Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SPORDERed


  • Please log in to reply
3 replies to this topic

#1 km_guru

km_guru

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 30 January 2005 - 08:32 PM

My girlfriend's laptop recently reported that the SPORDER.DLL library cannot be found. It seems to be totally hosed. I found the HijackThis information. I looked for the Adware hacks in the registry, but did not see them. I copied the SPORDER.DLL from Xfire from another machine over there. It gets past those errors, but the internet connectivity still doesn't work. Experts, can you take a look at this log and give me some suggetsions to get it back in order?

Logfile of HijackThis v1.99.0
Scan saved at 16:53:32, on 2005/01/30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ctobufyx] C:\WINDOWS\ctobufyx.exe
O4 - HKLM\..\Run: [sdcfspmb] C:\WINDOWS\sdcfspmb.exe
O4 - HKLM\..\Run: [vcv] C:\WINDOWS\vcv.exe
O4 - HKLM\..\Run: [khizefid] C:\WINDOWS\khizefid.exe
O4 - HKLM\..\Run: [pylgd] C:\WINDOWS\pylgd.exe
O4 - HKLM\..\Run: [lsncf] C:\WINDOWS\lsncf.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [UEWINDOWS\,qxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOW1<dgqxfgl.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>\WINDOW1<dgqxfgl.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>\WINDOW1<dga$fgl.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>\WINDOW1<dgY_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>UENDOW1<dgY_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>UENDOW1<dgE_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dga$fgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dgY_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dgY\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dgE\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\a$E9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\a$E9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\aaaYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\aaaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\aaEaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$qxfgYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$qxfgYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a\xfrYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [UEWINDOWS\a\xfrYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [-
i:\WINDOWS\dgqxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WPDOWS\dgqxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<gqxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<gqxa$l.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\dgqxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\da$xfgl\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C>WINDOWS\da$xfgl\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<gqxfa$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<a$xfa$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<a$xo$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C>WINDOWS1<a$xo$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/227a45374f1efc...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093224133595
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...319/mcfscan.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WZCBDL Service - Unknown - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 31 January 2005 - 11:05 AM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ctobufyx] C:\WINDOWS\ctobufyx.exe
O4 - HKLM\..\Run: [sdcfspmb] C:\WINDOWS\sdcfspmb.exe
O4 - HKLM\..\Run: [vcv] C:\WINDOWS\vcv.exe
O4 - HKLM\..\Run: [khizefid] C:\WINDOWS\khizefid.exe
O4 - HKLM\..\Run: [pylgd] C:\WINDOWS\pylgd.exe
O4 - HKLM\..\Run: [lsncf] C:\WINDOWS\lsncf.exe
O4 - HKLM\..\Run: [UEWINDOWS\,qxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOW1<dgqxfgl.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>\WINDOW1<dgqxfgl.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>\WINDOW1<dga$fgl.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>\WINDOW1<dgY_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>UENDOW1<dgY_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [>UENDOW1<dgE_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dga$fgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dgY_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dgY\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\dgE\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [I}\WINDOWS\a$E9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\a$E9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\aaaYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\aaaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [Is*WINDOWS\aaEaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$qxfgYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a$qxfgYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\a\xfrYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [UEWINDOWS\a\xfrYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [-
i:\WINDOWS\dgqxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WPDOWS\dgqxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<gqxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<gqxa$l.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\dgqxfgl.eC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\da$xfgl\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C>WINDOWS\da$xfgl\C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<gqxfa$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<a$xfa$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [CPWINDOWS1<a$xo$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O4 - HKLM\..\Run: [C>WINDOWS1<a$xo$.C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dgqxfgl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/227a45374f1efc...ip/RdxIE601.cab
O23 - Service: WZCBDL Service - Unknown - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\ctobufyx.exe
C:\WINDOWS\sdcfspmb.exe
C:\WINDOWS\vcv.exe
C:\WINDOWS\khizefid.exe
C:\WINDOWS\pylgd.exe
C:\WINDOWS\lsncf.exe
C:\WINDOWS\dgqxfgl.exe


Reboot your computer and Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

And press enter. Inthe right section of the screen right click on each entry that contains the following words C:\Program Files\ISTsvc\istsvc.exe

Reboot and post a new log

#3 km_guru

km_guru
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 February 2005 - 04:53 AM

I did so. Although I wasn't 100% clear about what to do with the registry. So I did nothing. Attached is the new logfile.

I am now getting errors when I reboot about
CFD.exe has a problem because it cannot find the McRtl32.dll

Thank you for your help.

Attached Files



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 01 February 2005 - 11:35 AM

Did you by accident delete the McRtl32.dll file?

You can fix this to stop that error:

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

Other than that, i do not see anything else wrong.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users