Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At a loss


  • This topic is locked This topic is locked
11 replies to this topic

#1 bronx52

bronx52

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 22 July 2004 - 03:00 PM

In addition to battling popups and having my home page hijacked, my computer has slowed to a crawl. That's my biggest concern. I'm seeing two messages consistently: The system is dangerously low in resources & There is not enough free memory to run this program.

I was able to post the log below only after several attempts. I was previously unable to run Mozilla and WordPad at the same time. It seems I just got lucky.

Norton Anti-virus appeared to solve the speed problem when it took care of a Trojan horse the other day, but things have slowed down again.

I've run CW Shredder, Ad-aware and Spybot Search and Destroy. I may have created the Hijack log after using the Spybot "immunize" feature. Hope that's not a problem.

I rely on my computer to earn a living. I'd be very grateful for any help you're able to provide.

p.s. Internet Explorer is my regular browser. I think that's where the problem began.


Logfile of HijackThis v1.98.0
Scan saved at 4:17:50 PM, on 7/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vmjpq.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vmjpq.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vmjpq.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vmjpq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vmjpq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vmjpq.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: Class - {13C42846-63E9-C5EC-42B4-DB2AD1F9C009} - C:\WINDOWS\MFCES.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [APPNO32.EXE] C:\WINDOWS\SYSTEM\APPNO32.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSIV32.EXE] C:\WINDOWS\SYSIV32.EXE
O4 - HKLM\..\RunServices: [D3GS.EXE] C:\WINDOWS\SYSTEM\D3GS.EXE
O4 - HKLM\..\RunServices: [NETJQ.EXE] C:\WINDOWS\SYSTEM\NETJQ.EXE
O4 - HKLM\..\RunServices: [MFCGP32.EXE] C:\WINDOWS\SYSTEM\MFCGP32.EXE
O4 - HKLM\..\RunServices: [IEXP.EXE] C:\WINDOWS\SYSTEM\IEXP.EXE
O4 - HKLM\..\RunServices: [MFCDN32.EXE] C:\WINDOWS\MFCDN32.EXE
O4 - HKLM\..\RunServices: [CRWQ32.EXE] C:\WINDOWS\CRWQ32.EXE
O4 - HKLM\..\RunServices: [SYSBS32.EXE] C:\WINDOWS\SYSTEM\SYSBS32.EXE
O4 - HKLM\..\RunServices: [ADDVV.EXE] C:\WINDOWS\SYSTEM\ADDVV.EXE
O4 - HKLM\..\RunServices: [IELH32.EXE] C:\WINDOWS\IELH32.EXE
O4 - HKLM\..\RunServices: [ADDXD.EXE] C:\WINDOWS\SYSTEM\ADDXD.EXE
O4 - HKLM\..\RunServices: [NETVR32.EXE] C:\WINDOWS\NETVR32.EXE
O4 - HKLM\..\RunServices: [CRDH32.EXE] C:\WINDOWS\CRDH32.EXE
O4 - HKLM\..\RunServices: [APIUH.EXE] C:\WINDOWS\APIUH.EXE
O4 - HKLM\..\RunServices: [IEPV32.EXE] C:\WINDOWS\IEPV32.EXE
O4 - HKLM\..\RunServices: [NTQE.EXE] C:\WINDOWS\SYSTEM\NTQE.EXE
O4 - HKLM\..\RunServices: [SYSQT.EXE] C:\WINDOWS\SYSQT.EXE
O4 - HKLM\..\RunServices: [IPVP.EXE] C:\WINDOWS\SYSTEM\IPVP.EXE
O4 - HKLM\..\RunServices: [JAVASD.EXE] C:\WINDOWS\JAVASD.EXE
O4 - HKLM\..\RunServices: [WINUH.EXE] C:\WINDOWS\WINUH.EXE
O4 - HKLM\..\RunServices: [APPRI.EXE] C:\WINDOWS\SYSTEM\APPRI.EXE
O4 - HKLM\..\RunServices: [APPLO32.EXE] C:\WINDOWS\SYSTEM\APPLO32.EXE
O4 - HKLM\..\RunServices: [APPLG32.EXE] C:\WINDOWS\SYSTEM\APPLG32.EXE
O4 - HKLM\..\RunServices: [APPHN.EXE] C:\WINDOWS\APPHN.EXE
O4 - HKLM\..\RunServices: [ADDSV.EXE] C:\WINDOWS\ADDSV.EXE
O4 - HKLM\..\RunServices: [NTQX.EXE] C:\WINDOWS\NTQX.EXE
O4 - HKLM\..\RunServices: [D3UZ.EXE] C:\WINDOWS\SYSTEM\D3UZ.EXE
O4 - HKLM\..\RunServices: [IEIT32.EXE] C:\WINDOWS\IEIT32.EXE
O4 - HKLM\..\RunServices: [D3XP32.EXE] C:\WINDOWS\SYSTEM\D3XP32.EXE
O4 - HKLM\..\RunServices: [WINVW.EXE] C:\WINDOWS\SYSTEM\WINVW.EXE
O4 - HKLM\..\RunServices: [SYSYX32.EXE] C:\WINDOWS\SYSTEM\SYSYX32.EXE
O4 - HKLM\..\RunServices: [NTFA32.EXE] C:\WINDOWS\SYSTEM\NTFA32.EXE
O4 - HKLM\..\RunServices: [ADDEH32.EXE] C:\WINDOWS\SYSTEM\ADDEH32.EXE
