can you use the other computer you're writing from, by downloading Firefox installer to it, then burn it to CD and run it on your computer which has problems..

Get Firefox installer here: http://www.mozilla.org/

See if it works. :tazz:
  • 0

Advertisements


#11
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Gi figure! I got firefox on here and ran a sweep with spy sweeper and I am now able to get on to IE. I am using that presently and will use firefox as my back-up. I tried to run Ewido and it just pops up and does not respond. I was going to do a update and try the directions before but I was unable to get on. I have posted a new Hi-Jack log here from this morning and will post the old EWido log from yesterday before I was unable to get on. I hope you can find something out of here. I am losing my hair by pulling it out.

Thanks for the timely replies and help so far.

Nick

HiJack This -

Logfile of HijackThis v1.99.1
Scan saved at 2:05:50 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\msut.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nick H\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\feqcq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {3970F376-4BFE-4CAE-9F6F-922587B9A205} - C:\WINDOWS\system32\ehocda.dll (file missing)
O2 - BHO: Class - {AD1A5142-02FA-2B34-366C-42627D9A045A} - C:\WINDOWS\apidn32.dll
O2 - BHO: Class - {BAEA961E-A27E-4D7B-55F3-039B88D04CC3} - C:\WINDOWS\system32\mfcjc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msbb.exe] C:\WINDOWS\system32\msbb.exe
O4 - HKLM\..\Run: [msut.exe] C:\WINDOWS\system32\msut.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [ntjw.exe] C:\WINDOWS\ntjw.exe
O4 - HKLM\..\RunOnce: [appyr.exe] C:\WINDOWS\system32\appyr.exe
O4 - HKLM\..\RunOnce: [appke32.exe] C:\WINDOWS\system32\appke32.exe
O4 - HKLM\..\RunOnce: [adddu.exe] C:\WINDOWS\adddu.exe
O4 - HKLM\..\RunOnce: [ipcf.exe] C:\WINDOWS\system32\ipcf.exe
O4 - HKLM\..\RunOnce: [apihs32.exe] C:\WINDOWS\system32\apihs32.exe
O4 - HKLM\..\RunOnce: [ieiw32.exe] C:\WINDOWS\ieiw32.exe
O4 - HKLM\..\RunOnce: [addtw.exe] C:\WINDOWS\addtw.exe
O4 - HKLM\..\RunOnce: [apinr.exe] C:\WINDOWS\apinr.exe
O4 - HKLM\..\RunOnce: [mswv.exe] C:\WINDOWS\system32\mswv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\ielg.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

Ewido from yesterday - i hope this attaches since the last one did not.

Attached Files


  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you run this online scan and post the results:

Panda Activescan

- Rawe :tazz:
  • 0

#13
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I tried downloading the panda software and was OK until it asked me what I wanted to scan. Every time I clicked on something it would tell me that IE needs to close and asked me if I wanted to send a report.

So I was unable to run this scan.

Once again it took me forever to get back on this computer. When it does get on, it moves along great but every once in a while it wont get on and it takes me forever.

Any more ideas would be great.

Nick
  • 0

#14
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please go to the TrendMicro website HERE
  • Click Check my PC now
  • On the next page it will verify that Trendmicro scan can be run.
  • There should be 4 green checkmarks, if any of them stay a red X please let me know which one(s)
  • Read the agreement, the click continue with Next Step
  • Wait for the scanner to load, if you get a security warning about the Trend-Micro applet, click YES
  • It will install "Core-Packages", then please run the scan - let me know how many infected items it found and if any of them couldn't be cleaned and the name/location
It works on Firefox. :tazz:
  • 0

#15
belle88

belle88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
How is your Friday goin?

I ran the check by trend micro and here are the results.

The 4 boxes that should be checked only had one.
Operating System is checked and green
Java Vendor is X'd and is red
Java Version is X'd and is red
Java Enabled is X'd and is red

I ran the scan and found 7 infected files which were
Java_BYTEVER.B (2 infected)
Java_BYTEVER.A (4 infected)
Troj-StartPGE.DG (1 infected)
Troj-StartPAG.IQ (3 infected)
Troj-StartPAG.RE (17 infected)
Troj-Agent.UH (9 infected)

I tried to go ahead and clean these up but my system keeps stopping. I have attached a new HiJack Log here as well and will try to clean these up again. If I am able to clean them then I will post the updates but it keeps asking me for a key code or something.

