Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HijackThis Log: Please help diagnose

  • Please log in to reply
2 replies to this topic

#1 jerusc


  • Members
  • 1 posts
  • Local time:03:36 AM

Posted 24 July 2005 - 12:52 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:29:59 AM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ajbfh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0119F278-475B-E5B8-00B6-C88D1EE40346} - C:\WINNT\addgr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13D03435-6260-9ABB-A8F6-8C7E46014657} - C:\WINNT\system32\mfcxm32.dll (file missing)
O2 - BHO: Class - {1BCBA8DE-0A5A-1B10-5D83-D3AEC6AA0794} - C:\WINNT\d3pm.dll (file missing)
O2 - BHO: Class - {2CAF4819-A2F6-9E2A-AC12-79565676295C} - C:\WINNT\msdw32.dll (file missing)
O2 - BHO: Class - {308767C1-0CC5-318E-0AA5-010D9AB8E630} - C:\WINNT\system32\addhp32.dll (file missing)
O2 - BHO: Class - {33593731-DC80-738B-124F-F9FDF82575B9} - C:\WINNT\system32\netda32.dll (file missing)
O2 - BHO: Class - {38F6C66F-363B-35B7-F201-3A078214CB3D} - C:\WINNT\system32\apinb32.dll (file missing)
O2 - BHO: Class - {436CD1D0-61D3-3AF7-7397-B3F226EE681C} - C:\WINNT\d3kg32.dll (file missing)
O2 - BHO: Class - {4F3ADCBC-BF9A-F483-A3DC-B820F8EDE214} - C:\WINNT\system32\addkc32.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {618DCBEF-21D1-F9E6-8C88-DCAD96DF68F4} - C:\WINNT\system32\addil32.dll (file missing)
O2 - BHO: Class - {6699D233-05E7-206F-1C46-788E62709125} - C:\WINNT\system32\ntgf.dll (file missing)
O2 - BHO: Class - {67ADFA69-2840-52FA-C690-C237682F8F6C} - C:\WINNT\system32\crkd.dll (file missing)
O2 - BHO: Class - {7B62AEE7-0F9B-D84E-F4CD-DCD1C8EA9621} - C:\WINNT\system32\javang.dll (file missing)
O2 - BHO: Class - {7CDCBD83-13F1-B8F1-6294-E0876254D4BF} - C:\WINNT\system32\javafd.dll (file missing)
O2 - BHO: Class - {8930AC7D-2910-06F4-2838-4227AEBB02D6} - C:\WINNT\system32\addms32.dll (file missing)
O2 - BHO: Class - {8DC59F8A-A38C-4AEC-B374-2EFF71DA12CC} - C:\WINNT\netio.dll (file missing)
O2 - BHO: Class - {98210E12-9AC5-10D5-A5B6-061994FBA819} - C:\WINNT\addjm32.dll (file missing)
O2 - BHO: Class - {9F8ED733-B034-6BF4-B4FA-698515674C65} - C:\WINNT\system32\addiq32.dll (file missing)
O2 - BHO: Class - {9FBCC241-DBEC-FD55-1F55-5F52A66E18F3} - C:\WINNT\wincj32.dll (file missing)
O2 - BHO: Class - {A3DBF831-6F3D-E180-E29F-6EAD18EE9403} - C:\WINNT\system32\ntlt32.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Class - {B33BB0D4-7D71-460F-D1DC-1855B4817340} - C:\WINNT\javajr.dll (file missing)
O2 - BHO: Class - {D4CEAE5B-2A69-4AA5-CFC7-D52036D3AEC2} - C:\WINNT\system32\sdkac32.dll (file missing)
O2 - BHO: Class - {EB8249B2-2FD4-8515-292E-072148194C8B} - C:\WINNT\sdkyy.dll (file missing)
O2 - BHO: Class - {EF287315-4D6D-CEBA-3A14-D24D30D992A7} - C:\WINNT\mfcpn32.dll (file missing)
O2 - BHO: Class - {F02CEC44-3E70-66D6-7590-7D7624EE91C3} - C:\WINNT\d3va.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [d3zz.exe] C:\WINNT\system32\d3zz.exe
O4 - HKLM\..\Run: [atlby32.exe] C:\WINNT\atlby32.exe
O4 - HKLM\..\Run: [addro32.exe] C:\WINNT\system32\addro32.exe
O4 - HKLM\..\RunOnce: [crou32.exe] C:\WINNT\system32\crou32.exe
O4 - HKLM\..\RunOnce: [mfcpi32.exe] C:\WINNT\mfcpi32.exe
O4 - HKLM\..\RunOnce: [d3el.exe] C:\WINNT\d3el.exe
O4 - HKLM\..\RunOnce: [atlwr.exe] C:\WINNT\atlwr.exe
