Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

rundll error DOCEOC161B1 & E6F18730

Started by monger , Feb 18 2005 09:13 AM

Please log in to reply

#1
monger

Posted 18 February 2005 - 09:13 AM

New Member

Member
4 posts

I am having trouble with my computer freezing and internet not responding when the computer restarts, I get two rundll errors: DOCEOC161B and E6Fl873B.

I did run Hijack This and here is the log file:

Logfile of HijackThis v1.99.1
Scan saved at 7:59:51 AM, on 2/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phoenix.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus7.hpwis.com/
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {0C2336AF-DBAA-4127-BA40-9423E18B6639} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {29E6E8F4-96BA-4E6F-86DB-15CF4CEC12BA} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {32E5BB9D-352C-4B4A-854C-ADBC40DBCE71} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {6A003FFD-53BD-4DDA-A588-B4AC28B9D71F} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {6FC22746-FAEB-46C6-AC6F-79934D8936CB} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {776592CF-AF5A-4BE5-9681-0E2940FDE7BC} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {7E2E9B67-52BD-43EE-AA50-C9B2A0E79407} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {9FA8941B-4873-4A3B-89B3-AA1DC1B8D1F5} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {B122FEE9-3B45-4D9F-A595-81BCA33EFD98} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BAAEBF1F-4596-439F-8CDD-2D92FEC6D36C} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {C9249755-59E7-41E6-A0FE-7DA52C1B8171} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {CDAC02BB-9DF6-4A56-972C-BB54D679E9D7} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {DF9A86D2-725B-4215-8CB8-EE82A8C4BF7E} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {F504119B-AA5B-4698-ACAB-24DC2475ABEF} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - [SABInprocServer32] (file missing)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [hmdrzd6e] C:\Program Files\hmdrzd6e\hmdrzd6e.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedno32.exe
O4 - HKLM\..\Run: [AutoLoaderoF4z1QLkWIaW] "C:\WINDOWS\System32\rtc71esp.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [osnP3EW] rtc71esp.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [ZB4FROamh] odbdlg32.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

:mad:

I appreciate any help you can give. Thanks

#2
worker

Posted 18 March 2005 - 08:43 PM

New Member

Member
1 posts

I have same problem with exception my computer does not freeze up
have you had any response

#3
monger

Posted 19 March 2005 - 04:08 PM

New Member

Topic Starter
Member
4 posts

No replies. Sorry.

#4
gerryf

Posted 19 March 2005 - 04:48 PM

Retired Staff

Retired Staff
11,365 posts

First, hijack logs have thier own forum...please use that in the future if you want your hijack logs evaluated.

Now, problems.....It appears that the Rundll errors you are getting are (some of) your malware programs failing to run.
Sadly, you still have a crap load running.

O2 - BHO: (no name) - {0C2336AF-DBAA-4127-BA40-9423E18B6639} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {29E6E8F4-96BA-4E6F-86DB-15CF4CEC12BA} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {32E5BB9D-352C-4B4A-854C-ADBC40DBCE71} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {6A003FFD-53BD-4DDA-A588-B4AC28B9D71F} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {6FC22746-FAEB-46C6-AC6F-79934D8936CB} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {776592CF-AF5A-4BE5-9681-0E2940FDE7BC} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {7E2E9B67-52BD-43EE-AA50-C9B2A0E79407} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {9FA8941B-4873-4A3B-89B3-AA1DC1B8D1F5} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {B122FEE9-3B45-4D9F-A595-81BCA33EFD98} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BAAEBF1F-4596-439F-8CDD-2D92FEC6D36C} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {C9249755-59E7-41E6-A0FE-7DA52C1B8171} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {CDAC02BB-9DF6-4A56-972C-BB54D679E9D7} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {DF9A86D2-725B-4215-8CB8-EE82A8C4BF7E} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O2 - BHO: (no name) - {F504119B-AA5B-4698-ACAB-24DC2475ABEF} - C:\Program Files\hmdrzd6e\hmdrzd6e.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - [SABInprocServer32] (file missing)
O4 - HKLM\..\Run: [hmdrzd6e] C:\Program Files\hmdrzd6e\hmdrzd6e.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedno32.exe
O4 - HKLM\..\Run: [AutoLoaderoF4z1QLkWIaW] "C:\WINDOWS\System32\rtc71esp.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [osnP3EW] rtc71esp.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [ZB4FROamh] odbdlg32.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe

Check the above and click fix.

I can promise you that some will return....you will need to post a second log. Right now, let's get some of the crap out of the way so we can separate the easy from hard stuff.

Also, tell me about spyware Doctor. I have not heard of that one. I can tell you that about 70 percent of programs that purport to remove spyware either do nothing or add it. For example, you have Spyware cleaner on your computer and that does more harm than good. SPyware Doctor is...suspicious.

#5
monger

Posted 20 March 2005 - 07:14 PM

New Member

Topic Starter
Member
4 posts

Here is my second hijack file after checking fix, on the first file. spyware doctor was recommended by a friend and found on download.com. I do realize now there is another forum for hijack files. Thanks, I appreciate your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:05:54 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5.0001
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phoenix.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus7.hpwis.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /C /FS /X
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6
gerryf

Posted 20 March 2005 - 08:13 PM

Retired Staff

Retired Staff
11,365 posts

things have changed....

you added winpatrol?
Also, the host file....do you know what dcsresearch is?
did you install some sort of trojan horse software?

in the meantime, could you please download the program Process Explorer from

http://www.sysintern...e/procexp.shtml

#7
monger

Posted 21 March 2005 - 04:51 PM

New Member

Topic Starter
Member
4 posts

Okay, I downloaded Process Explorer, I did install winpatrol to see if I could get rid of the rundll errors. Trojan horse software am not aware of. What's next? thanks.