[acttom]

Recently my computer is slowed way down as well as my IE is screwed up. i can not change my setttings back and the home page will not change.It stays on Aboutblank.com. I get several pop ups as well. I have red shields with "x" in the middle of them that make me aware of spyware or adware is on my system. Several IE Favorites have been added to my list.Once I delete then and re boot they come back. While onthe internet, pages freeze up and are not responding. I have to use task manager to close them out.
I do Adaware scans all the time and recently noticed that I have a "searchclick process" running all the time as well as several cool web searches and other misc processes or items. The searchclick process is saying it is located at c:/windows/system32\mszs.exe. It says it is rated 10 and a critical high risk based on Ad Aware 1.06.

I have Clean up!, Adaware 1.06, Kill Box, Norton Anti Virus, Spybot SD, CWShredder and Hijack This..all of which will not remove this virus from my system. I am running Windows XP, with Comcast cable hook up for internet. I have a Dell Dimension Desktop 2350, Pentium 4 processor.

I read a very similar list in a forum for this same exact problem. Could you help as you did with that individual. his user name was "rghall". I know all issues are different but his stated exactly what my system is doing.

Thank you and look forward to hearing from you.
acttom

Edited by acttom, 19 August 2005 - 10:26 AM.

[Advertisements]

Logfile of HijackThis v1.99.1
Scan saved at 12:18:27 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\ipjx32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F462A044-FD7A-92DB-7E68-146D4A5388F8} - C:\WINDOWS\system32\javaqt32.dll
O2 - BHO: Class - {FD36CB53-F43E-C115-ED98-E1F307C77FD6} - C:\WINDOWS\ipjj.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [d3qn32.exe] C:\WINDOWS\system32\d3qn32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [appqc32.exe] C:\WINDOWS\appqc32.exe
O4 - HKLM\..\Run: [atlsv32.exe] C:\WINDOWS\atlsv32.exe
O4 - HKLM\..\Run: [ntql32.exe] C:\WINDOWS\system32\ntql32.exe
O4 - HKLM\..\Run: [crha.exe] C:\WINDOWS\system32\crha.exe
O4 - HKLM\..\Run: [atlkk.exe] C:\WINDOWS\atlkk.exe
O4 - HKLM\..\Run: [netis32.exe] C:\WINDOWS\netis32.exe
O4 - HKLM\..\Run: [sysvi.exe] C:\WINDOWS\system32\sysvi.exe
O4 - HKLM\..\Run: [d3mr.exe] C:\WINDOWS\system32\d3mr.exe
O4 - HKLM\..\Run: [mspg32.exe] C:\WINDOWS\system32\mspg32.exe
O4 - HKLM\..\Run: [mszs.exe] C:\WINDOWS\system32\mszs.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sdkdp32.exe] C:\WINDOWS\sdkdp32.exe
O4 - HKLM\..\Run: [sysck.exe] C:\WINDOWS\sysck.exe
O4 - HKLM\..\Run: [ipjk32.exe] C:\WINDOWS\ipjk32.exe
O4 - HKLM\..\Run: [iedp.exe] C:\WINDOWS\system32\iedp.exe
O4 - HKLM\..\Run: [msxd.exe] C:\WINDOWS\system32\msxd.exe
O4 - HKLM\..\Run: [addxt32.exe] C:\WINDOWS\addxt32.exe
O4 - HKLM\..\Run: [ipsp32.exe] C:\WINDOWS\ipsp32.exe
O4 - HKLM\..\Run: [appyg32.exe] C:\WINDOWS\system32\appyg32.exe
O4 - HKLM\..\Run: [ntxe.exe] C:\WINDOWS\ntxe.exe
O4 - HKLM\..\Run: [sysrl32.exe] C:\WINDOWS\system32\sysrl32.exe