O4 - HKLM\..\RunOnce: [ipvm32.exe] C:\WINNT\ipvm32.exe
O4 - HKLM\..\RunOnce: [apied.exe] C:\WINNT\system32\apied.exe
O4 - HKLM\..\RunOnce: [javadq32.exe] C:\WINNT\system32\javadq32.exe
O4 - HKLM\..\RunOnce: [atlot.exe] C:\WINNT\system32\atlot.exe
O4 - HKLM\..\RunOnce: [ipii.exe] C:\WINNT\ipii.exe
O4 - HKLM\..\RunOnce: [appeb32.exe] C:\WINNT\appeb32.exe
O4 - HKLM\..\RunOnce: [apiui.exe] C:\WINNT\apiui.exe
O4 - HKLM\..\RunOnce: [sdkym32.exe] C:\WINNT\system32\sdkym32.exe
O4 - HKLM\..\RunOnce: [winzn.exe] C:\WINNT\winzn.exe
O4 - HKLM\..\RunOnce: [addnr.exe] C:\WINNT\addnr.exe
O4 - HKLM\..\RunOnce: [javavx.exe] C:\WINNT\system32\javavx.exe
O4 - HKLM\..\RunOnce: [addve.exe] C:\WINNT\system32\addve.exe
O4 - HKLM\..\RunOnce: [sdkdk.exe] C:\WINNT\sdkdk.exe
O4 - HKLM\..\RunOnce: [iend.exe] C:\WINNT\iend.exe
O4 - HKLM\..\RunOnce: [ipel32.exe] C:\WINNT\ipel32.exe
O4 - HKLM\..\RunOnce: [ieta32.exe] C:\WINNT\ieta32.exe
O4 - HKLM\..\RunOnce: [sdksn.exe] C:\WINNT\sdksn.exe
O4 - HKLM\..\RunOnce: [apiff.exe] C:\WINNT\apiff.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINNT\javaeb32.exe
O4 - HKLM\..\RunOnce: [javabd.exe] C:\WINNT\system32\javabd.exe
O4 - HKLM\..\RunOnce: [winqt32.exe] C:\WINNT\winqt32.exe
O4 - HKLM\..\RunOnce: [atlha32.exe] C:\WINNT\atlha32.exe
O4 - HKLM\..\RunOnce: [sysfn.exe] C:\WINNT\system32\sysfn.exe
O4 - HKLM\..\RunOnce: [ipqv32.exe] C:\WINNT\ipqv32.exe
O4 - HKLM\..\RunOnce: [ntlm32.exe] C:\WINNT\ntlm32.exe
O4 - HKLM\..\RunOnce: [mfcka32.exe] C:\WINNT\system32\mfcka32.exe
O4 - HKLM\..\RunOnce: [sdkif32.exe] C:\WINNT\system32\sdkif32.exe
O4 - HKLM\..\RunOnce: [atlnb32.exe] C:\WINNT\system32\atlnb32.exe
O4 - HKLM\..\RunOnce: [javacj32.exe] C:\WINNT\system32\javacj32.exe
O4 - HKLM\..\RunOnce: [sdkqg32.exe] C:\WINNT\sdkqg32.exe
O4 - HKLM\..\RunOnce: [mfcvk32.exe] C:\WINNT\mfcvk32.exe
O4 - HKLM\..\RunOnce: [apptf32.exe] C:\WINNT\apptf32.exe
O4 - HKLM\..\RunOnce: [sdknq32.exe] C:\WINNT\system32\sdknq32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINNT\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [sysxx.exe] C:\WINNT\sysxx.exe
O4 - HKLM\..\RunOnce: [javawn32.exe] C:\WINNT\system32\javawn32.exe
O4 - HKLM\..\RunOnce: [netuu.exe] C:\WINNT\netuu.exe
O4 - HKLM\..\RunOnce: [wintk32.exe] C:\WINNT\wintk32.exe
O4 - HKLM\..\RunOnce: [d3jz32.exe] C:\WINNT\system32\d3jz32.exe
O4 - HKLM\..\RunOnce: [ntvi32.exe] C:\WINNT\ntvi32.exe
O4 - HKLM\..\RunOnce: [d3cm32.exe] C:\WINNT\d3cm32.exe
O4 - HKLM\..\RunOnce: [nethq32.exe] C:\WINNT\system32\nethq32.exe
O4 - HKLM\..\RunOnce: [d3cc32.exe] C:\WINNT\d3cc32.exe
O4 - HKLM\..\RunOnce: [mseg32.exe] C:\WINNT\system32\mseg32.exe
O4 - HKLM\..\RunOnce: [ipki32.exe] C:\WINNT\ipki32.exe
O4 - HKLM\..\RunOnce: [ntet.exe] C:\WINNT\ntet.exe
O4 - HKLM\..\RunOnce: [iefo32.exe] C:\WINNT\iefo32.exe
O4 - HKLM\..\RunOnce: [appob.exe] C:\WINNT\system32\appob.exe
O4 - HKLM\..\RunOnce: [sysei.exe] C:\WINNT\system32\sysei.exe
O4 - HKLM\..\RunOnce: [appjk.exe] C:\WINNT\appjk.exe
O4 - HKLM\..\RunOnce: [sysnw.exe] C:\WINNT\sysnw.exe
O4 - HKLM\..\RunOnce: [atlah32.exe] C:\WINNT\system32\atlah32.exe
O4 - HKLM\..\RunOnce: [javaod32.exe] C:\WINNT\system32\javaod32.exe
O4 - HKLM\..\RunOnce: [appod.exe] C:\WINNT\appod.exe
O4 - HKLM\..\RunOnce: [sdksd32.exe] C:\WINNT\system32\sdksd32.exe
O4 - HKLM\..\RunOnce: [sdkvd.exe] C:\WINNT\system32\sdkvd.exe