O4 - HKLM\..\RunServices: [ATLMS.EXE] C:\WINDOWS\SYSTEM\ATLMS.EXE
O4 - HKLM\..\RunServices: [NTTW.EXE] C:\WINDOWS\NTTW.EXE
O4 - HKLM\..\RunServices: [D3NQ.EXE] C:\WINDOWS\D3NQ.EXE
O4 - HKLM\..\RunServices: [SYSKK32.EXE] C:\WINDOWS\SYSKK32.EXE
O4 - HKLM\..\RunServices: [D3BD32.EXE] C:\WINDOWS\SYSTEM\D3BD32.EXE
O4 - HKLM\..\RunServices: [APIFY.EXE] C:\WINDOWS\SYSTEM\APIFY.EXE
O4 - HKLM\..\RunServices: [SYSKG32.EXE] C:\WINDOWS\SYSTEM\SYSKG32.EXE
O4 - HKLM\..\RunServices: [NTZE32.EXE] C:\WINDOWS\NTZE32.EXE
O4 - HKLM\..\RunServices: [WINUV32.EXE] C:\WINDOWS\SYSTEM\WINUV32.EXE
O4 - HKLM\..\RunServices: [MFCBZ32.EXE] C:\WINDOWS\SYSTEM\MFCBZ32.EXE
O4 - HKLM\..\RunServices: [SYSVM.EXE] C:\WINDOWS\SYSTEM\SYSVM.EXE
O4 - HKLM\..\RunServices: [MFCZW.EXE] C:\WINDOWS\SYSTEM\MFCZW.EXE
O4 - HKLM\..\RunServices: [NTTO.EXE] C:\WINDOWS\SYSTEM\NTTO.EXE
O4 - HKLM\..\RunServices: [ATLMN.EXE] C:\WINDOWS\SYSTEM\ATLMN.EXE
O4 - HKLM\..\RunServices: [NETPN32.EXE] C:\WINDOWS\SYSTEM\NETPN32.EXE
O4 - HKLM\..\RunServices: [MSBF32.EXE] C:\WINDOWS\MSBF32.EXE
O4 - HKLM\..\RunServices: [MFCQQ32.EXE] C:\WINDOWS\SYSTEM\MFCQQ32.EXE
O4 - HKLM\..\RunServices: [CRJA.EXE] C:\WINDOWS\SYSTEM\CRJA.EXE
O4 - HKLM\..\RunServices: [NETPI32.EXE] C:\WINDOWS\NETPI32.EXE
O4 - HKLM\..\RunServices: [APIJN.EXE] C:\WINDOWS\APIJN.EXE
O4 - HKLM\..\RunServices: [NTNJ.EXE] C:\WINDOWS\NTNJ.EXE
O4 - HKLM\..\RunServices: [IEOO32.EXE] C:\WINDOWS\IEOO32.EXE
O4 - HKLM\..\RunServices: [IEAR32.EXE] C:\WINDOWS\SYSTEM\IEAR32.EXE
O4 - HKLM\..\RunServices: [NTCT32.EXE] C:\WINDOWS\NTCT32.EXE
O4 - HKLM\..\RunServices: [CRKK32.EXE] C:\WINDOWS\SYSTEM\CRKK32.EXE
O4 - HKLM\..\RunServices: [SYSMK32.EXE] C:\WINDOWS\SYSTEM\SYSMK32.EXE
O4 - HKLM\..\RunServices: [MFCDX32.EXE] C:\WINDOWS\SYSTEM\MFCDX32.EXE
O4 - HKLM\..\RunServices: [IPNM32.EXE] C:\WINDOWS\IPNM32.EXE
O4 - HKLM\..\RunServices: [NETYU.EXE] C:\WINDOWS\NETYU.EXE
O4 - HKLM\..\RunServices: [IETD.EXE] C:\WINDOWS\SYSTEM\IETD.EXE
O4 - HKLM\..\RunServices: [MFCVB32.EXE] C:\WINDOWS\MFCVB32.EXE
O4 - HKLM\..\RunServices: [IPKX32.EXE] C:\WINDOWS\IPKX32.EXE
O4 - HKLM\..\RunServices: [ADDZV.EXE] C:\WINDOWS\ADDZV.EXE
O4 - HKLM\..\RunServices: [MSFJ.EXE] C:\WINDOWS\MSFJ.EXE
O4 - HKLM\..\RunServices: [SDKNU.EXE] C:\WINDOWS\SYSTEM\SDKNU.EXE
O4 - HKLM\..\RunServices: [SYSHC.EXE] C:\WINDOWS\SYSHC.EXE
O4 - HKLM\..\RunServices: [CRIJ32.EXE] C:\WINDOWS\CRIJ32.EXE
O4 - HKLM\..\RunServices: [IPXM.EXE] C:\WINDOWS\IPXM.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series 9x\Bin\HPOstr05.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/13ff5549c49f83ff7821/netzip/RdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 22 July 2004 - 03:55 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vmjpq.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vmjpq.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vmjpq.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vmjpq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vmjpq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vmjpq.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {13C42846-63E9-C5EC-42B4-DB2AD1F9C009} - C:\WINDOWS\MFCES.DLL
O4 - HKLM\..\Run: [APPNO32.EXE] C:\WINDOWS\SYSTEM\APPNO32.EXE
O4 - HKLM\..\RunServices: [SYSIV32.EXE] C:\WINDOWS\SYSIV32.EXE
O4 - HKLM\..\RunServices: [D3GS.EXE] C:\WINDOWS\SYSTEM\D3GS.EXE
O4 - HKLM\..\RunServices: [NETJQ.EXE] C:\WINDOWS\SYSTEM\NETJQ.EXE
O4 - HKLM\..\RunServices: [MFCGP32.EXE] C:\WINDOWS\SYSTEM\MFCGP32.EXE
O4 - HKLM\..\RunServices: [IEXP.EXE] C:\WINDOWS\SYSTEM\IEXP.EXE
O4 - HKLM\..\RunServices: [MFCDN32.EXE] C:\WINDOWS\MFCDN32.EXE
O4 - HKLM\..\RunServices: [CRWQ32.EXE] C:\WINDOWS\CRWQ32.EXE
O4 - HKLM\..\RunServices: [SYSBS32.EXE] C:\WINDOWS\SYSTEM\SYSBS32.EXE
O4 - HKLM\..\RunServices: [ADDVV.EXE] C:\WINDOWS\SYSTEM\ADDVV.EXE
O4 - HKLM\..\RunServices: [IELH32.EXE] C:\WINDOWS\IELH32.EXE
O4 - HKLM\..\RunServices: [ADDXD.EXE] C:\WINDOWS\SYSTEM\ADDXD.EXE