O4 - HKLM\..\Run: [apppk.exe] C:\WINDOWS\system32\apppk.exe
O4 - HKLM\..\Run: [ipjx32.exe] C:\WINDOWS\ipjx32.exe
O4 - HKLM\..\RunOnce: [netgq32.exe] C:\WINDOWS\netgq32.exe
O4 - HKLM\..\RunOnce: [sysoh32.exe] C:\WINDOWS\sysoh32.exe
O4 - HKLM\..\RunOnce: [sdkug32.exe] C:\WINDOWS\sdkug32.exe
O4 - HKLM\..\RunOnce: [msfd.exe] C:\WINDOWS\msfd.exe
O4 - HKLM\..\RunOnce: [d3us.exe] C:\WINDOWS\d3us.exe
O4 - HKLM\..\RunOnce: [d3dg.exe] C:\WINDOWS\system32\d3dg.exe
O4 - HKLM\..\RunOnce: [mfcdo32.exe] C:\WINDOWS\mfcdo32.exe
O4 - HKLM\..\RunOnce: [msle32.exe] C:\WINDOWS\msle32.exe
O4 - HKLM\..\RunOnce: [netdu.exe] C:\WINDOWS\netdu.exe
O4 - HKLM\..\RunOnce: [msrg.exe] C:\WINDOWS\system32\msrg.exe
O4 - HKLM\..\RunOnce: [wincz.exe] C:\WINDOWS\wincz.exe
O4 - HKLM\..\RunOnce: [javabp32.exe] C:\WINDOWS\system32\javabp32.exe
O4 - HKLM\..\RunOnce: [ipqi32.exe] C:\WINDOWS\system32\ipqi32.exe
O4 - HKLM\..\RunOnce: [sdkye32.exe] C:\WINDOWS\sdkye32.exe
O4 - HKLM\..\RunOnce: [ntkm.exe] C:\WINDOWS\system32\ntkm.exe
O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\system32\sdksc32.exe
O4 - HKLM\..\RunOnce: [sysrf32.exe] C:\WINDOWS\system32\sysrf32.exe
O4 - HKLM\..\RunOnce: [winny.exe] C:\WINDOWS\system32\winny.exe
O4 - HKLM\..\RunOnce: [msag32.exe] C:\WINDOWS\system32\msag32.exe
O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\system32\netxz.exe
O4 - HKLM\..\RunOnce: [apixm.exe] C:\WINDOWS\system32\apixm.exe
O4 - HKLM\..\RunOnce: [iedy.exe] C:\WINDOWS\system32\iedy.exe
O4 - HKLM\..\RunOnce: [mfcbj.exe] C:\WINDOWS\mfcbj.exe
O4 - HKLM\..\RunOnce: [sdkmx.exe] C:\WINDOWS\sdkmx.exe
O4 - HKLM\..\RunOnce: [crah32.exe] C:\WINDOWS\crah32.exe
O4 - HKLM\..\RunOnce: [sdkvl.exe] C:\WINDOWS\sdkvl.exe
O4 - HKLM\..\RunOnce: [iezv.exe] C:\WINDOWS\system32\iezv.exe
O4 - HKLM\..\RunOnce: [d3rb32.exe] C:\WINDOWS\d3rb32.exe
O4 - HKLM\..\RunOnce: [winbu32.exe] C:\WINDOWS\system32\winbu32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [ipmh.exe] C:\WINDOWS\ipmh.exe
O4 - HKLM\..\RunOnce: [crin32.exe] C:\WINDOWS\crin32.exe
O4 - HKLM\..\RunOnce: [iewr.exe] C:\WINDOWS\iewr.exe
O4 - HKLM\..\RunOnce: [netqc32.exe] C:\WINDOWS\netqc32.exe
O4 - HKLM\..\RunOnce: [crit32.exe] C:\WINDOWS\system32\crit32.exe
O4 - HKLM\..\RunOnce: [d3ig.exe] C:\WINDOWS\system32\d3ig.exe
O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\system32\iewj32.exe
O4 - HKLM\..\RunOnce: [winwp.exe] C:\WINDOWS\winwp.exe
O4 - HKLM\..\RunOnce: [mfcue.exe] C:\WINDOWS\mfcue.exe
O4 - HKLM\..\RunOnce: [javaih.exe] C:\WINDOWS\system32\javaih.exe
O4 - HKLM\..\RunOnce: [appyi.exe] C:\WINDOWS\system32\appyi.exe
O4 - HKLM\..\RunOnce: [netka32.exe] C:\WINDOWS\system32\netka32.exe
O4 - HKLM\..\RunOnce: [winge.exe] C:\WINDOWS\system32\winge.exe
O4 - HKLM\..\RunOnce: [iezh.exe] C:\WINDOWS\iezh.exe
O4 - HKLM\..\RunOnce: [winft32.exe] C:\WINDOWS\winft32.exe
O4 - HKLM\..\RunOnce: [sysgn32.exe] C:\WINDOWS\sysgn32.exe
O4 - HKLM\..\RunOnce: [d3ao.exe] C:\WINDOWS\d3ao.exe
O4 - HKLM\..\RunOnce: [sysqh32.exe] C:\WINDOWS\system32\sysqh32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[acttom]

