Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help diagnose


  • Please log in to reply
2 replies to this topic

#1 jerusc

jerusc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 24 July 2005 - 12:52 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:29:59 AM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINNT\mswp32.exe
C:\WINNT\system32\addro32.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0119F278-475B-E5B8-00B6-C88D1EE40346} - C:\WINNT\addgr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13D03435-6260-9ABB-A8F6-8C7E46014657} - C:\WINNT\system32\mfcxm32.dll (file missing)
O2 - BHO: Class - {1BCBA8DE-0A5A-1B10-5D83-D3AEC6AA0794} - C:\WINNT\d3pm.dll (file missing)
O2 - BHO: Class - {2CAF4819-A2F6-9E2A-AC12-79565676295C} - C:\WINNT\msdw32.dll (file missing)
O2 - BHO: Class - {308767C1-0CC5-318E-0AA5-010D9AB8E630} - C:\WINNT\system32\addhp32.dll (file missing)
O2 - BHO: Class - {33593731-DC80-738B-124F-F9FDF82575B9} - C:\WINNT\system32\netda32.dll (file missing)
O2 - BHO: Class - {38F6C66F-363B-35B7-F201-3A078214CB3D} - C:\WINNT\system32\apinb32.dll (file missing)
O2 - BHO: Class - {436CD1D0-61D3-3AF7-7397-B3F226EE681C} - C:\WINNT\d3kg32.dll (file missing)
O2 - BHO: Class - {4F3ADCBC-BF9A-F483-A3DC-B820F8EDE214} - C:\WINNT\system32\addkc32.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {618DCBEF-21D1-F9E6-8C88-DCAD96DF68F4} - C:\WINNT\system32\addil32.dll (file missing)
O2 - BHO: Class - {6699D233-05E7-206F-1C46-788E62709125} - C:\WINNT\system32\ntgf.dll (file missing)
O2 - BHO: Class - {67ADFA69-2840-52FA-C690-C237682F8F6C} - C:\WINNT\system32\crkd.dll (file missing)
O2 - BHO: Class - {7B62AEE7-0F9B-D84E-F4CD-DCD1C8EA9621} - C:\WINNT\system32\javang.dll (file missing)
O2 - BHO: Class - {7CDCBD83-13F1-B8F1-6294-E0876254D4BF} - C:\WINNT\system32\javafd.dll (file missing)
O2 - BHO: Class - {8930AC7D-2910-06F4-2838-4227AEBB02D6} - C:\WINNT\system32\addms32.dll (file missing)
O2 - BHO: Class - {8DC59F8A-A38C-4AEC-B374-2EFF71DA12CC} - C:\WINNT\netio.dll (file missing)
O2 - BHO: Class - {98210E12-9AC5-10D5-A5B6-061994FBA819} - C:\WINNT\addjm32.dll (file missing)
O2 - BHO: Class - {9F8ED733-B034-6BF4-B4FA-698515674C65} - C:\WINNT\system32\addiq32.dll (file missing)
O2 - BHO: Class - {9FBCC241-DBEC-FD55-1F55-5F52A66E18F3} - C:\WINNT\wincj32.dll (file missing)
O2 - BHO: Class - {A3DBF831-6F3D-E180-E29F-6EAD18EE9403} - C:\WINNT\system32\ntlt32.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Class - {B33BB0D4-7D71-460F-D1DC-1855B4817340} - C:\WINNT\javajr.dll (file missing)
O2 - BHO: Class - {D4CEAE5B-2A69-4AA5-CFC7-D52036D3AEC2} - C:\WINNT\system32\sdkac32.dll (file missing)
O2 - BHO: Class - {EB8249B2-2FD4-8515-292E-072148194C8B} - C:\WINNT\sdkyy.dll (file missing)
O2 - BHO: Class - {EF287315-4D6D-CEBA-3A14-D24D30D992A7} - C:\WINNT\mfcpn32.dll (file missing)
O2 - BHO: Class - {F02CEC44-3E70-66D6-7590-7D7624EE91C3} - C:\WINNT\d3va.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [d3zz.exe] C:\WINNT\system32\d3zz.exe
O4 - HKLM\..\Run: [atlby32.exe] C:\WINNT\atlby32.exe
O4 - HKLM\..\Run: [addro32.exe] C:\WINNT\system32\addro32.exe
O4 - HKLM\..\RunOnce: [crou32.exe] C:\WINNT\system32\crou32.exe
O4 - HKLM\..\RunOnce: [mfcpi32.exe] C:\WINNT\mfcpi32.exe
O4 - HKLM\..\RunOnce: [d3el.exe] C:\WINNT\d3el.exe