O4 - HKLM\..\RunServices: [NETVR32.EXE] C:\WINDOWS\NETVR32.EXE
O4 - HKLM\..\RunServices: [CRDH32.EXE] C:\WINDOWS\CRDH32.EXE
O4 - HKLM\..\RunServices: [APIUH.EXE] C:\WINDOWS\APIUH.EXE
O4 - HKLM\..\RunServices: [IEPV32.EXE] C:\WINDOWS\IEPV32.EXE
O4 - HKLM\..\RunServices: [NTQE.EXE] C:\WINDOWS\SYSTEM\NTQE.EXE
O4 - HKLM\..\RunServices: [SYSQT.EXE] C:\WINDOWS\SYSQT.EXE
O4 - HKLM\..\RunServices: [IPVP.EXE] C:\WINDOWS\SYSTEM\IPVP.EXE
O4 - HKLM\..\RunServices: [JAVASD.EXE] C:\WINDOWS\JAVASD.EXE
O4 - HKLM\..\RunServices: [WINUH.EXE] C:\WINDOWS\WINUH.EXE
O4 - HKLM\..\RunServices: [APPRI.EXE] C:\WINDOWS\SYSTEM\APPRI.EXE
O4 - HKLM\..\RunServices: [APPLO32.EXE] C:\WINDOWS\SYSTEM\APPLO32.EXE
O4 - HKLM\..\RunServices: [APPLG32.EXE] C:\WINDOWS\SYSTEM\APPLG32.EXE
O4 - HKLM\..\RunServices: [APPHN.EXE] C:\WINDOWS\APPHN.EXE
O4 - HKLM\..\RunServices: [ADDSV.EXE] C:\WINDOWS\ADDSV.EXE
O4 - HKLM\..\RunServices: [NTQX.EXE] C:\WINDOWS\NTQX.EXE
O4 - HKLM\..\RunServices: [D3UZ.EXE] C:\WINDOWS\SYSTEM\D3UZ.EXE
O4 - HKLM\..\RunServices: [IEIT32.EXE] C:\WINDOWS\IEIT32.EXE
O4 - HKLM\..\RunServices: [D3XP32.EXE] C:\WINDOWS\SYSTEM\D3XP32.EXE
O4 - HKLM\..\RunServices: [WINVW.EXE] C:\WINDOWS\SYSTEM\WINVW.EXE
O4 - HKLM\..\RunServices: [SYSYX32.EXE] C:\WINDOWS\SYSTEM\SYSYX32.EXE
O4 - HKLM\..\RunServices: [NTFA32.EXE] C:\WINDOWS\SYSTEM\NTFA32.EXE
O4 - HKLM\..\RunServices: [ADDEH32.EXE] C:\WINDOWS\SYSTEM\ADDEH32.EXE
O4 - HKLM\..\RunServices: [ATLMS.EXE] C:\WINDOWS\SYSTEM\ATLMS.EXE
O4 - HKLM\..\RunServices: [NTTW.EXE] C:\WINDOWS\NTTW.EXE
O4 - HKLM\..\RunServices: [D3NQ.EXE] C:\WINDOWS\D3NQ.EXE
O4 - HKLM\..\RunServices: [SYSKK32.EXE] C:\WINDOWS\SYSKK32.EXE
O4 - HKLM\..\RunServices: [D3BD32.EXE] C:\WINDOWS\SYSTEM\D3BD32.EXE
O4 - HKLM\..\RunServices: [APIFY.EXE] C:\WINDOWS\SYSTEM\APIFY.EXE
O4 - HKLM\..\RunServices: [SYSKG32.EXE] C:\WINDOWS\SYSTEM\SYSKG32.EXE
O4 - HKLM\..\RunServices: [NTZE32.EXE] C:\WINDOWS\NTZE32.EXE
O4 - HKLM\..\RunServices: [WINUV32.EXE] C:\WINDOWS\SYSTEM\WINUV32.EXE
O4 - HKLM\..\RunServices: [MFCBZ32.EXE] C:\WINDOWS\SYSTEM\MFCBZ32.EXE
O4 - HKLM\..\RunServices: [SYSVM.EXE] C:\WINDOWS\SYSTEM\SYSVM.EXE
O4 - HKLM\..\RunServices: [MFCZW.EXE] C:\WINDOWS\SYSTEM\MFCZW.EXE
O4 - HKLM\..\RunServices: [NTTO.EXE] C:\WINDOWS\SYSTEM\NTTO.EXE
O4 - HKLM\..\RunServices: [ATLMN.EXE] C:\WINDOWS\SYSTEM\ATLMN.EXE
O4 - HKLM\..\RunServices: [NETPN32.EXE] C:\WINDOWS\SYSTEM\NETPN32.EXE
O4 - HKLM\..\RunServices: [MSBF32.EXE] C:\WINDOWS\MSBF32.EXE
O4 - HKLM\..\RunServices: [MFCQQ32.EXE] C:\WINDOWS\SYSTEM\MFCQQ32.EXE
O4 - HKLM\..\RunServices: [CRJA.EXE] C:\WINDOWS\SYSTEM\CRJA.EXE
O4 - HKLM\..\RunServices: [NETPI32.EXE] C:\WINDOWS\NETPI32.EXE
O4 - HKLM\..\RunServices: [APIJN.EXE] C:\WINDOWS\APIJN.EXE
O4 - HKLM\..\RunServices: [NTNJ.EXE] C:\WINDOWS\NTNJ.EXE
O4 - HKLM\..\RunServices: [IEOO32.EXE] C:\WINDOWS\IEOO32.EXE
O4 - HKLM\..\RunServices: [IEAR32.EXE] C:\WINDOWS\SYSTEM\IEAR32.EXE
O4 - HKLM\..\RunServices: [NTCT32.EXE] C:\WINDOWS\NTCT32.EXE
O4 - HKLM\..\RunServices: [CRKK32.EXE] C:\WINDOWS\SYSTEM\CRKK32.EXE
O4 - HKLM\..\RunServices: [SYSMK32.EXE] C:\WINDOWS\SYSTEM\SYSMK32.EXE
O4 - HKLM\..\RunServices: [MFCDX32.EXE] C:\WINDOWS\SYSTEM\MFCDX32.EXE
O4 - HKLM\..\RunServices: [IPNM32.EXE] C:\WINDOWS\IPNM32.EXE
O4 - HKLM\..\RunServices: [NETYU.EXE] C:\WINDOWS\NETYU.EXE
O4 - HKLM\..\RunServices: [IETD.EXE] C:\WINDOWS\SYSTEM\IETD.EXE
O4 - HKLM\..\RunServices: [MFCVB32.EXE] C:\WINDOWS\MFCVB32.EXE
O4 - HKLM\..\RunServices: [IPKX32.EXE] C:\WINDOWS\IPKX32.EXE
O4 - HKLM\..\RunServices: [ADDZV.EXE] C:\WINDOWS\ADDZV.EXE
O4 - HKLM\..\RunServices: [MSFJ.EXE] C:\WINDOWS\MSFJ.EXE
O4 - HKLM\..\RunServices: [SDKNU.EXE] C:\WINDOWS\SYSTEM\SDKNU.EXE
O4 - HKLM\..\RunServices: [SYSHC.EXE] C:\WINDOWS\SYSHC.EXE
O4 - HKLM\..\RunServices: [CRIJ32.EXE] C:\WINDOWS\CRIJ32.EXE
O4 - HKLM\..\RunServices: [IPXM.EXE] C:\WINDOWS\IPXM.EXE
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/13ff5549c49f83ff7821/netzip/RdxIE.cab


Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)
C:\WINDOWS\vmjpq.dll
C:\WINDOWS\MFCES.DLL
C:\WINDOWS\SYSTEM\APPNO32.EXE
C:\WINDOWS\SYSIV32.EXE
C:\WINDOWS\SYSTEM\D3GS.EXE
C:\WINDOWS\SYSTEM\NETJQ.EXE
C:\WINDOWS\SYSTEM\MFCGP32.EXE
C:\WINDOWS\SYSTEM\IEXP.EXE
C:\WINDOWS\MFCDN32.EXE
C:\WINDOWS\CRWQ32.EXE
C:\WINDOWS\SYSTEM\SYSBS32.EXE
C:\WINDOWS\SYSTEM\ADDVV.EXE
C:\WINDOWS\IELH32.EXE
C:\WINDOWS\SYSTEM\ADDXD.EXE
C:\WINDOWS\NETVR32.EXE
C:\WINDOWS\CRDH32.EXE
C:\WINDOWS\APIUH.EXE
C:\WINDOWS\IEPV32.EXE
C:\WINDOWS\SYSTEM\NTQE.EXE
C:\WINDOWS\SYSQT.EXE
C:\WINDOWS\SYSTEM\IPVP.EXE
C:\WINDOWS\JAVASD.EXE
C:\WINDOWS\WINUH.EXE
C:\WINDOWS\SYSTEM\APPRI.EXE
C:\WINDOWS\SYSTEM\APPLO32.EXE
C:\WINDOWS\SYSTEM\APPLG32.EXE
C:\WINDOWS\APPHN.EXE
C:\WINDOWS\ADDSV.EXE
C:\WINDOWS\NTQX.EXE
C:\WINDOWS\SYSTEM\D3UZ.EXE
C:\WINDOWS\IEIT32.EXE
C:\WINDOWS\SYSTEM\D3XP32.EXE
C:\WINDOWS\SYSTEM\WINVW.EXE
C:\WINDOWS\SYSTEM\SYSYX32.EXE
C:\WINDOWS\SYSTEM\NTFA32.EXE
C:\WINDOWS\SYSTEM\ADDEH32.EXE
C:\WINDOWS\SYSTEM\ATLMS.EXE
C:\WINDOWS\NTTW.EXE
C:\WINDOWS\D3NQ.EXE
C:\WINDOWS\SYSKK32.EXE
C:\WINDOWS\SYSTEM\D3BD32.EXE
C:\WINDOWS\SYSTEM\APIFY.EXE
C:\WINDOWS\SYSTEM\SYSKG32.EXE
C:\WINDOWS\NTZE32.EXE
C:\WINDOWS\SYSTEM\WINUV32.EXE
C:\WINDOWS\SYSTEM\MFCBZ32.EXE
C:\WINDOWS\SYSTEM\SYSVM.EXE
C:\WINDOWS\SYSTEM\MFCZW.EXE
C:\WINDOWS\SYSTEM\NTTO.EXE
C:\WINDOWS\SYSTEM\ATLMN.EXE
C:\WINDOWS\SYSTEM\NETPN32.EXE
C:\WINDOWS\MSBF32.EXE
C:\WINDOWS\SYSTEM\MFCQQ32.EXE
C:\WINDOWS\SYSTEM\CRJA.EXE
C:\WINDOWS\NETPI32.EXE
C:\WINDOWS\APIJN.EXE
C:\WINDOWS\NTNJ.EXE
C:\WINDOWS\IEOO32.EXE
C:\WINDOWS\SYSTEM\IEAR32.EXE
C:\WINDOWS\NTCT32.EXE
C:\WINDOWS\SYSTEM\CRKK32.EXE
C:\WINDOWS\SYSTEM\SYSMK32.EXE
C:\WINDOWS\SYSTEM\MFCDX32.EXE
C:\WINDOWS\IPNM32.EXE
C:\WINDOWS\NETYU.EXE
C:\WINDOWS\SYSTEM\IETD.EXE
C:\WINDOWS\MFCVB32.EXE
C:\WINDOWS\IPKX32.EXE
C:\WINDOWS\ADDZV.EXE
C:\WINDOWS\MSFJ.EXE
C:\WINDOWS\SYSTEM\SDKNU.EXE
C:\WINDOWS\SYSHC.EXE
C:\WINDOWS\CRIJ32.EXE
C:\WINDOWS\IPXM.EXE