Logfile of HijackThis v1.99.1
Scan saved at 12:18:27 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\ipjx32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qzdca.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F462A044-FD7A-92DB-7E68-146D4A5388F8} - C:\WINDOWS\system32\javaqt32.dll
O2 - BHO: Class - {FD36CB53-F43E-C115-ED98-E1F307C77FD6} - C:\WINDOWS\ipjj.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [d3qn32.exe] C:\WINDOWS\system32\d3qn32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [appqc32.exe] C:\WINDOWS\appqc32.exe
O4 - HKLM\..\Run: [atlsv32.exe] C:\WINDOWS\atlsv32.exe
O4 - HKLM\..\Run: [ntql32.exe] C:\WINDOWS\system32\ntql32.exe
O4 - HKLM\..\Run: [crha.exe] C:\WINDOWS\system32\crha.exe
O4 - HKLM\..\Run: [atlkk.exe] C:\WINDOWS\atlkk.exe
O4 - HKLM\..\Run: [netis32.exe] C:\WINDOWS\netis32.exe
O4 - HKLM\..\Run: [sysvi.exe] C:\WINDOWS\system32\sysvi.exe
O4 - HKLM\..\Run: [d3mr.exe] C:\WINDOWS\system32\d3mr.exe
O4 - HKLM\..\Run: [mspg32.exe] C:\WINDOWS\system32\mspg32.exe
O4 - HKLM\..\Run: [mszs.exe] C:\WINDOWS\system32\mszs.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sdkdp32.exe] C:\WINDOWS\sdkdp32.exe
O4 - HKLM\..\Run: [sysck.exe] C:\WINDOWS\sysck.exe
O4 - HKLM\..\Run: [ipjk32.exe] C:\WINDOWS\ipjk32.exe
O4 - HKLM\..\Run: [iedp.exe] C:\WINDOWS\system32\iedp.exe
O4 - HKLM\..\Run: [msxd.exe] C:\WINDOWS\system32\msxd.exe
O4 - HKLM\..\Run: [addxt32.exe] C:\WINDOWS\addxt32.exe
O4 - HKLM\..\Run: [ipsp32.exe] C:\WINDOWS\ipsp32.exe
O4 - HKLM\..\Run: [appyg32.exe] C:\WINDOWS\system32\appyg32.exe
O4 - HKLM\..\Run: [ntxe.exe] C:\WINDOWS\ntxe.exe
O4 - HKLM\..\Run: [sysrl32.exe] C:\WINDOWS\system32\sysrl32.exe
O4 - HKLM\..\Run: [apppk.exe] C:\WINDOWS\system32\apppk.exe
O4 - HKLM\..\Run: [ipjx32.exe] C:\WINDOWS\ipjx32.exe
O4 - HKLM\..\RunOnce: [netgq32.exe] C:\WINDOWS\netgq32.exe
O4 - HKLM\..\RunOnce: [sysoh32.exe] C:\WINDOWS\sysoh32.exe
O4 - HKLM\..\RunOnce: [sdkug32.exe] C:\WINDOWS\sdkug32.exe
O4 - HKLM\..\RunOnce: [msfd.exe] C:\WINDOWS\msfd.exe
O4 - HKLM\..\RunOnce: [d3us.exe] C:\WINDOWS\d3us.exe
O4 - HKLM\..\RunOnce: [d3dg.exe] C:\WINDOWS\system32\d3dg.exe
O4 - HKLM\..\RunOnce: [mfcdo32.exe] C:\WINDOWS\mfcdo32.exe
O4 - HKLM\..\RunOnce: [msle32.exe] C:\WINDOWS\msle32.exe
O4 - HKLM\..\RunOnce: [netdu.exe] C:\WINDOWS\netdu.exe
O4 - HKLM\..\RunOnce: [msrg.exe] C:\WINDOWS\system32\msrg.exe