O4 - HKLM\..\RunOnce: [mfcus32.exe] C:\WINNT\system32\mfcus32.exe
O4 - HKLM\..\RunOnce: [syssi32.exe] C:\WINNT\syssi32.exe
O4 - HKLM\..\RunOnce: [winsq.exe] C:\WINNT\winsq.exe
O4 - HKLM\..\RunOnce: [ipvz32.exe] C:\WINNT\system32\ipvz32.exe
O4 - HKLM\..\RunOnce: [ntvp.exe] C:\WINNT\system32\ntvp.exe
O4 - HKLM\..\RunOnce: [neteq.exe] C:\WINNT\neteq.exe
O4 - HKLM\..\RunOnce: [ieux32.exe] C:\WINNT\ieux32.exe
O4 - HKLM\..\RunOnce: [javaor32.exe] C:\WINNT\system32\javaor32.exe
O4 - HKLM\..\RunOnce: [msqw32.exe] C:\WINNT\system32\msqw32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINNT\system32\appyj32.exe
O4 - HKLM\..\RunOnce: [mswp32.exe] C:\WINNT\mswp32.exe
O4 - HKLM\..\RunOnce: [apinh.exe] C:\WINNT\apinh.exe
O4 - HKLM\..\RunOnce: [sysaj32.exe] C:\WINNT\system32\sysaj32.exe
O4 - HKLM\..\RunOnce: [crzx32.exe] C:\WINNT\crzx32.exe
O4 - HKLM\..\RunOnce: [d3tw.exe] C:\WINNT\system32\d3tw.exe
O4 - HKLM\..\RunOnce: [nethq.exe] C:\WINNT\nethq.exe
O4 - HKLM\..\RunOnce: [applc32.exe] C:\WINNT\applc32.exe
O4 - HKLM\..\RunOnce: [msqx32.exe] C:\WINNT\msqx32.exe
O4 - HKLM\..\RunOnce: [iebs.exe] C:\WINNT\system32\iebs.exe
O4 - HKLM\..\RunOnce: [atloc.exe] C:\WINNT\system32\atloc.exe
O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINNT\d3tg32.exe
O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINNT\system32\ipya.exe
O4 - HKLM\..\RunOnce: [winik32.exe] C:\WINNT\winik32.exe
O4 - HKLM\..\RunOnce: [netfj32.exe] C:\WINNT\netfj32.exe
O4 - HKLM\..\RunOnce: [apimy32.exe] C:\WINNT\system32\apimy32.exe
O4 - HKLM\..\RunOnce: [sysra.exe] C:\WINNT\system32\sysra.exe
O4 - HKLM\..\RunOnce: [javaqq32.exe] C:\WINNT\system32\javaqq32.exe
O4 - HKLM\..\RunOnce: [sdkyt32.exe] C:\WINNT\system32\sdkyt32.exe
O4 - HKLM\..\RunOnce: [mfcsf32.exe] C:\WINNT\system32\mfcsf32.exe
O4 - HKLM\..\RunOnce: [ipgi.exe] C:\WINNT\ipgi.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG Crafts\AGremind.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes11072.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes11072.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Rudolph Brantley\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121492506878
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINNT\msxml4.cab
O16 - DPF: {97BD39CC-7168-4C60-9E1A-A4A6059FEA26} (Pj10enuC Class) - https://projectcentral.csd.sc.edu/ProjectSe...033/pjcintl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{577D1142-ACBF-42CA-B0EB-102CBEA783B3}: NameServer =
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

BC AdBot (Login to Remove)


#2 jerusc

  • Topic Starter

  • Members
  • 1 posts
  • Local time:03:36 AM

Posted 24 July 2005 - 11:28 PM

Any help will be appreciated, thanks

#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,640 posts
  • Gender:Male
  • Location:USA
  • Local time:04:36 AM

Posted 25 July 2005 - 10:50 AM

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.

Once the updates are installed close the Ewido program.

Reboot your computer into Safe Mode

Once in safe mode, start Ewido and do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report.txt file to your desktop.
Now close ewido security suite.

Reboot back to normal mode, open report.txt and post it as a reply to this post along with a new hijackthis log.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users