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.


Please reboot into safe mode and delete the following files:

C:\HIJACKTHIS\HIJACKTHIS.EXE

#3 bronx52

bronx52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 23 July 2004 - 09:48 AM

Thanks for your quick response. Here's the most recent log.

After following your instructions and rebooting, Norton Internet Security tells me C:\Windows\D3NM.EXE is attempting to access the internet. Should I allow that?


Logfile of HijackThis v1.98.0
Scan saved at 10:49:32 AM, on 7/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\D3ZX32.EXE
C:\WINDOWS\SYSTEM\IPCV32.EXE
C:\WINDOWS\SYSTEM\APPCG32.EXE
C:\WINDOWS\JAVAXF32.EXE
C:\WINDOWS\SYSTEM\IECH32.EXE
C:\WINDOWS\SYSTEM\SDKTE.EXE
C:\WINDOWS\SYSTEM\WINBS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\ADDOO.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\D3NM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOSTR05.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\ATRACK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOVDX05.EXE
C:\WINDOWS\SYSTEM\HPOHID05.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\SYSTEM\IPMD32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\rfcha.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://rfcha.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://rfcha.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\rfcha.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\rfcha.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://rfcha.dll/index.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Class - {1C5D8C2D-0739-9E8E-4CD2-CC71DBD39050} - C:\WINDOWS\SYSTEM\JAVAGT32.DLL (file missing)
O2 - BHO: Class - {91167381-8743-EFE8-3DBE-0DA394FB5B78} - C:\WINDOWS\SYSTEM\IEBK.DLL (file missing)
O2 - BHO: Class - {8A24FA69-13F6-413E-92B8-736D543E9459} - C:\WINDOWS\SYSTEM\JAVAMA.DLL (file missing)
O2 - BHO: Class - {05F3C50C-D53F-D6BC-9065-2ABB3092A8D0} - C:\WINDOWS\IPQT.DLL (file missing)
O2 - BHO: Class - {2CEAB828-38BD-3C29-5BB0-E50A8BB04255} - C:\WINDOWS\SYSTEM\MSUB.DLL (file missing)
O2 - BHO: Class - {24FBD5FE-F499-83F3-29CF-A140FD3C2FD1} - C:\WINDOWS\SYSTEM\SYSKC.DLL (file missing)
O2 - BHO: Class - {0B4DACA1-181A-DBF9-29CD-2BF9C12D5462} - C:\WINDOWS\IEIR32.DLL (file missing)
O2 - BHO: Class - {2EB5AE5B-CF52-1C2B-6D6B-A8C6E2D3F189} - C:\WINDOWS\ATLCP.DLL
O2 - BHO: Class - {AEE8EE6A-4323-6D87-A44A-6EFBEF94A434} - C:\WINDOWS\SYSTEM\IEHK.DLL (file missing)
O2 - BHO: Class - {9CF3A1CC-C3C4-6259-52D5-4317ADE2FD4D} - C:\WINDOWS\SYSTEM\SYSPT.DLL (file missing)
O2 - BHO: Class - {C1764056-15F0-7405-21CA-6044D79346CA} - C:\WINDOWS\SYSTEM\APIHQ.DLL (file missing)
O2 - BHO: Class - {4ABF050C-DD0D-52FF-DD7A-B315E8F9B10E} - C:\WINDOWS\D3QF.DLL (file missing)
O2 - BHO: Class - {5C66A3E6-177F-2123-461B-13AF536B594F} - C:\WINDOWS\SYSTEM\NTYP.DLL (file missing)
O2 - BHO: Class - {18EC5DC5-B985-C0FF-DB09-97D6A2005DD1} - C:\WINDOWS\SYSTEM\NETRK.DLL (file missing)
O2 - BHO: Class - {116D5205-9033-ED2D-47B4-5E76AA524375} - C:\WINDOWS\SYSTEM\MSAM32.DLL (file missing)
O2 - BHO: Class - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\NETCI32.DLL (file missing)
O2 - BHO: Class - {E0DA4602-C389-40D3-4ABE-C81BB11A0F31} - C:\WINDOWS\SYSAL32.DLL (file missing)
O2 - BHO: Class - {2D884AA4-5362-6D9F-DBFC-16455C462B7B} - C:\WINDOWS\SYSSW.DLL (file missing)
O2 - BHO: Class - {DB4F8C73-9882-05B9-A545-A1A794E29AA6} - C:\WINDOWS\IEKX.DLL (file missing)
O2 - BHO: Class - {F2F8BB31-B33F-D00C-790B-C929FA43DD0F} - C:\WINDOWS\SYSEN32.DLL (file missing)
O2 - BHO: Class - {22E2AB09-0048-1FF5-A3E7-70536A1077C5} - C:\WINDOWS\SYSOI.DLL (file missing)
O2 - BHO: Class - {52CCDCC2-DD0E-F0FC-BD6E-D4A46E9FB156} - C:\WINDOWS\SDKDX.DLL (file missing)
O2 - BHO: Class - {D5728176-9B28-959A-7D04-F70661EB2619} - C:\WINDOWS\ADDJX.DLL
O2 - BHO: Class - {E8A9E4E1-61A2-BCEA-4EC3-0DEFD026EDE5} - C:\WINDOWS\ADDVT.DLL (file missing)
O2 - BHO: Class - {B10A9A8A-BFE0-3A30-47B5-BF3A196D2B94} - C:\WINDOWS\CRNE.DLL (file missing)
O2 - BHO: Class - {DEABBF72-CBCF-130F-A1A1-D1A289913E85} - C:\WINDOWS\SYSTEM\WINVU.DLL (file missing)
O2 - BHO: Class - {A78BB315-D821-44E1-B875-C88BA442CE8F} - C:\WINDOWS\SYSTEM\ATLSK.DLL (file missing)
O2 - BHO: Class - {910AC8C6-EC5F-E790-C50E-8F52F9D90881} - C:\WINDOWS\SYSTEM\ATLTE.DLL (file missing)
O2 - BHO: Class - {EDB351A4-66C4-592C-4D6E-5DA4F46F6A5C} - C:\WINDOWS\ATLFR.DLL (file missing)
O2 - BHO: Class - {9DE118DF-4921-D35F-0ACA-DA210E65232D} - C:\WINDOWS\IPQU.DLL (file missing)
O2 - BHO: Class - {1E7C0536-EC5D-F3F8-9D6E-C72FCBBFA8D1} - C:\WINDOWS\SYSTEM\JAVAWG32.DLL (file missing)
O2 - BHO: Class - {C130D49F-C962-BD75-6B24-24CC50CC4248} - C:\WINDOWS\NETRM.DLL (file missing)
O2 - BHO: Class - {F8EA49DA-2095-ABD3-7D85-A5D74D47966F} - C:\WINDOWS\MFCXV32.DLL (file missing)
O2 - BHO: Class - {1D35FEE6-4A46-0EEF-09E4-41ED063F55D0} - C:\WINDOWS\D3SE32.DLL (file missing)
O2 - BHO: Class - {04249A7E-B9A4-452E-6406-5516848199BF} - C:\WINDOWS\SYSTEM\D3OO.DLL (file missing)
O2 - BHO: Class - {F6EFDF21-8B1F-BAEA-BD86-253428240896} - C:\WINDOWS\SYSTEM\MFCMM32.DLL (file missing)
O2 - BHO: Class - {C0B288E9-15B7-5663-C3B7-6006797E3B8F} - C:\WINDOWS\SYSTEM\WINKS32.DLL (file missing)
O2 - BHO: Class - {20FA363E-C425-966E-C41A-1A75B8F1766C} - C:\WINDOWS\SYSTEM\NETGW32.DLL (file missing)
O2 - BHO: Class - {55B5630A-9715-8C99-CB77-0C50B7989809} - C:\WINDOWS\SYSTEM\WINUO32.DLL (file missing)
O2 - BHO: Class - {1F2630C3-E654-C8C7-3EB4-CA2402B03CA3} - C:\WINDOWS\SYSTEM\WINSY32.DLL (file missing)
O2 - BHO: Class - {A91EF599-5AF3-83C2-86F7-5C9793216040} - C:\WINDOWS\ATLNM32.DLL (file missing)
O2 - BHO: Class - {1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1} - C:\WINDOWS\IEUA32.DLL (file missing)
O2 - BHO: Class - {815F7C5F-448E-A479-1D2A-285401DC8A31} - C:\WINDOWS\SYSTEM\SYSGZ.DLL (file missing)
O2 - BHO: Class - {E5DC71F4-A2E4-322A-F770-A81A2631BD5B} - C:\WINDOWS\SYSTEM\ADDPM.DLL (file missing)
O2 - BHO: Class - {7FA20677-A6BE-542C-5C09-C210B1BD7940} - C:\WINDOWS\SYSTEM\MSAY32.DLL (file missing)
O2 - BHO: Class - {9E11A364-818B-61DC-ADA3-FCB9FB027B7A} - C:\WINDOWS\SYSTEM\IPBL.DLL (file missing)
O2 - BHO: Class - {AAEAF0EF-4CCD-6801-830D-30AC3AB7C39B} - C:\WINDOWS\CRNQ32.DLL (file missing)
O2 - BHO: Class - {B2626E7A-4A8E-7D60-FA6E-4B64EFEDBE39} - C:\WINDOWS\D3RI.DLL (file missing)
O2 - BHO: Class - {509EE3A1-0DA3-E6F6-847A-4CAFDBB2C0DB} - C:\WINDOWS\D3FK32.DLL (file missing)
O2 - BHO: Class - {8BCD1ED2-B29A-E094-AA14-90786D920B81} - C:\WINDOWS\D3NM.DLL (file missing)
O2 - BHO: Class - {77CB7B4D-7B52-24C9-E64B-0A97E44D6B06} - C:\WINDOWS\SYSTEM\JAVAIT.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [IPCV32.EXE] C:\WINDOWS\SYSTEM\IPCV32.EXE
O4 - HKLM\..\RunServices: [D3ZX32.EXE] C:\WINDOWS\D3ZX32.EXE
O4 - HKLM\..\RunServices: [APPCG32.EXE] C:\WINDOWS\SYSTEM\APPCG32.EXE
O4 - HKLM\..\RunServices: [JAVAXF32.EXE] C:\WINDOWS\JAVAXF32.EXE
O4 - HKLM\..\RunServices: [IECH32.EXE] C:\WINDOWS\SYSTEM\IECH32.EXE
O4 - HKLM\..\RunServices: [WINBS.EXE] C:\WINDOWS\SYSTEM\WINBS.EXE
O4 - HKLM\..\RunServices: [SDKTE.EXE] C:\WINDOWS\SYSTEM\SDKTE.EXE
O4 - HKLM\..\RunServices: [ADDOO.EXE] C:\WINDOWS\ADDOO.EXE
O4 - HKLM\..\RunServices: [MSDH.EXE] C:\WINDOWS\MSDH.EXE
O4 - HKLM\..\RunServices: [IPMD32.EXE] C:\WINDOWS\SYSTEM\IPMD32.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series 9x\Bin\HPOstr05.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#4 bronx52