O4 - HKLM\..\RunOnce: [wincz.exe] C:\WINDOWS\wincz.exe
O4 - HKLM\..\RunOnce: [javabp32.exe] C:\WINDOWS\system32\javabp32.exe
O4 - HKLM\..\RunOnce: [ipqi32.exe] C:\WINDOWS\system32\ipqi32.exe
O4 - HKLM\..\RunOnce: [sdkye32.exe] C:\WINDOWS\sdkye32.exe
O4 - HKLM\..\RunOnce: [ntkm.exe] C:\WINDOWS\system32\ntkm.exe
O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\system32\sdksc32.exe
O4 - HKLM\..\RunOnce: [sysrf32.exe] C:\WINDOWS\system32\sysrf32.exe
O4 - HKLM\..\RunOnce: [winny.exe] C:\WINDOWS\system32\winny.exe
O4 - HKLM\..\RunOnce: [msag32.exe] C:\WINDOWS\system32\msag32.exe
O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\system32\netxz.exe
O4 - HKLM\..\RunOnce: [apixm.exe] C:\WINDOWS\system32\apixm.exe
O4 - HKLM\..\RunOnce: [iedy.exe] C:\WINDOWS\system32\iedy.exe
O4 - HKLM\..\RunOnce: [mfcbj.exe] C:\WINDOWS\mfcbj.exe
O4 - HKLM\..\RunOnce: [sdkmx.exe] C:\WINDOWS\sdkmx.exe
O4 - HKLM\..\RunOnce: [crah32.exe] C:\WINDOWS\crah32.exe
O4 - HKLM\..\RunOnce: [sdkvl.exe] C:\WINDOWS\sdkvl.exe
O4 - HKLM\..\RunOnce: [iezv.exe] C:\WINDOWS\system32\iezv.exe
O4 - HKLM\..\RunOnce: [d3rb32.exe] C:\WINDOWS\d3rb32.exe
O4 - HKLM\..\RunOnce: [winbu32.exe] C:\WINDOWS\system32\winbu32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [ipmh.exe] C:\WINDOWS\ipmh.exe
O4 - HKLM\..\RunOnce: [crin32.exe] C:\WINDOWS\crin32.exe
O4 - HKLM\..\RunOnce: [iewr.exe] C:\WINDOWS\iewr.exe
O4 - HKLM\..\RunOnce: [netqc32.exe] C:\WINDOWS\netqc32.exe
O4 - HKLM\..\RunOnce: [crit32.exe] C:\WINDOWS\system32\crit32.exe
O4 - HKLM\..\RunOnce: [d3ig.exe] C:\WINDOWS\system32\d3ig.exe
O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\system32\iewj32.exe
O4 - HKLM\..\RunOnce: [winwp.exe] C:\WINDOWS\winwp.exe
O4 - HKLM\..\RunOnce: [mfcue.exe] C:\WINDOWS\mfcue.exe
O4 - HKLM\..\RunOnce: [javaih.exe] C:\WINDOWS\system32\javaih.exe
O4 - HKLM\..\RunOnce: [appyi.exe] C:\WINDOWS\system32\appyi.exe
O4 - HKLM\..\RunOnce: [netka32.exe] C:\WINDOWS\system32\netka32.exe
O4 - HKLM\..\RunOnce: [winge.exe] C:\WINDOWS\system32\winge.exe
O4 - HKLM\..\RunOnce: [iezh.exe] C:\WINDOWS\iezh.exe
O4 - HKLM\..\RunOnce: [winft32.exe] C:\WINDOWS\winft32.exe
O4 - HKLM\..\RunOnce: [sysgn32.exe] C:\WINDOWS\sysgn32.exe
O4 - HKLM\..\RunOnce: [d3ao.exe] C:\WINDOWS\d3ao.exe
O4 - HKLM\..\RunOnce: [sysqh32.exe] C:\WINDOWS\system32\sysqh32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Metallica]