Here is the HiJack this log - Hopefully we are getting some of this stuff. What a pain. Have a good rest of your day.

Nick

HiJack-

Logfile of HijackThis v1.99.1
Scan saved at 10:28:54 AM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sysdk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Nick H\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cuewx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: Class - {402AEE94-BB1D-D3EA-410F-95DE07E61963} - C:\WINDOWS\atlih32.dll
O2 - BHO: Class - {5963141A-2623-5A16-4284-5845594CADCA} - C:\WINDOWS\system32\winrw32.dll
O2 - BHO: Class - {8F916F94-C19B-C8D4-2EF3-E8824FCBD83F} - C:\WINDOWS\atlwk32.dll
O2 - BHO: (no name) - {AA6FDEF0-D738-4A3F-80B8-9155F431A2D4} - C:\WINDOWS\system32\hiaafmd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {F60FA6C9-5178-D041-061D-CC3DFBD00791} - C:\WINDOWS\system32\sdkgv.dll
O2 - BHO: Class - {FC5DFBE0-2F8E-0D50-0CD8-B9049C45156A} - C:\WINDOWS\javayd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msbb.exe] C:\WINDOWS\system32\msbb.exe
O4 - HKLM\..\Run: [msut.exe] C:\WINDOWS\system32\msut.exe
O4 - HKLM\..\Run: [mfcue.exe] C:\WINDOWS\system32\mfcue.exe
O4 - HKLM\..\Run: [sysdk.exe] C:\WINDOWS\system32\sysdk.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\NICKH~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [ntjw.exe] C:\WINDOWS\ntjw.exe
O4 - HKLM\..\RunOnce: [ieqj32.exe] C:\WINDOWS\ieqj32.exe
O4 - HKLM\..\RunOnce: [javagr.exe] C:\WINDOWS\javagr.exe
O4 - HKLM\..\RunOnce: [iezi.exe] C:\WINDOWS\system32\iezi.exe
O4 - HKLM\..\RunOnce: [syslt.exe] C:\WINDOWS\system32\syslt.exe
O4 - HKLM\..\RunOnce: [ieez.exe] C:\WINDOWS\system32\ieez.exe
O4 - HKLM\..\RunOnce: [mfcsk.exe] C:\WINDOWS\mfcsk.exe
O4 - HKLM\..\RunOnce: [atloz32.exe] C:\WINDOWS\atloz32.exe
O4 - HKLM\..\RunOnce: [atlkp32.exe] C:\WINDOWS\system32\atlkp32.exe
O4 - HKLM\..\RunOnce: [netpp32.exe] C:\WINDOWS\netpp32.exe
O4 - HKLM\..\RunOnce: [atlfe32.exe] C:\WINDOWS\atlfe32.exe
O4 - HKLM\..\RunOnce: [ieqi.exe] C:\WINDOWS\ieqi.exe
O4 - HKLM\..\RunOnce: [ipsm32.exe] C:\WINDOWS\system32\ipsm32.exe
O4 - HKLM\..\RunOnce: [netgl32.exe] C:\WINDOWS\netgl32.exe
O4 - HKLM\..\RunOnce: [crfg.exe] C:\WINDOWS\crfg.exe
O4 - HKLM\..\RunOnce: [syszi32.exe] C:\WINDOWS\system32\syszi32.exe
O4 - HKLM\..\RunOnce: [iepz32.exe] C:\WINDOWS\iepz32.exe
O4 - HKLM\..\RunOnce: [mfclk32.exe] C:\WINDOWS\mfclk32.exe
O4 - HKLM\..\RunOnce: [apish.exe] C:\WINDOWS\system32\apish.exe