bronx52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 23 July 2004 - 11:19 AM

My Internet Explorer home page is still hijacked. Pop ups appear when I open the application.

But the speed issue seems to have been resolved. It appears I doubled the amount of free space on the C drive after following your instructions.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 23 July 2004 - 04:05 PM

Please download About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip

Once it is download and extracted somehwere, please reboot into safe mode and run the tool. When the tool is open press ok and then start. In the field labeled "Input in here..." enter the following:

res://rfcha.dll/index.html

Then press the OK button. The program will start to delete the various elements of this malware.

Please run this tool 3 times and then fix all those O4 no file entries in hijackthis. Then post a new log

#6 bronx52

bronx52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 25 July 2004 - 09:02 AM

I've run aboutbuster three times, as instructed. I'm afraid I don't see any "04 no file entries" in hijackthis. Did you mean to have me fix the 02 file missing entries?


Logfile of HijackThis v1.98.0
Scan saved at 10:03:22 AM, on 7/25/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOSTR05.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOVDX05.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\WINDOWS\SYSTEM\HPOHID05.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\ATRACK.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Class - {1C5D8C2D-0739-9E8E-4CD2-CC71DBD39050} - C:\WINDOWS\SYSTEM\JAVAGT32.DLL (file missing)
O2 - BHO: Class - {91167381-8743-EFE8-3DBE-0DA394FB5B78} - C:\WINDOWS\SYSTEM\IEBK.DLL (file missing)
O2 - BHO: Class - {8A24FA69-13F6-413E-92B8-736D543E9459} - C:\WINDOWS\SYSTEM\JAVAMA.DLL (file missing)
O2 - BHO: Class - {05F3C50C-D53F-D6BC-9065-2ABB3092A8D0} - C:\WINDOWS\IPQT.DLL (file missing)
O2 - BHO: Class - {2CEAB828-38BD-3C29-5BB0-E50A8BB04255} - C:\WINDOWS\SYSTEM\MSUB.DLL (file missing)
O2 - BHO: Class - {24FBD5FE-F499-83F3-29CF-A140FD3C2FD1} - C:\WINDOWS\SYSTEM\SYSKC.DLL (file missing)
O2 - BHO: Class - {0B4DACA1-181A-DBF9-29CD-2BF9C12D5462} - C:\WINDOWS\IEIR32.DLL (file missing)
O2 - BHO: Class - {2EB5AE5B-CF52-1C2B-6D6B-A8C6E2D3F189} - C:\WINDOWS\ATLCP.DLL (file missing)
O2 - BHO: Class - {AEE8EE6A-4323-6D87-A44A-6EFBEF94A434} - C:\WINDOWS\SYSTEM\IEHK.DLL (file missing)
O2 - BHO: Class - {9CF3A1CC-C3C4-6259-52D5-4317ADE2FD4D} - C:\WINDOWS\SYSTEM\SYSPT.DLL (file missing)
O2 - BHO: Class - {C1764056-15F0-7405-21CA-6044D79346CA} - C:\WINDOWS\SYSTEM\APIHQ.DLL (file missing)
O2 - BHO: Class - {4ABF050C-DD0D-52FF-DD7A-B315E8F9B10E} - C:\WINDOWS\D3QF.DLL (file missing)
O2 - BHO: Class - {5C66A3E6-177F-2123-461B-13AF536B594F} - C:\WINDOWS\SYSTEM\NTYP.DLL (file missing)
O2 - BHO: Class - {18EC5DC5-B985-C0FF-DB09-97D6A2005DD1} - C:\WINDOWS\SYSTEM\NETRK.DLL (file missing)
O2 - BHO: Class - {116D5205-9033-ED2D-47B4-5E76AA524375} - C:\WINDOWS\SYSTEM\MSAM32.DLL (file missing)
O2 - BHO: Class - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\NETCI32.DLL (file missing)
O2 - BHO: Class - {E0DA4602-C389-40D3-4ABE-C81BB11A0F31} - C:\WINDOWS\SYSAL32.DLL (file missing)
O2 - BHO: Class - {2D884AA4-5362-6D9F-DBFC-16455C462B7B} - C:\WINDOWS\SYSSW.DLL (file missing)
O2 - BHO: Class - {DB4F8C73-9882-05B9-A545-A1A794E29AA6} - C:\WINDOWS\IEKX.DLL (file missing)
O2 - BHO: Class - {F2F8BB31-B33F-D00C-790B-C929FA43DD0F} - C:\WINDOWS\SYSEN32.DLL (file missing)
O2 - BHO: Class - {22E2AB09-0048-1FF5-A3E7-70536A1077C5} - C:\WINDOWS\SYSOI.DLL (file missing)
O2 - BHO: Class - {52CCDCC2-DD0E-F0FC-BD6E-D4A46E9FB156} - C:\WINDOWS\SDKDX.DLL (file missing)
O2 - BHO: Class - {D5728176-9B28-959A-7D04-F70661EB2619} - C:\WINDOWS\ADDJX.DLL (file missing)
O2 - BHO: Class - {E8A9E4E1-61A2-BCEA-4EC3-0DEFD026EDE5} - C:\WINDOWS\ADDVT.DLL (file missing)
O2 - BHO: Class - {B10A9A8A-BFE0-3A30-47B5-BF3A196D2B94} - C:\WINDOWS\CRNE.DLL (file missing)
O2 - BHO: Class - {DEABBF72-CBCF-130F-A1A1-D1A289913E85} - C:\WINDOWS\SYSTEM\WINVU.DLL (file missing)
O2 - BHO: Class - {A78BB315-D821-44E1-B875-C88BA442CE8F} - C:\WINDOWS\SYSTEM\ATLSK.DLL (file missing)
O2 - BHO: Class - {910AC8C6-EC5F-E790-C50E-8F52F9D90881} - C:\WINDOWS\SYSTEM\ATLTE.DLL (file missing)
O2 - BHO: Class - {EDB351A4-66C4-592C-4D6E-5DA4F46F6A5C} - C:\WINDOWS\ATLFR.DLL (file missing)
O2 - BHO: Class - {9DE118DF-4921-D35F-0ACA-DA210E65232D} - C:\WINDOWS\IPQU.DLL (file missing)
O2 - BHO: Class - {1E7C0536-EC5D-F3F8-9D6E-C72FCBBFA8D1} - C:\WINDOWS\SYSTEM\JAVAWG32.DLL (file missing)
O2 - BHO: Class - {C130D49F-C962-BD75-6B24-24CC50CC4248} - C:\WINDOWS\NETRM.DLL (file missing)
O2 - BHO: Class - {F8EA49DA-2095-ABD3-7D85-A5D74D47966F} - C:\WINDOWS\MFCXV32.DLL (file missing)
O2 - BHO: Class - {1D35FEE6-4A46-0EEF-09E4-41ED063F55D0} - C:\WINDOWS\D3SE32.DLL (file missing)
O2 - BHO: Class - {04249A7E-B9A4-452E-6406-5516848199BF} - C:\WINDOWS\SYSTEM\D3OO.DLL (file missing)
O2 - BHO: Class - {F6EFDF21-8B1F-BAEA-BD86-253428240896} - C:\WINDOWS\SYSTEM\MFCMM32.DLL (file missing)
O2 - BHO: Class - {C0B288E9-15B7-5663-C3B7-6006797E3B8F} - C:\WINDOWS\SYSTEM\WINKS32.DLL (file missing)
