[techi]

I did all the downloads and scans testerday and everything was alright for a while I got rid of Aboutblank and other stuff. But today nortonantivirus said that I have backdoor trojans and adware that are high risk but it can't delete them.
Here is my log file please help me. Techi

Logfile of HijackThis v1.99.1
Scan saved at 22:04:43, on 10/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis-2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\szyqu.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0059410E-8DEE-0D98-C3BC-33C7339C21E9} - C:\WINDOWS\appck.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {10E2E07E-D539-9FEE-C3AF-DB4D7AF9F2AD} - C:\WINDOWS\appds32.dll (file missing)
O2 - BHO: Class - {14CCD766-C2E6-995C-44CF-01F3B7630E42} - C:\WINDOWS\system32\ntdn.dll (file missing)
O2 - BHO: Class - {213C3374-2B1F-7A96-5E35-570933B9E400} - C:\WINDOWS\crti.dll (file missing)
O2 - BHO: Class - {2874EF24-5B4A-FBCC-AAF3-41C5D6A1522B} - C:\WINDOWS\system32\ntrg32.dll (file missing)
O2 - BHO: Class - {3090709C-6EA7-0316-84DA-2AC3A09FD1CB} - C:\WINDOWS\crto32.dll (file missing)
O2 - BHO: Class - {3427F1C9-F259-B31A-97AA-AC97C3A2E177} - C:\WINDOWS\iepc.dll (file missing)
O2 - BHO: Class - {4AD1D7DD-5E68-FF69-B9D7-6A0790685425} - C:\WINDOWS\system32\mfcjd.dll (file missing)
O2 - BHO: Class - {5022D84C-7E63-46D2-7871-DE7A933DED9A} - C:\WINDOWS\system32\ierh.dll (file missing)
O2 - BHO: Class - {5D2AC8EF-543F-11C8-6B03-77F06A8BD813} - C:\WINDOWS\sysho.dll (file missing)
O2 - BHO: Class - {62883FE9-57A7-4A38-F908-7FA3F3C59429} - C:\WINDOWS\system32\javalj.dll (file missing)
O2 - BHO: Class - {6BE009D7-3A3F-8737-E8A9-71197CD9CF6D} - C:\WINDOWS\javabe32.dll (file missing)
O2 - BHO: (no name) - {7773AF16-385C-4A3D-B094-A90775CF7B2B} - C:\WINDOWS\System32\ckkg.dll (file missing)
O2 - BHO: Class - {78A36512-8804-C19C-3205-09FF987988BB} - C:\WINDOWS\netcc32.dll (file missing)
O2 - BHO: Class - {7D8E9033-94CD-739D-8A5B-376572E16A8C} - C:\WINDOWS\system32\appte32.dll (file missing)
O2 - BHO: Class - {800E8E08-DE88-9E15-E570-254FA8F9B219} - C:\WINDOWS\javazd32.dll (file missing)
O2 - BHO: Class - {8A1521DC-007D-7FD6-3EAC-277D80B4130E} - C:\WINDOWS\system32\ntmq32.dll (file missing)
O2 - BHO: Class - {8EAE86BD-6B04-05C6-17FA-AADFA985E2A9} - C:\WINDOWS\atlca.dll (file missing)
O2 - BHO: Class - {97A8EF17-7744-7850-516A-4908A3DA6B11} - C:\WINDOWS\netns.dll (file missing)
O2 - BHO: Class - {9E122FC2-8010-A676-2E0B-30A5BABB310E} - C:\WINDOWS\system32\ntpy.dll (file missing)
O2 - BHO: Class - {A6773BDA-AF27-D057-4727-6CE7CCFF4CE6} - C:\WINDOWS\mfcgq32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Class - {AC9C4885-7656-D10D-70A9-3D0592AAE898} - C:\WINDOWS\atlvs32.dll (file missing)
O2 - BHO: Class - {B6C595C3-3BD8-E281-13C6-522B288C7737} - C:\WINDOWS\system32\ntgc32.dll (file missing)
O2 - BHO: Class - {B70C0938-84A7-5DA9-5BCE-7558992D9A93} - C:\WINDOWS\ieep.dll (file missing)
O2 - BHO: Class - {B9F05881-B63E-0E44-261D-B83EC3F52F6B} - C:\WINDOWS\system32\iesk32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C10E70B6-0A9C-EFB9-C902-4055C2D7F322} - C:\WINDOWS\atljw32.dll (file missing)
O2 - BHO: Class - {C5CE4E09-A52A-BF74-65E3-D9D479283259} - C:\WINDOWS\system32\sysoi.dll (file missing)
O2 - BHO: Class - {C8C5AC8C-8544-9DD9-C47F-93DA5C17618E} - C:\WINDOWS\system32\iplp32.dll (file missing)
O2 - BHO: Class - {D0592B04-69A4-47BC-1B9B-32D793341FAA} - C:\WINDOWS\d3cm.dll (file missing)
O2 - BHO: Class - {D1960FC9-2854-2CDB-F6A6-8BCC66FA0915} - C:\WINDOWS\ipmn.dll (file missing)
O2 - BHO: Class - {D4FF9DC9-75B5-CDE8-B984-C213B779E38B} - C:\WINDOWS\addwn.dll (file missing)
O2 - BHO: Class - {D8B75631-FC5A-770C-FEB6-B6EE7D86FB2F} - C:\WINDOWS\addms32.dll (file missing)
O2 - BHO: Class - {D9CADE45-933A-A3C0-41A4-2F984319AC5D} - C:\WINDOWS\crip.dll (file missing)
O2 - BHO: Class - {E655DD60-AB14-D8EA-6258-0B4A7FC5B627} - C:\WINDOWS\ievt32.dll (file missing)
O2 - BHO: Class - {EC68BA8D-6877-5903-0784-E7D735F34793} - C:\WINDOWS\winio32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [sysxb32.exe] C:\WINDOWS\sysxb32.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131496454484
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe

[Advertisements]

Hello, techi.

Please DELETE your current HJT program from its present location.

Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident

Run HijackThis

Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

[OwNt]

Hello, techi.

Please DELETE your current HJT program from its present location.

Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident

Run HijackThis

Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

[OwNt]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.