O4 - HKLM\..\RunOnce: [javaxz.exe] C:\WINDOWS\javaxz.exe
O4 - HKLM\..\RunOnce: [atlol32.exe] C:\WINDOWS\system32\atlol32.exe
O4 - HKLM\..\RunOnce: [ntba.exe] C:\WINDOWS\ntba.exe
O4 - HKLM\..\RunOnce: [d3mz.exe] C:\WINDOWS\system32\d3mz.exe
O4 - HKLM\..\RunOnce: [apiau.exe] C:\WINDOWS\apiau.exe
O4 - HKLM\..\RunOnce: [mfcmj.exe] C:\WINDOWS\system32\mfcmj.exe
O4 - HKLM\..\RunOnce: [javaft.exe] C:\WINDOWS\system32\javaft.exe
O4 - HKLM\..\RunOnce: [sysfw.exe] C:\WINDOWS\sysfw.exe
O4 - HKLM\..\RunOnce: [ielj32.exe] C:\WINDOWS\system32\ielj32.exe
O4 - HKLM\..\RunOnce: [atlyz.exe] C:\WINDOWS\system32\atlyz.exe
O4 - HKLM\..\RunOnce: [apimc32.exe] C:\WINDOWS\apimc32.exe
O4 - HKLM\..\RunOnce: [mfcbw.exe] C:\WINDOWS\system32\mfcbw.exe
O4 - HKLM\..\RunOnce: [netpf32.exe] C:\WINDOWS\system32\netpf32.exe
O4 - HKLM\..\RunOnce: [crcm.exe] C:\WINDOWS\system32\crcm.exe
O4 - HKLM\..\RunOnce: [msqp32.exe] C:\WINDOWS\system32\msqp32.exe
O4 - HKLM\..\RunOnce: [d3fk.exe] C:\WINDOWS\d3fk.exe
O4 - HKLM\..\RunOnce: [ieus32.exe] C:\WINDOWS\system32\ieus32.exe
O4 - HKLM\..\RunOnce: [d3mq32.exe] C:\WINDOWS\d3mq32.exe
O4 - HKLM\..\RunOnce: [apppi32.exe] C:\WINDOWS\apppi32.exe
O4 - HKLM\..\RunOnce: [winlk32.exe] C:\WINDOWS\winlk32.exe
O4 - HKLM\..\RunOnce: [appcb.exe] C:\WINDOWS\appcb.exe
O4 - HKLM\..\RunOnce: [iphd.exe] C:\WINDOWS\iphd.exe
O4 - HKLM\..\RunOnce: [apizn32.exe] C:\WINDOWS\apizn32.exe
O4 - HKLM\..\RunOnce: [netib32.exe] C:\WINDOWS\netib32.exe
O4 - HKLM\..\RunOnce: [javagx.exe] C:\WINDOWS\javagx.exe
O4 - HKLM\..\RunOnce: [syslz.exe] C:\WINDOWS\system32\syslz.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [apihq.exe] C:\WINDOWS\apihq.exe
O4 - HKLM\..\RunOnce: [mfclf.exe] C:\WINDOWS\system32\mfclf.exe
O4 - HKLM\..\RunOnce: [sdkph.exe] C:\WINDOWS\system32\sdkph.exe
O4 - HKLM\..\RunOnce: [winhj.exe] C:\WINDOWS\system32\winhj.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\netxe.exe
O4 - HKLM\..\RunOnce: [netvf32.exe] C:\WINDOWS\system32\netvf32.exe
O4 - HKLM\..\RunOnce: [crhv32.exe] C:\WINDOWS\system32\crhv32.exe
O4 - HKLM\..\RunOnce: [ipnf.exe] C:\WINDOWS\system32\ipnf.exe
O4 - HKLM\..\RunOnce: [mfcrh32.exe] C:\WINDOWS\system32\mfcrh32.exe
O4 - HKLM\..\RunOnce: [ntyy32.exe] C:\WINDOWS\system32\ntyy32.exe
O4 - HKLM\..\RunOnce: [ntri.exe] C:\WINDOWS\ntri.exe
O4 - HKLM\..\RunOnce: [sysao32.exe] C:\WINDOWS\system32\sysao32.exe
O4 - HKLM\..\RunOnce: [apine32.exe] C:\WINDOWS\apine32.exe