O2 - BHO: Class - {20FA363E-C425-966E-C41A-1A75B8F1766C} - C:\WINDOWS\SYSTEM\NETGW32.DLL (file missing)
O2 - BHO: Class - {55B5630A-9715-8C99-CB77-0C50B7989809} - C:\WINDOWS\SYSTEM\WINUO32.DLL (file missing)
O2 - BHO: Class - {1F2630C3-E654-C8C7-3EB4-CA2402B03CA3} - C:\WINDOWS\SYSTEM\WINSY32.DLL (file missing)
O2 - BHO: Class - {A91EF599-5AF3-83C2-86F7-5C9793216040} - C:\WINDOWS\ATLNM32.DLL (file missing)
O2 - BHO: Class - {1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1} - C:\WINDOWS\IEUA32.DLL (file missing)
O2 - BHO: Class - {815F7C5F-448E-A479-1D2A-285401DC8A31} - C:\WINDOWS\SYSTEM\SYSGZ.DLL (file missing)
O2 - BHO: Class - {E5DC71F4-A2E4-322A-F770-A81A2631BD5B} - C:\WINDOWS\SYSTEM\ADDPM.DLL (file missing)
O2 - BHO: Class - {7FA20677-A6BE-542C-5C09-C210B1BD7940} - C:\WINDOWS\SYSTEM\MSAY32.DLL (file missing)
O2 - BHO: Class - {9E11A364-818B-61DC-ADA3-FCB9FB027B7A} - C:\WINDOWS\SYSTEM\IPBL.DLL (file missing)
O2 - BHO: Class - {AAEAF0EF-4CCD-6801-830D-30AC3AB7C39B} - C:\WINDOWS\CRNQ32.DLL (file missing)
O2 - BHO: Class - {B2626E7A-4A8E-7D60-FA6E-4B64EFEDBE39} - C:\WINDOWS\D3RI.DLL (file missing)
O2 - BHO: Class - {509EE3A1-0DA3-E6F6-847A-4CAFDBB2C0DB} - C:\WINDOWS\D3FK32.DLL (file missing)
O2 - BHO: Class - {8BCD1ED2-B29A-E094-AA14-90786D920B81} - C:\WINDOWS\D3NM.DLL (file missing)
O2 - BHO: Class - {77CB7B4D-7B52-24C9-E64B-0A97E44D6B06} - C:\WINDOWS\SYSTEM\JAVAIT.DLL (file missing)
O2 - BHO: Class - {0D79E1F1-FC68-61DE-4655-BBD25AEDE095} - C:\WINDOWS\SYSTEM\MFCTN32.DLL (file missing)
O2 - BHO: Class - {4EE12872-1521-4B63-1BB4-09617436BD48} - C:\WINDOWS\JAVAOS32.DLL (file missing)
O2 - BHO: Class - {55B602D6-4282-BE22-DEE6-C95DFCA166A1} - C:\WINDOWS\D3QC32.DLL (file missing)
O2 - BHO: Class - {28FF18F3-57B1-2824-4D27-0CDEDF72B5DE} - C:\WINDOWS\SYSTEM\WINXJ.DLL (file missing)
O2 - BHO: Class - {B62AAF5F-81D0-B02D-AC71-0F194E11C969} - C:\WINDOWS\IPUQ.DLL (file missing)
O2 - BHO: Class - {C2E378C6-A9C3-5F16-1F44-60897D78858E} - C:\WINDOWS\SYSTEM\SYSBY.DLL (file missing)
O2 - BHO: Class - {FA6BD27F-288F-002A-F4A9-ABCF232371D9} - C:\WINDOWS\SDKUO.DLL (file missing)
O2 - BHO: Class - {D0F738F6-C2FD-913F-CDC5-6D878E183E4D} - C:\WINDOWS\SYSTEM\ADDCH32.DLL (file missing)
O2 - BHO: Class - {DA63AADC-263D-5DCD-D789-D029C94F9577} - C:\WINDOWS\ATLVR32.DLL (file missing)
O2 - BHO: Class - {54066D1A-4314-BDDA-AF4C-7988FA7126F6} - C:\WINDOWS\SYSTEM\MSWM32.DLL (file missing)
O2 - BHO: Class - {763BAD2A-515D-49C9-1F38-41CBA6C92B36} - C:\WINDOWS\SYSTEM\MFCRU.DLL (file missing)
O2 - BHO: Class - {435397F3-E427-792C-0A91-80B33A1464D5} - C:\WINDOWS\SYSTEM\APITN32.DLL (file missing)
O2 - BHO: Class - {955C1478-6981-013D-E95C-2F893F01B9FA} - C:\WINDOWS\NETSL.DLL (file missing)
O2 - BHO: Class - {D3B904F8-2593-CC6B-115F-038CC3428486} - C:\WINDOWS\SYSTEM\IPRG32.DLL (file missing)
O2 - BHO: Class - {C47BACBB-B1ED-EF19-238D-DBC9037735AD} - C:\WINDOWS\SYSTEM\NETZD.DLL (file missing)
O2 - BHO: Class - {FBC662AC-AA0D-1389-1431-40872CBDACA2} - C:\WINDOWS\MFCPW.DLL (file missing)
O2 - BHO: Class - {C9906193-7B7B-FA65-B978-4F6E47E66321} - C:\WINDOWS\CRTK.DLL (file missing)
O2 - BHO: Class - {90BABD6B-DA3D-2814-4B15-345BCAAC2F67} - C:\WINDOWS\D3AZ32.DLL (file missing)
O2 - BHO: Class - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - C:\WINDOWS\CRSD32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [IPCV32.EXE] C:\WINDOWS\SYSTEM\IPCV32.EXE
O4 - HKLM\..\RunServices: [D3ZX32.EXE] C:\WINDOWS\D3ZX32.EXE
O4 - HKLM\..\RunServices: [APPCG32.EXE] C:\WINDOWS\SYSTEM\APPCG32.EXE
O4 - HKLM\..\RunServices: [JAVAXF32.EXE] C:\WINDOWS\JAVAXF32.EXE
O4 - HKLM\..\RunServices: [IECH32.EXE] C:\WINDOWS\SYSTEM\IECH32.EXE
O4 - HKLM\..\RunServices: [WINBS.EXE] C:\WINDOWS\SYSTEM\WINBS.EXE
O4 - HKLM\..\RunServices: [SDKTE.EXE] C:\WINDOWS\SYSTEM\SDKTE.EXE
O4 - HKLM\..\RunServices: [ADDOO.EXE] C:\WINDOWS\ADDOO.EXE
O4 - HKLM\..\RunServices: [MSDH.EXE] C:\WINDOWS\MSDH.EXE
O4 - HKLM\..\RunServices: [IPMD32.EXE] C:\WINDOWS\SYSTEM\IPMD32.EXE
O4 - HKLM\..\RunServices: [ATLVP32.EXE] C:\WINDOWS\ATLVP32.EXE
O4 - HKLM\..\RunServices: [WINAU32.EXE] C:\WINDOWS\SYSTEM\WINAU32.EXE
O4 - HKLM\..\RunServices: [APPOZ32.EXE] C:\WINDOWS\SYSTEM\APPOZ32.EXE
O4 - HKLM\..\RunServices: [APICF.EXE] C:\WINDOWS\SYSTEM\APICF.EXE
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\NTMA32.EXE
O4 - HKLM\..\RunServices: [APICM.EXE] C:\WINDOWS\APICM.EXE
O4 - HKLM\..\RunServices: [D3OE.EXE] C:\WINDOWS\D3OE.EXE
O4 - HKLM\..\RunServices: [CRQO.EXE] C:\WINDOWS\SYSTEM\CRQO.EXE
O4 - HKLM\..\RunServices: [NTIU32.EXE] C:\WINDOWS\SYSTEM\NTIU32.EXE
O4 - HKLM\..\RunServices: [WINBU.EXE] C:\WINDOWS\SYSTEM\WINBU.EXE
O4 - HKLM\..\RunServices: [SYSLO.EXE] C:\WINDOWS\SYSLO.EXE
O4 - HKLM\..\RunServices: [IPEW32.EXE] C:\WINDOWS\IPEW32.EXE
O4 - HKLM\..\RunServices: [WINTM32.EXE] C:\WINDOWS\SYSTEM\WINTM32.EXE
O4 - HKLM\..\RunServices: [IEZP32.EXE] C:\WINDOWS\SYSTEM\IEZP32.EXE
O4 - HKLM\..\RunServices: [SYSPO32.EXE] C:\WINDOWS\SYSPO32.EXE
O4 - HKLM\..\RunServices: [WINPE32.EXE] C:\WINDOWS\SYSTEM\WINPE32.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series 9x\Bin\HPOstr05.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 25 July 2004 - 12:14 PM