O4 - HKLM\..\RunOnce: [atlwr.exe] C:\WINNT\atlwr.exe
O4 - HKLM\..\RunOnce: [ipvm32.exe] C:\WINNT\ipvm32.exe
O4 - HKLM\..\RunOnce: [apied.exe] C:\WINNT\system32\apied.exe
O4 - HKLM\..\RunOnce: [javadq32.exe] C:\WINNT\system32\javadq32.exe
O4 - HKLM\..\RunOnce: [atlot.exe] C:\WINNT\system32\atlot.exe
O4 - HKLM\..\RunOnce: [ipii.exe] C:\WINNT\ipii.exe
O4 - HKLM\..\RunOnce: [appeb32.exe] C:\WINNT\appeb32.exe
O4 - HKLM\..\RunOnce: [apiui.exe] C:\WINNT\apiui.exe
O4 - HKLM\..\RunOnce: [sdkym32.exe] C:\WINNT\system32\sdkym32.exe
O4 - HKLM\..\RunOnce: [winzn.exe] C:\WINNT\winzn.exe
O4 - HKLM\..\RunOnce: [addnr.exe] C:\WINNT\addnr.exe
O4 - HKLM\..\RunOnce: [javavx.exe] C:\WINNT\system32\javavx.exe
O4 - HKLM\..\RunOnce: [addve.exe] C:\WINNT\system32\addve.exe
O4 - HKLM\..\RunOnce: [sdkdk.exe] C:\WINNT\sdkdk.exe
O4 - HKLM\..\RunOnce: [iend.exe] C:\WINNT\iend.exe
O4 - HKLM\..\RunOnce: [ipel32.exe] C:\WINNT\ipel32.exe
O4 - HKLM\..\RunOnce: [ieta32.exe] C:\WINNT\ieta32.exe
O4 - HKLM\..\RunOnce: [sdksn.exe] C:\WINNT\sdksn.exe
O4 - HKLM\..\RunOnce: [apiff.exe] C:\WINNT\apiff.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINNT\javaeb32.exe
O4 - HKLM\..\RunOnce: [javabd.exe] C:\WINNT\system32\javabd.exe
O4 - HKLM\..\RunOnce: [winqt32.exe] C:\WINNT\winqt32.exe
O4 - HKLM\..\RunOnce: [atlha32.exe] C:\WINNT\atlha32.exe
O4 - HKLM\..\RunOnce: [sysfn.exe] C:\WINNT\system32\sysfn.exe
O4 - HKLM\..\RunOnce: [ipqv32.exe] C:\WINNT\ipqv32.exe
O4 - HKLM\..\RunOnce: [ntlm32.exe] C:\WINNT\ntlm32.exe
O4 - HKLM\..\RunOnce: [mfcka32.exe] C:\WINNT\system32\mfcka32.exe
O4 - HKLM\..\RunOnce: [sdkif32.exe] C:\WINNT\system32\sdkif32.exe
O4 - HKLM\..\RunOnce: [atlnb32.exe] C:\WINNT\system32\atlnb32.exe
O4 - HKLM\..\RunOnce: [javacj32.exe] C:\WINNT\system32\javacj32.exe
O4 - HKLM\..\RunOnce: [sdkqg32.exe] C:\WINNT\sdkqg32.exe
O4 - HKLM\..\RunOnce: [mfcvk32.exe] C:\WINNT\mfcvk32.exe
O4 - HKLM\..\RunOnce: [apptf32.exe] C:\WINNT\apptf32.exe
O4 - HKLM\..\RunOnce: [sdknq32.exe] C:\WINNT\system32\sdknq32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINNT\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [sysxx.exe] C:\WINNT\sysxx.exe
O4 - HKLM\..\RunOnce: [javawn32.exe] C:\WINNT\system32\javawn32.exe
O4 - HKLM\..\RunOnce: [netuu.exe] C:\WINNT\netuu.exe
O4 - HKLM\..\RunOnce: [wintk32.exe] C:\WINNT\wintk32.exe
O4 - HKLM\..\RunOnce: [d3jz32.exe] C:\WINNT\system32\d3jz32.exe
O4 - HKLM\..\RunOnce: [ntvi32.exe] C:\WINNT\ntvi32.exe
O4 - HKLM\..\RunOnce: [d3cm32.exe] C:\WINNT\d3cm32.exe
O4 - HKLM\..\RunOnce: [nethq32.exe] C:\WINNT\system32\nethq32.exe
O4 - HKLM\..\RunOnce: [d3cc32.exe] C:\WINNT\d3cc32.exe
O4 - HKLM\..\RunOnce: [mseg32.exe] C:\WINNT\system32\mseg32.exe
O4 - HKLM\..\RunOnce: [ipki32.exe] C:\WINNT\ipki32.exe
O4 - HKLM\..\RunOnce: [ntet.exe] C:\WINNT\ntet.exe
O4 - HKLM\..\RunOnce: [iefo32.exe] C:\WINNT\iefo32.exe
O4 - HKLM\..\RunOnce: [appob.exe] C:\WINNT\system32\appob.exe
O4 - HKLM\..\RunOnce: [sysei.exe] C:\WINNT\system32\sysei.exe
O4 - HKLM\..\RunOnce: [appjk.exe] C:\WINNT\appjk.exe
O4 - HKLM\..\RunOnce: [sysnw.exe] C:\WINNT\sysnw.exe
O4 - HKLM\..\RunOnce: [atlah32.exe] C:\WINNT\system32\atlah32.exe
O4 - HKLM\..\RunOnce: [javaod32.exe] C:\WINNT\system32\javaod32.exe
O4 - HKLM\..\RunOnce: [appod.exe] C:\WINNT\appod.exe
O4 - HKLM\..\RunOnce: [sdksd32.exe] C:\WINNT\system32\sdksd32.exe