O4 - HKLM\..\RunOnce: [winso.exe] C:\WINDOWS\winso.exe
O4 - HKLM\..\RunOnce: [mswq32.exe] C:\WINDOWS\system32\mswq32.exe
O4 - HKLM\..\RunOnce: [apifu32.exe] C:\WINDOWS\apifu32.exe
O4 - HKLM\..\RunOnce: [addeh32.exe] C:\WINDOWS\system32\addeh32.exe
O4 - HKLM\..\RunOnce: [mfcgc.exe] C:\WINDOWS\mfcgc.exe
O4 - HKLM\..\RunOnce: [msue.exe] C:\WINDOWS\system32\msue.exe
O4 - HKLM\..\RunOnce: [mfcek32.exe] C:\WINDOWS\system32\mfcek32.exe
O4 - HKLM\..\RunOnce: [syszl32.exe] C:\WINDOWS\syszl32.exe
O4 - HKLM\..\RunOnce: [winmk.exe] C:\WINDOWS\winmk.exe
O4 - HKLM\..\RunOnce: [sdkae.exe] C:\WINDOWS\sdkae.exe
O4 - HKLM\..\RunOnce: [nteu.exe] C:\WINDOWS\nteu.exe
O4 - HKLM\..\RunOnce: [iecn.exe] C:\WINDOWS\system32\iecn.exe
O4 - HKLM\..\RunOnce: [msoc.exe] C:\WINDOWS\system32\msoc.exe
O4 - HKLM\..\RunOnce: [apple.exe] C:\WINDOWS\apple.exe
O4 - HKLM\..\RunOnce: [appjd.exe] C:\WINDOWS\appjd.exe
O4 - HKLM\..\RunOnce: [sysxa32.exe] C:\WINDOWS\sysxa32.exe
O4 - HKLM\..\RunOnce: [nthe.exe] C:\WINDOWS\nthe.exe
O4 - HKLM\..\RunOnce: [sysqk32.exe] C:\WINDOWS\sysqk32.exe
O4 - HKLM\..\RunOnce: [sdkbn.exe] C:\WINDOWS\sdkbn.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\crpp32.exe
O4 - HKLM\..\RunOnce: [javaek.exe] C:\WINDOWS\system32\javaek.exe
O4 - HKLM\..\RunOnce: [appcl.exe] C:\WINDOWS\system32\appcl.exe
O4 - HKLM\..\RunOnce: [javazl32.exe] C:\WINDOWS\system32\javazl32.exe
O4 - HKLM\..\RunOnce: [ipvp.exe] C:\WINDOWS\system32\ipvp.exe
O4 - HKLM\..\RunOnce: [sdkez32.exe] C:\WINDOWS\sdkez32.exe
O4 - HKLM\..\RunOnce: [d3rb32.exe] C:\WINDOWS\system32\d3rb32.exe
O4 - HKLM\..\RunOnce: [appjf.exe] C:\WINDOWS\appjf.exe
O4 - HKLM\..\RunOnce: [winwb.exe] C:\WINDOWS\system32\winwb.exe
O4 - HKLM\..\RunOnce: [winrk32.exe] C:\WINDOWS\winrk32.exe
O4 - HKLM\..\RunOnce: [apibj.exe] C:\WINDOWS\system32\apibj.exe
O4 - HKLM\..\RunOnce: [crun32.exe] C:\WINDOWS\crun32.exe
O4 - HKLM\..\RunOnce: [addac.exe] C:\WINDOWS\addac.exe
O4 - HKLM\..\RunOnce: [winbg32.exe] C:\WINDOWS\winbg32.exe
O4 - HKLM\..\RunOnce: [mfcud.exe] C:\WINDOWS\system32\mfcud.exe
O4 - HKLM\..\RunOnce: [d3xa32.exe] C:\WINDOWS\d3xa32.exe
O4 - HKLM\..\RunOnce: [crlz32.exe] C:\WINDOWS\crlz32.exe
O4 - HKLM\..\RunOnce: [addod.exe] C:\WINDOWS\addod.exe
O4 - HKLM\..\RunOnce: [atloj.exe] C:\WINDOWS\system32\atloj.exe
O4 - HKLM\..\RunOnce: [mskr32.exe] C:\WINDOWS\mskr32.exe
O4 - HKLM\..\RunOnce: [d3jk.exe] C:\WINDOWS\d3jk.exe