Yes that is what I meant.. I apologize. Run about:buster one more time then fix the O2s that say no file

#8 bronx52

bronx52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 26 July 2004 - 08:42 AM

Thank you, Grinler. You've solved the problem, making my life much easier in the process. My computer has never been so fast. What a pleasure.

#9 mmoore4

mmoore4

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 26 July 2004 - 10:32 PM

Grinlers the best. We are almost done fixing one of two computers I have that are CWS/about:blank/malware nightmares. It's encouraging to see that there is light at the end of the tunnel.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 26 July 2004 - 11:13 PM

Bronx please post a new log so I can give it the once over.

#11 bronx52

bronx52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 July 2004 - 07:17 AM

here it is


Logfile of HijackThis v1.98.0
Scan saved at 8:22:20 AM, on 7/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOSTR05.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOVDX05.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\WINDOWS\SYSTEM\HPOHID05.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\ATRACK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [IPCV32.EXE] C:\WINDOWS\SYSTEM\IPCV32.EXE
O4 - HKLM\..\RunServices: [D3ZX32.EXE] C:\WINDOWS\D3ZX32.EXE
O4 - HKLM\..\RunServices: [APPCG32.EXE] C:\WINDOWS\SYSTEM\APPCG32.EXE
O4 - HKLM\..\RunServices: [JAVAXF32.EXE] C:\WINDOWS\JAVAXF32.EXE
O4 - HKLM\..\RunServices: [IECH32.EXE] C:\WINDOWS\SYSTEM\IECH32.EXE
O4 - HKLM\..\RunServices: [WINBS.EXE] C:\WINDOWS\SYSTEM\WINBS.EXE
O4 - HKLM\..\RunServices: [SDKTE.EXE] C:\WINDOWS\SYSTEM\SDKTE.EXE
O4 - HKLM\..\RunServices: [ADDOO.EXE] C:\WINDOWS\ADDOO.EXE
O4 - HKLM\..\RunServices: [MSDH.EXE] C:\WINDOWS\MSDH.EXE
O4 - HKLM\..\RunServices: [IPMD32.EXE] C:\WINDOWS\SYSTEM\IPMD32.EXE
O4 - HKLM\..\RunServices: [ATLVP32.EXE] C:\WINDOWS\ATLVP32.EXE
O4 - HKLM\..\RunServices: [WINAU32.EXE] C:\WINDOWS\SYSTEM\WINAU32.EXE
O4 - HKLM\..\RunServices: [APPOZ32.EXE] C:\WINDOWS\SYSTEM\APPOZ32.EXE
O4 - HKLM\..\RunServices: [APICF.EXE] C:\WINDOWS\SYSTEM\APICF.EXE
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\NTMA32.EXE
O4 - HKLM\..\RunServices: [APICM.EXE] C:\WINDOWS\APICM.EXE
O4 - HKLM\..\RunServices: [D3OE.EXE] C:\WINDOWS\D3OE.EXE
O4 - HKLM\..\RunServices: [CRQO.EXE] C:\WINDOWS\SYSTEM\CRQO.EXE
O4 - HKLM\..\RunServices: [NTIU32.EXE] C:\WINDOWS\SYSTEM\NTIU32.EXE
O4 - HKLM\..\RunServices: [WINBU.EXE] C:\WINDOWS\SYSTEM\WINBU.EXE
O4 - HKLM\..\RunServices: [SYSLO.EXE] C:\WINDOWS\SYSLO.EXE
O4 - HKLM\..\RunServices: [IPEW32.EXE] C:\WINDOWS\IPEW32.EXE
O4 - HKLM\..\RunServices: [WINTM32.EXE] C:\WINDOWS\SYSTEM\WINTM32.EXE
O4 - HKLM\..\RunServices: [IEZP32.EXE] C:\WINDOWS\SYSTEM\IEZP32.EXE
O4 - HKLM\..\RunServices: [SYSPO32.EXE] C:\WINDOWS\SYSPO32.EXE
O4 - HKLM\..\RunServices: [WINPE32.EXE] C:\WINDOWS\SYSTEM\WINPE32.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series 9x\Bin\HPOstr05.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 27 July 2004 - 11:00 AM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button
O4 - HKLM\..\RunServices: [IPCV32.EXE] C:\WINDOWS\SYSTEM\IPCV32.EXE
O4 - HKLM\..\RunServices: [D3ZX32.EXE] C:\WINDOWS\D3ZX32.EXE
O4 - HKLM\..\RunServices: [APPCG32.EXE] C:\WINDOWS\SYSTEM\APPCG32.EXE
O4 - HKLM\..\RunServices: [JAVAXF32.EXE] C:\WINDOWS\JAVAXF32.EXE
O4 - HKLM\..\RunServices: [IECH32.EXE] C:\WINDOWS\SYSTEM\IECH32.EXE
O4 - HKLM\..\RunServices: [WINBS.EXE] C:\WINDOWS\SYSTEM\WINBS.EXE
O4 - HKLM\..\RunServices: [SDKTE.EXE] C:\WINDOWS\SYSTEM\SDKTE.EXE
O4 - HKLM\..\RunServices: [ADDOO.EXE] C:\WINDOWS\ADDOO.EXE
O4 - HKLM\..\RunServices: [MSDH.EXE] C:\WINDOWS\MSDH.EXE
O4 - HKLM\..\RunServices: [IPMD32.EXE] C:\WINDOWS\SYSTEM\IPMD32.EXE
O4 - HKLM\..\RunServices: [ATLVP32.EXE] C:\WINDOWS\ATLVP32.EXE
O4 - HKLM\..\RunServices: [WINAU32.EXE] C:\WINDOWS\SYSTEM\WINAU32.EXE
O4 - HKLM\..\RunServices: [APPOZ32.EXE] C:\WINDOWS\SYSTEM\APPOZ32.EXE
O4 - HKLM\..\RunServices: [APICF.EXE] C:\WINDOWS\SYSTEM\APICF.EXE
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\NTMA32.EXE
O4 - HKLM\..\RunServices: [APICM.EXE] C:\WINDOWS\APICM.EXE
O4 - HKLM\..\RunServices: [D3OE.EXE] C:\WINDOWS\D3OE.EXE
O4 - HKLM\..\RunServices: [CRQO.EXE] C:\WINDOWS\SYSTEM\CRQO.EXE
O4 - HKLM\..\RunServices: [NTIU32.EXE] C:\WINDOWS\SYSTEM\NTIU32.EXE
O4 - HKLM\..\RunServices: [WINBU.EXE] C:\WINDOWS\SYSTEM\WINBU.EXE
O4 - HKLM\..\RunServices: [SYSLO.EXE] C:\WINDOWS\SYSLO.EXE
O4 - HKLM\..\RunServices: [IPEW32.EXE] C:\WINDOWS\IPEW32.EXE
O4 - HKLM\..\RunServices: [WINTM32.EXE] C:\WINDOWS\SYSTEM\WINTM32.EXE
O4 - HKLM\..\RunServices: [IEZP32.EXE] C:\WINDOWS\SYSTEM\IEZP32.EXE
O4 - HKLM\..\RunServices: [SYSPO32.EXE] C:\WINDOWS\SYSPO32.EXE
O4 - HKLM\..\RunServices: [WINPE32.EXE] C:\WINDOWS\SYSTEM\WINPE32.EXE

Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)
C:\WINDOWS\SYSTEM\IPCV32.EXE
C:\WINDOWS\D3ZX32.EXE
C:\WINDOWS\SYSTEM\APPCG32.EXE
C:\WINDOWS\JAVAXF32.EXE
C:\WINDOWS\SYSTEM\IECH32.EXE
C:\WINDOWS\SYSTEM\WINBS.EXE
C:\WINDOWS\SYSTEM\SDKTE.EXE
C:\WINDOWS\ADDOO.EXE
C:\WINDOWS\MSDH.EXE
C:\WINDOWS\SYSTEM\IPMD32.EXE
C:\WINDOWS\ATLVP32.EXE
C:\WINDOWS\SYSTEM\WINAU32.EXE
C:\WINDOWS\SYSTEM\APPOZ32.EXE
C:\WINDOWS\SYSTEM\APICF.EXE
C:\WINDOWS\NTMA32.EXE
C:\WINDOWS\APICM.EXE
C:\WINDOWS\D3OE.EXE
C:\WINDOWS\SYSTEM\CRQO.EXE
C:\WINDOWS\SYSTEM\NTIU32.EXE
C:\WINDOWS\SYSTEM\WINBU.EXE
C:\WINDOWS\SYSLO.EXE
C:\WINDOWS\IPEW32.EXE
C:\WINDOWS\SYSTEM\WINTM32.EXE
C:\WINDOWS\SYSTEM\IEZP32.EXE
C:\WINDOWS\SYSPO32.EXE
C:\WINDOWS\SYSTEM\WINPE32.EXE

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and do the following:

Please run two online virus scans:

http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/

Then let us know if its working better and what the scans found.

Also post a new log after




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users