O4 - HKLM\..\RunOnce: [sdkvd.exe] C:\WINNT\system32\sdkvd.exe
O4 - HKLM\..\RunOnce: [mfcus32.exe] C:\WINNT\system32\mfcus32.exe
O4 - HKLM\..\RunOnce: [syssi32.exe] C:\WINNT\syssi32.exe
O4 - HKLM\..\RunOnce: [winsq.exe] C:\WINNT\winsq.exe
O4 - HKLM\..\RunOnce: [ipvz32.exe] C:\WINNT\system32\ipvz32.exe
O4 - HKLM\..\RunOnce: [ntvp.exe] C:\WINNT\system32\ntvp.exe
O4 - HKLM\..\RunOnce: [neteq.exe] C:\WINNT\neteq.exe
O4 - HKLM\..\RunOnce: [ieux32.exe] C:\WINNT\ieux32.exe
O4 - HKLM\..\RunOnce: [javaor32.exe] C:\WINNT\system32\javaor32.exe
O4 - HKLM\..\RunOnce: [msqw32.exe] C:\WINNT\system32\msqw32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINNT\system32\appyj32.exe
O4 - HKLM\..\RunOnce: [mswp32.exe] C:\WINNT\mswp32.exe
O4 - HKLM\..\RunOnce: [apinh.exe] C:\WINNT\apinh.exe
O4 - HKLM\..\RunOnce: [sysaj32.exe] C:\WINNT\system32\sysaj32.exe
O4 - HKLM\..\RunOnce: [crzx32.exe] C:\WINNT\crzx32.exe
O4 - HKLM\..\RunOnce: [d3tw.exe] C:\WINNT\system32\d3tw.exe
O4 - HKLM\..\RunOnce: [nethq.exe] C:\WINNT\nethq.exe
O4 - HKLM\..\RunOnce: [applc32.exe] C:\WINNT\applc32.exe
O4 - HKLM\..\RunOnce: [msqx32.exe] C:\WINNT\msqx32.exe
O4 - HKLM\..\RunOnce: [iebs.exe] C:\WINNT\system32\iebs.exe
O4 - HKLM\..\RunOnce: [atloc.exe] C:\WINNT\system32\atloc.exe
O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINNT\d3tg32.exe
O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINNT\system32\ipya.exe
O4 - HKLM\..\RunOnce: [winik32.exe] C:\WINNT\winik32.exe
O4 - HKLM\..\RunOnce: [netfj32.exe] C:\WINNT\netfj32.exe
O4 - HKLM\..\RunOnce: [apimy32.exe] C:\WINNT\system32\apimy32.exe
O4 - HKLM\..\RunOnce: [sysra.exe] C:\WINNT\system32\sysra.exe
O4 - HKLM\..\RunOnce: [javaqq32.exe] C:\WINNT\system32\javaqq32.exe
O4 - HKLM\..\RunOnce: [sdkyt32.exe] C:\WINNT\system32\sdkyt32.exe
O4 - HKLM\..\RunOnce: [mfcsf32.exe] C:\WINNT\system32\mfcsf32.exe
O4 - HKLM\..\RunOnce: [ipgi.exe] C:\WINNT\ipgi.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG Crafts\AGremind.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes11072.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes11072.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Rudolph Brantley\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121492506878
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINNT\msxml4.cab
O16 - DPF: {97BD39CC-7168-4C60-9E1A-A4A6059FEA26} (Pj10enuC Class) - https://projectcentral.csd.sc.edu/ProjectSe...033/pjcintl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{577D1142-ACBF-42CA-B0EB-102CBEA783B3}: NameServer = 204.127.129.3 12.102.244.1
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

BC AdBot (Login to Remove)

 


#2 jerusc

jerusc
  • Topic Starter

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 24 July 2005 - 11:28 PM

Any help will be appreciated, thanks

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:36 AM

Posted 25 July 2005 - 10:50 AM

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/

Once the updates are installed close the Ewido program.

Reboot your computer into Safe Mode

Once in safe mode, start Ewido and do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report.txt file to your desktop.
Now close ewido security suite.

Reboot back to normal mode, open report.txt and post it as a reply to this post along with a new hijackthis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users