O4 - HKLM\..\RunOnce: [apipn.exe] C:\WINDOWS\apipn.exe
O4 - HKLM\..\RunOnce: [d3yt32.exe] C:\WINDOWS\system32\d3yt32.exe
O4 - HKLM\..\RunOnce: [addli.exe] C:\WINDOWS\addli.exe
O4 - HKLM\..\RunOnce: [atlzl32.exe] C:\WINDOWS\atlzl32.exe
O4 - HKLM\..\RunOnce: [appog32.exe] C:\WINDOWS\system32\appog32.exe
O4 - HKLM\..\RunOnce: [mfccg32.exe] C:\WINDOWS\system32\mfccg32.exe
O4 - HKLM\..\RunOnce: [appun32.exe] C:\WINDOWS\system32\appun32.exe
O4 - HKLM\..\RunOnce: [ntyw32.exe] C:\WINDOWS\ntyw32.exe
O4 - HKLM\..\RunOnce: [mfcmc32.exe] C:\WINDOWS\system32\mfcmc32.exe
O4 - HKLM\..\RunOnce: [apiso32.exe] C:\WINDOWS\system32\apiso32.exe
O4 - HKLM\..\RunOnce: [crxe32.exe] C:\WINDOWS\crxe32.exe
O4 - HKLM\..\RunOnce: [mscq.exe] C:\WINDOWS\mscq.exe
O4 - HKLM\..\RunOnce: [addvp.exe] C:\WINDOWS\system32\addvp.exe
O4 - HKLM\..\RunOnce: [appet32.exe] C:\WINDOWS\system32\appet32.exe
O4 - HKLM\..\RunOnce: [winad32.exe] C:\WINDOWS\winad32.exe
O4 - HKLM\..\RunOnce: [mfcbb.exe] C:\WINDOWS\system32\mfcbb.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\javaru32.exe
O4 - HKLM\..\RunOnce: [netkr32.exe] C:\WINDOWS\system32\netkr32.exe
O4 - HKLM\..\RunOnce: [netzm.exe] C:\WINDOWS\netzm.exe
O4 - HKLM\..\RunOnce: [netcd32.exe] C:\WINDOWS\netcd32.exe
O4 - HKLM\..\RunOnce: [ntrj.exe] C:\WINDOWS\ntrj.exe
O4 - HKLM\..\RunOnce: [addqk.exe] C:\WINDOWS\system32\addqk.exe
O4 - HKLM\..\RunOnce: [addav32.exe] C:\WINDOWS\addav32.exe
O4 - HKLM\..\RunOnce: [javads.exe] C:\WINDOWS\system32\javads.exe
O4 - HKLM\..\RunOnce: [apiwj.exe] C:\WINDOWS\apiwj.exe
O4 - HKLM\..\RunOnce: [d3fp32.exe] C:\WINDOWS\system32\d3fp32.exe
O4 - HKLM\..\RunOnce: [appsx32.exe] C:\WINDOWS\appsx32.exe
O4 - HKLM\..\RunOnce: [msxh.exe] C:\WINDOWS\msxh.exe
O4 - HKLM\..\RunOnce: [javabr32.exe] C:\WINDOWS\system32\javabr32.exe
O4 - HKLM\..\RunOnce: [appkv32.exe] C:\WINDOWS\appkv32.exe
O4 - HKLM\..\RunOnce: [ieji32.exe] C:\WINDOWS\system32\ieji32.exe
O4 - HKLM\..\RunOnce: [sdkdx.exe] C:\WINDOWS\system32\sdkdx.exe
O4 - HKLM\..\RunOnce: [netvb32.exe] C:\WINDOWS\netvb32.exe
O4 - HKLM\..\RunOnce: [crup.exe] C:\WINDOWS\crup.exe
O4 - HKLM\..\RunOnce: [winsh.exe] C:\WINDOWS\winsh.exe
O4 - HKLM\..\RunOnce: [ntco32.exe] C:\WINDOWS\system32\ntco32.exe
O4 - HKLM\..\RunOnce: [apimm32.exe] C:\WINDOWS\system32\apimm32.exe
O4 - HKLM\..\RunOnce: [msjn32.exe] C:\WINDOWS\system32\msjn32.exe
O4 - HKLM\..\RunOnce: [crho.exe] C:\WINDOWS\system32\crho.exe