Download http://www.derbilk.de/SpSeHjfix112.zip to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean.

Post a new HijackThis log and the SpSeHJfix log

Regards,

[acttom]

Here is the hijack this log file-


Logfile of HijackThis v1.99.1
Scan saved at 12:03:54 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJack\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FEF01C5E-BF9D-396B-007C-E411897E10FD} - C:\WINDOWS\ntik32.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [d3qn32.exe] C:\WINDOWS\system32\d3qn32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [appqc32.exe] C:\WINDOWS\appqc32.exe
O4 - HKLM\..\Run: [atlsv32.exe] C:\WINDOWS\atlsv32.exe
O4 - HKLM\..\Run: [ntql32.exe] C:\WINDOWS\system32\ntql32.exe
O4 - HKLM\..\Run: [crha.exe] C:\WINDOWS\system32\crha.exe
O4 - HKLM\..\Run: [atlkk.exe] C:\WINDOWS\atlkk.exe
O4 - HKLM\..\Run: [netis32.exe] C:\WINDOWS\netis32.exe
O4 - HKLM\..\Run: [sysvi.exe] C:\WINDOWS\system32\sysvi.exe
O4 - HKLM\..\Run: [d3mr.exe] C:\WINDOWS\system32\d3mr.exe
O4 - HKLM\..\Run: [mszs.exe] C:\WINDOWS\system32\mszs.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sdkdp32.exe] C:\WINDOWS\sdkdp32.exe
O4 - HKLM\..\Run: [sysck.exe] C:\WINDOWS\sysck.exe
O4 - HKLM\..\Run: [ipjk32.exe] C:\WINDOWS\ipjk32.exe
O4 - HKLM\..\Run: [iedp.exe] C:\WINDOWS\system32\iedp.exe
O4 - HKLM\..\Run: [msxd.exe] C:\WINDOWS\system32\msxd.exe
O4 - HKLM\..\Run: [addxt32.exe] C:\WINDOWS\addxt32.exe
O4 - HKLM\..\Run: [appyg32.exe] C:\WINDOWS\system32\appyg32.exe
O4 - HKLM\..\Run: [ntxe.exe] C:\WINDOWS\ntxe.exe
O4 - HKLM\..\Run: [sysrl32.exe] C:\WINDOWS\system32\sysrl32.exe
O4 - HKLM\..\Run: [apppk.exe] C:\WINDOWS\system32\apppk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\txzdq.dll/sp.html#37049
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\txzdq.dll/sp.html#37049
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\txzdq.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\txzdq.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\txzdq.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\txzdq.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\txzdq.dll/sp.html#37049



Spfix log below...
My computer would not reboot own its own after running the program? It didnt really didnt respond to the point where I even knew the program was running once I clicked "start disinfection"...Until it poset a copy of the log, I assumed it was completed??

here is the log file:

(8/23/05 11:51:30 AM) Stealth-String not found
(8/23/05 11:51:30 AM) No locked Files to delete. End without Reboot
(8/23/05 11:51:21 AM) SPSeHjFix started v1.1.2
(8/23/05 11:51:22 AM) OS: WinXP Service Pack 2 (5.1.2600)
(8/23/05 11:51:22 AM) Language: english
(8/23/05 11:51:22 AM) Win-Path: C:\WINDOWS
(8/23/05 11:51:22 AM) System-Path: C:\WINDOWS\system32
(8/23/05 11:51:22 AM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(8/23/05 11:51:30 AM) Disinfection started
(8/23/05 11:51:30 AM) Bad-Dll(IEP): c:\windows\txzdq.dll
(8/23/05 11:51:30 AM) UBF: 7 - UBB: 2 - UBR: 36
(8/23/05 11:51:30 AM) UBF: 7 - UBB: 2 - UBR: 36
(8/23/05 11:51:30 AM) Bad IE-pages:

(8/23/05 11:52:04 AM) Disinfection started
(8/23/05 11:52:04 AM) Bad-Dll(IEP): c:\windows\txzdq.dll
(8/23/05 11:52:04 AM) UBF: 7 - UBB: 2 - UBR: 36
(8/23/05 11:52:04 AM) UBF: 7 - UBB: 2 - UBR: 36
(8/23/05 11:52:04 AM) Bad IE-pages: (none)
(8/23/05 11:52:04 AM) Stealth-String not found
(8/23/05 11:52:04 AM) No locked Files to delete. End without Reboot