O4 - HKLM\..\RunOnce: [apivi.exe] C:\WINDOWS\apivi.exe
O4 - HKLM\..\RunOnce: [mfczy.exe] C:\WINDOWS\system32\mfczy.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\system32\ntea.exe
O4 - HKLM\..\RunOnce: [netfk32.exe] C:\WINDOWS\system32\netfk32.exe
O4 - HKLM\..\RunOnce: [sysrt.exe] C:\WINDOWS\sysrt.exe
O4 - HKLM\..\RunOnce: [msgp32.exe] C:\WINDOWS\msgp32.exe
O4 - HKLM\..\RunOnce: [ntyd.exe] C:\WINDOWS\ntyd.exe
O4 - HKLM\..\RunOnce: [atlru32.exe] C:\WINDOWS\atlru32.exe
O4 - HKLM\..\RunOnce: [sysmt32.exe] C:\WINDOWS\system32\sysmt32.exe
O4 - HKLM\..\RunOnce: [sdktl32.exe] C:\WINDOWS\sdktl32.exe
O4 - HKLM\..\RunOnce: [sdkrd32.exe] C:\WINDOWS\system32\sdkrd32.exe
O4 - HKLM\..\RunOnce: [mfcwn32.exe] C:\WINDOWS\system32\mfcwn32.exe
O4 - HKLM\..\RunOnce: [appug.exe] C:\WINDOWS\system32\appug.exe
O4 - HKLM\..\RunOnce: [d3ij.exe] C:\WINDOWS\d3ij.exe
O4 - HKLM\..\RunOnce: [atlrp32.exe] C:\WINDOWS\atlrp32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [javasz32.exe] C:\WINDOWS\system32\javasz32.exe
O4 - HKLM\..\RunOnce: [crbl.exe] C:\WINDOWS\crbl.exe
O4 - HKLM\..\RunOnce: [sysfn.exe] C:\WINDOWS\system32\sysfn.exe
O4 - HKLM\..\RunOnce: [iepl.exe] C:\WINDOWS\iepl.exe
O4 - HKLM\..\RunOnce: [winpw32.exe] C:\WINDOWS\system32\winpw32.exe
O4 - HKLM\..\RunOnce: [atluz32.exe] C:\WINDOWS\atluz32.exe
O4 - HKLM\..\RunOnce: [ntsu.exe] C:\WINDOWS\ntsu.exe
O4 - HKLM\..\RunOnce: [ietw.exe] C:\WINDOWS\system32\ietw.exe
O4 - HKLM\..\RunOnce: [wintk.exe] C:\WINDOWS\wintk.exe
O4 - HKLM\..\RunOnce: [sysci32.exe] C:\WINDOWS\sysci32.exe
O4 - HKLM\..\RunOnce: [mfccz32.exe] C:\WINDOWS\mfccz32.exe
O4 - HKLM\..\RunOnce: [d3za32.exe] C:\WINDOWS\d3za32.exe
O4 - HKLM\..\RunOnce: [systw.exe] C:\WINDOWS\systw.exe
O4 - HKLM\..\RunOnce: [ipcc32.exe] C:\WINDOWS\ipcc32.exe
O4 - HKLM\..\RunOnce: [d3pk.exe] C:\WINDOWS\d3pk.exe
O4 - HKLM\..\RunOnce: [cryo.exe] C:\WINDOWS\system32\cryo.exe
O4 - HKLM\..\RunOnce: [sdkaw.exe] C:\WINDOWS\system32\sdkaw.exe
O4 - HKLM\..\RunOnce: [d3zc.exe] C:\WINDOWS\d3zc.exe
O4 - HKLM\..\RunOnce: [appds32.exe] C:\WINDOWS\system32\appds32.exe
O4 - HKLM\..\RunOnce: [addck.exe] C:\WINDOWS\system32\addck.exe
O4 - HKLM\..\RunOnce: [mfcsa32.exe] C:\WINDOWS\mfcsa32.exe
O4 - HKLM\..\RunOnce: [winjn32.exe] C:\WINDOWS\system32\winjn32.exe
O4 - HKLM\..\RunOnce: [d3ia32.exe] C:\WINDOWS\d3ia32.exe
O4 - HKLM\..\RunOnce: [nteg32.exe] C:\WINDOWS\nteg32.exe
O4 - HKLM\..\RunOnce: [netaq.exe] C:\WINDOWS\system32\netaq.exe