(8/23/05 11:53:43 AM) SPSeHjFix started v1.1.2
(8/23/05 11:53:43 AM) OS: WinXP Service Pack 2 (5.1.2600)
(8/23/05 11:53:43 AM) Language: english
(8/23/05 11:53:43 AM) Win-Path: C:\WINDOWS
(8/23/05 11:53:43 AM) System-Path: C:\WINDOWS\system32
(8/23/05 11:53:43 AM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(8/23/05 11:53:45 AM) Disinfection started
(8/23/05 11:53:45 AM) Bad-Dll(IEP): (not found)
(8/23/05 11:53:45 AM) Bad-Dll(IEP) in BHO: (not found)
(8/23/05 11:53:45 AM) UBF: 7 - UBB: 2 - UBR: 36
(8/23/05 11:53:45 AM) UBF: 7 - UBB: 2 - UBR: 36
(8/23/05 11:53:45 AM) Bad IE-pages: (none)
(8/23/05 11:53:45 AM) Stealth-String not found
(8/23/05 11:53:45 AM) Not infected->END

thanks acttom

[Metallica]

Download, unzip and run About:Buster http://www.malwareby...boutBuster5.zip
Reboot into safe mode and run it.
It ususally takes two runs to get cleaned.

Download CWShredder from http://www.trendmicro.com/cwshredder/
Use the Fix button.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {FEF01C5E-BF9D-396B-007C-E411897E10FD} - C:\WINDOWS\ntik32.dll (file missing)

O4 - HKLM\..\Run: [d3qn32.exe] C:\WINDOWS\system32\d3qn32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [appqc32.exe] C:\WINDOWS\appqc32.exe
O4 - HKLM\..\Run: [atlsv32.exe] C:\WINDOWS\atlsv32.exe
O4 - HKLM\..\Run: [ntql32.exe] C:\WINDOWS\system32\ntql32.exe
O4 - HKLM\..\Run: [crha.exe] C:\WINDOWS\system32\crha.exe
O4 - HKLM\..\Run: [atlkk.exe] C:\WINDOWS\atlkk.exe
O4 - HKLM\..\Run: [netis32.exe] C:\WINDOWS\netis32.exe
O4 - HKLM\..\Run: [sysvi.exe] C:\WINDOWS\system32\sysvi.exe
O4 - HKLM\..\Run: [d3mr.exe] C:\WINDOWS\system32\d3mr.exe
O4 - HKLM\..\Run: [mszs.exe] C:\WINDOWS\system32\mszs.exe

O4 - HKLM\..\Run: [sdkdp32.exe] C:\WINDOWS\sdkdp32.exe
O4 - HKLM\..\Run: [sysck.exe] C:\WINDOWS\sysck.exe
O4 - HKLM\..\Run: [ipjk32.exe] C:\WINDOWS\ipjk32.exe
O4 - HKLM\..\Run: [iedp.exe] C:\WINDOWS\system32\iedp.exe
O4 - HKLM\..\Run: [msxd.exe] C:\WINDOWS\system32\msxd.exe
O4 - HKLM\..\Run: [addxt32.exe] C:\WINDOWS\addxt32.exe
O4 - HKLM\..\Run: [appyg32.exe] C:\WINDOWS\system32\appyg32.exe
O4 - HKLM\..\Run: [ntxe.exe] C:\WINDOWS\ntxe.exe
O4 - HKLM\..\Run: [sysrl32.exe] C:\WINDOWS\system32\sysrl32.exe
O4 - HKLM\..\Run: [apppk.exe] C:\WINDOWS\system32\apppk.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


Reboot and post a new log.

Regards,

Edited by Metallica, 23 August 2005 - 12:01 PM.

[acttom]

Ok.. Ran aboutbuster twice, pulled alot off! Cwshredder produced nothing though..
Checked and fixed all required files in Hijack and here is the new log file.
Do you need the file for About Buster???


Thanks acttom


Logfile of HijackThis v1.99.1
Scan saved at 4:15:31 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJack\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Metallica]

That log looks good now.

If there is anything wrong with the computer (a file reported missing) then the About:Buster log will be necessary, otherwise it's OK.

Regards,

[acttom]

It seems to be running great at this point!! Thanks so much for working with me!!

Now from here on out what should i do for prevenative maint with all the removal programs I have now during this whole process to keep it from happening again?

I have Killbox, Hijack, Spyfix, About buster, Clean up, Adaware, Norton Antivirus, Spybot sd, Cwshredder and Ewido Security.

acttom

Edited by acttom, 24 August 2005 - 12:38 PM.

[Metallica]

Most of what you have is meant to remove spyware.

And they are great at that. Please do have a look at my site about removing and preventing spyware.

Regards,