O4 - HKLM\..\RunOnce: [d3xd.exe] C:\WINDOWS\d3xd.exe
O4 - HKLM\..\RunOnce: [mfche.exe] C:\WINDOWS\system32\mfche.exe
O4 - HKLM\..\RunOnce: [winal.exe] C:\WINDOWS\system32\winal.exe
O4 - HKLM\..\RunOnce: [crax.exe] C:\WINDOWS\system32\crax.exe
O4 - HKLM\..\RunOnce: [ipto.exe] C:\WINDOWS\ipto.exe
O4 - HKLM\..\RunOnce: [iecu.exe] C:\WINDOWS\iecu.exe
O4 - HKLM\..\RunOnce: [msgr.exe] C:\WINDOWS\msgr.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\apiyb.exe
O4 - HKLM\..\RunOnce: [sdkra.exe] C:\WINDOWS\system32\sdkra.exe
O4 - HKLM\..\RunOnce: [javazm32.exe] C:\WINDOWS\system32\javazm32.exe
O4 - HKLM\..\RunOnce: [appiq.exe] C:\WINDOWS\appiq.exe
O4 - HKLM\..\RunOnce: [d3wk.exe] C:\WINDOWS\system32\d3wk.exe
O4 - HKLM\..\RunOnce: [addqy32.exe] C:\WINDOWS\system32\addqy32.exe
O4 - HKLM\..\RunOnce: [ipzn.exe] C:\WINDOWS\system32\ipzn.exe
O4 - HKLM\..\RunOnce: [addza32.exe] C:\WINDOWS\addza32.exe
O4 - HKLM\..\RunOnce: [atlfv32.exe] C:\WINDOWS\system32\atlfv32.exe
O4 - HKLM\..\RunOnce: [ipdi.exe] C:\WINDOWS\system32\ipdi.exe
O4 - HKLM\..\RunOnce: [netkf32.exe] C:\WINDOWS\system32\netkf32.exe
O4 - HKLM\..\RunOnce: [appnd32.exe] C:\WINDOWS\appnd32.exe
O4 - HKLM\..\RunOnce: [netes32.exe] C:\WINDOWS\system32\netes32.exe
O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\ntwo.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [apidh.exe] C:\WINDOWS\system32\apidh.exe
O4 - HKLM\..\RunOnce: [ntme32.exe] C:\WINDOWS\ntme32.exe
O4 - HKLM\..\RunOnce: [atlki32.exe] C:\WINDOWS\system32\atlki32.exe
O4 - HKLM\..\RunOnce: [sysju32.exe] C:\WINDOWS\sysju32.exe
O4 - HKLM\..\RunOnce: [sdkdl.exe] C:\WINDOWS\sdkdl.exe
O4 - HKLM\..\RunOnce: [crar32.exe] C:\WINDOWS\crar32.exe
O4 - HKLM\..\RunOnce: [netnb32.exe] C:\WINDOWS\netnb32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [atlkr.exe] C:\WINDOWS\atlkr.exe
O4 - HKLM\..\RunOnce: [msws.exe] C:\WINDOWS\system32\msws.exe
O4 - HKLM\..\RunOnce: [apits32.exe] C:\WINDOWS\system32\apits32.exe
O4 - HKLM\..\RunOnce: [crxc32.exe] C:\WINDOWS\crxc32.exe
O4 - HKLM\..\RunOnce: [sysqz.exe] C:\WINDOWS\sysqz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Filter: text/html - {08D82B6E-8421-49AE-97D4-2F076219D39C} - C:\WINDOWS\system32\hiaafmd.dll
O18 - Filter: text/plain - {08D82B6E-8421-49AE-97D4-2F076219D39C} - C:\WINDOWS\system32\hiaafmd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\ielg.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP