Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log-richzip


  • Please log in to reply
5 replies to this topic

#1 richzip

richzip

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 10 October 2005 - 09:50 AM

Hello, here is my HJT log. My computer has the problem where "about:blank" is set as the home page, and I can't change it. In addition, there are a couple of sites that always get added to my favorites--they are added back after I delete them from the favorites.

I have already run AdAware, Microsoft AntiSpyware, CW Shredder, and Spybot S&D. Spybot S&D found several (over 100) "CWW Cool Web Search" files, but could not delete them. (Something about the files being in use--but I ran the program in Safe Mode).

Any help you can give me would be appreciated. I am fairly knowledgable about computers, but haven't worked much with issues like this. Any detailed instructions on removing problems would also be appreciated. Thank you

Logfile of HijackThis v1.99.1
Scan saved at 7:46:00 AM, on 10/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\sdkob.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MiniMavis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\syslk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bfgeb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bfgeb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bfgeb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bfgeb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bfgeb.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bfgeb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - C:\WINDOWS\system32\sdkor32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {124FA683-824F-56B1-A647-959543371EAD} - C:\WINDOWS\sdkac.dll (file missing)
O2 - BHO: Class - {137FBD76-C94E-29D8-CB88-FB29E07E3C8E} - C:\WINDOWS\system32\craq32.dll (file missing)
O2 - BHO: Class - {1801F3E4-30B9-6127-58F8-3C65653A5167} - C:\WINDOWS\crbt.dll (file missing)
O2 - BHO: Class - {1F27E4E9-A37D-2E37-800C-C621F8F0E04D} - C:\WINDOWS\mfcza.dll (file missing)
O2 - BHO: Class - {229A699F-EDC6-7278-F8D2-335DEE8BA464} - C:\WINDOWS\system32\netwm.dll
O2 - BHO: Class - {277E5F3C-350E-D4AA-D732-FD7D04A3A0B7} - C:\WINDOWS\system32\addcj.dll (file missing)
O2 - BHO: Class - {2FF6767A-BCD1-C176-FEEA-A1B2B283DFE0} - C:\WINDOWS\system32\javahx.dll (file missing)
O2 - BHO: Class - {36B0A261-EA24-6BE5-6027-7FC4035DD69B} - C:\WINDOWS\sdkrz32.dll (file missing)
O2 - BHO: Class - {3ABB6571-5627-1F6D-12EC-627B4EB1C713} - C:\WINDOWS\adddo32.dll (file missing)
O2 - BHO: Class - {3C516757-3A0D-13BA-59B9-2F9DA13BB41E} - C:\WINDOWS\system32\netqt.dll (file missing)
O2 - BHO: Class - {40D569C1-F9AA-178A-455D-97CE4369C208} - C:\WINDOWS\sdkpw32.dll (file missing)
O2 - BHO: Class - {45932E37-6D54-6EDE-F0CD-8EDC86755B6A} - C:\WINDOWS\system32\ntqp32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} - C:\WINDOWS\d3mw32.dll (file missing)
O2 - BHO: Class - {820EE400-4068-7AC4-7934-F519A5AC7D69} - C:\WINDOWS\system32\sdkvg.dll (file missing)
O2 - BHO: Class - {90619904-53C7-45AF-F23E-403703516D19} - C:\WINDOWS\system32\mfcfx.dll (file missing)
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\javaco.dll (file missing)
O2 - BHO: Class - {936AA364-95C3-AB06-8422-C5C12E153660} - C:\WINDOWS\netvw.dll (file missing)
O2 - BHO: Class - {A3ADD21E-02D3-30AF-04FD-5138BFE2FBF9} - C:\WINDOWS\system32\systs32.dll (file missing)
O2 - BHO: Class - {ABDA69CA-252A-681A-53BE-11365742DA6D} - C:\WINDOWS\apixj32.dll (file missing)
O2 - BHO: Class - {ADEB754D-254F-7D77-7CB8-010E3738C8C6} - C:\WINDOWS\system32\sysoo.dll (file missing)
O2 - BHO: Class - {AF2EE742-5DA8-18C9-C2ED-E2A6A656CC6A} - C:\WINDOWS\ipdt32.dll (file missing)
O2 - BHO: Class - {B043489C-6BF0-01EB-E5BD-CE306F545707} - C:\WINDOWS\system32\ieim.dll (file missing)
O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - C:\WINDOWS\javayb32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C0C3A22C-1EB7-A108-F824-1678C8D550B4} - C:\WINDOWS\ipwc32.dll (file missing)
O2 - BHO: Class - {D3B84570-2079-8EDD-541C-21F6A4481CA3} - C:\WINDOWS\system32\ipas.dll (file missing)
O2 - BHO: Class - {D82EE588-4BCA-D64F-594D-C86A9AAE64BF} - C:\WINDOWS\apixr.dll (file missing)
O2 - BHO: Class - {D8F31A52-4A98-397B-48A7-1CA3B87C457E} - C:\WINDOWS\sdkbv32.dll (file missing)
O2 - BHO: Class - {D9B4EDA5-91D0-9FD3-9C3E-056224B01178} - C:\WINDOWS\system32\winxa32.dll (file missing)
O2 - BHO: Class - {DE16FD7C-EF33-8A48-686D-E9319A871319} - C:\WINDOWS\cror.dll (file missing)
O2 - BHO: Class - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - C:\WINDOWS\system32\appjt32.dll (file missing)
O2 - BHO: Class - {E35E5A14-8A25-1FDC-DF6F-49CB85079086} - C:\WINDOWS\mfcva.dll (file missing)
O2 - BHO: Class - {F252B597-9791-2380-904F-55CD7338EA24} - C:\WINDOWS\system32\iemr32.dll (file missing)
O2 - BHO: Class - {F8DD58A3-392C-9160-C63A-DEFE0C0B32CB} - C:\WINDOWS\winix32.dll (file missing)
O2 - BHO: Class - {FA1833EB-F0F0-A5E9-A669-2EDCD03477DB} - C:\WINDOWS\system32\sdksa.dll
O2 - BHO: Class - {FA78BCF6-1C11-1477-172D-2FA8B8257F0B} - C:\WINDOWS\system32\mscq.dll (file missing)
O2 - BHO: Class - {FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} - C:\WINDOWS\apidq.dll (file missing)
O2 - BHO: Class - {FFB2B347-F318-AD04-9CDF-925741BAA0FA} - C:\WINDOWS\ntpy.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [5s8X36h] gcuppp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sdkob.exe] C:\WINDOWS\system32\sdkob.exe
O4 - HKLM\..\Run: [ipfm32.exe] C:\WINDOWS\ipfm32.exe
O4 - HKLM\..\Run: [netgm32.exe] C:\WINDOWS\netgm32.exe
O4 - HKLM\..\Run: [javaah.exe] C:\WINDOWS\javaah.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KBr7RWN7i] gccclip.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\MiniMavis.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syslk.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 October 2005 - 04:38 AM

Hi richzip and Welcome to the Bleeping Computer!

If you are still requiring assistance with this HijackThis log,please post a fresh log and try to avoid restarting as it may change the filenames a bit!

#3 richzip

richzip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 October 2005 - 09:58 PM

CreteMonster suggested I post a fresh HJT log here, so here it is. In his reply, there were 3 links, but it looked like they were more informational articles about browser hijackers, and how to prevent them.

The probelm I'm having is that pesk "about: blank" page. I ran several spyware removal tools (CWShredder,AdAware, Microsoft, and Spybot). When I run spybot, it does find several CWW Cool Web Search files, but it says it is unable to remove them because the files are in use? However, I ran all the tools in safe mode.

As suggested by CreteMonster, I will not restart the computer; I will leave it turned on and disconnected from the internet.

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 7:53:54 PM, on 10/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\syslk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MiniMavis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\sdkob.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - C:\WINDOWS\system32\sdkor32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {093646C5-CDDB-2035-BD50-008A30E3EA96} - C:\WINDOWS\javafb32.dll
O2 - BHO: Class - {124FA683-824F-56B1-A647-959543371EAD} - C:\WINDOWS\sdkac.dll (file missing)
O2 - BHO: Class - {137FBD76-C94E-29D8-CB88-FB29E07E3C8E} - C:\WINDOWS\system32\craq32.dll (file missing)
O2 - BHO: Class - {1801F3E4-30B9-6127-58F8-3C65653A5167} - C:\WINDOWS\crbt.dll (file missing)
O2 - BHO: Class - {1F27E4E9-A37D-2E37-800C-C621F8F0E04D} - C:\WINDOWS\mfcza.dll (file missing)
O2 - BHO: Class - {229A699F-EDC6-7278-F8D2-335DEE8BA464} - C:\WINDOWS\system32\netwm.dll
O2 - BHO: Class - {277E5F3C-350E-D4AA-D732-FD7D04A3A0B7} - C:\WINDOWS\system32\addcj.dll (file missing)
O2 - BHO: Class - {2FF6767A-BCD1-C176-FEEA-A1B2B283DFE0} - C:\WINDOWS\system32\javahx.dll (file missing)
O2 - BHO: Class - {36B0A261-EA24-6BE5-6027-7FC4035DD69B} - C:\WINDOWS\sdkrz32.dll (file missing)
O2 - BHO: Class - {3ABB6571-5627-1F6D-12EC-627B4EB1C713} - C:\WINDOWS\adddo32.dll (file missing)
O2 - BHO: Class - {3C516757-3A0D-13BA-59B9-2F9DA13BB41E} - C:\WINDOWS\system32\netqt.dll (file missing)
O2 - BHO: Class - {40D569C1-F9AA-178A-455D-97CE4369C208} - C:\WINDOWS\sdkpw32.dll (file missing)
O2 - BHO: Class - {45932E37-6D54-6EDE-F0CD-8EDC86755B6A} - C:\WINDOWS\system32\ntqp32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} - C:\WINDOWS\d3mw32.dll (file missing)
O2 - BHO: Class - {820EE400-4068-7AC4-7934-F519A5AC7D69} - C:\WINDOWS\system32\sdkvg.dll (file missing)
O2 - BHO: Class - {85207839-3806-D845-DDE9-5ADD23506597} - C:\WINDOWS\apizz.dll
O2 - BHO: Class - {90619904-53C7-45AF-F23E-403703516D19} - C:\WINDOWS\system32\mfcfx.dll (file missing)
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\javaco.dll (file missing)
O2 - BHO: Class - {936AA364-95C3-AB06-8422-C5C12E153660} - C:\WINDOWS\netvw.dll (file missing)
O2 - BHO: Class - {A1651542-D287-13F8-EA3E-BBF8181F75DE} - C:\WINDOWS\system32\sdkxe32.dll
O2 - BHO: Class - {A3ADD21E-02D3-30AF-04FD-5138BFE2FBF9} - C:\WINDOWS\system32\systs32.dll (file missing)
O2 - BHO: Class - {ABDA69CA-252A-681A-53BE-11365742DA6D} - C:\WINDOWS\apixj32.dll (file missing)
O2 - BHO: Class - {ADEB754D-254F-7D77-7CB8-010E3738C8C6} - C:\WINDOWS\system32\sysoo.dll (file missing)
O2 - BHO: Class - {AF2EE742-5DA8-18C9-C2ED-E2A6A656CC6A} - C:\WINDOWS\ipdt32.dll (file missing)
O2 - BHO: Class - {B043489C-6BF0-01EB-E5BD-CE306F545707} - C:\WINDOWS\system32\ieim.dll (file missing)
O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - C:\WINDOWS\javayb32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C0C3A22C-1EB7-A108-F824-1678C8D550B4} - C:\WINDOWS\ipwc32.dll (file missing)
O2 - BHO: Class - {D3B84570-2079-8EDD-541C-21F6A4481CA3} - C:\WINDOWS\system32\ipas.dll (file missing)
O2 - BHO: Class - {D82EE588-4BCA-D64F-594D-C86A9AAE64BF} - C:\WINDOWS\apixr.dll (file missing)
O2 - BHO: Class - {D8F31A52-4A98-397B-48A7-1CA3B87C457E} - C:\WINDOWS\sdkbv32.dll (file missing)
O2 - BHO: Class - {D9B4EDA5-91D0-9FD3-9C3E-056224B01178} - C:\WINDOWS\system32\winxa32.dll (file missing)
O2 - BHO: Class - {DE16FD7C-EF33-8A48-686D-E9319A871319} - C:\WINDOWS\cror.dll (file missing)
O2 - BHO: Class - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - C:\WINDOWS\system32\appjt32.dll (file missing)
O2 - BHO: Class - {E35E5A14-8A25-1FDC-DF6F-49CB85079086} - C:\WINDOWS\mfcva.dll (file missing)
O2 - BHO: Class - {EFBBEF1A-21B6-994C-632E-201DE3EF2428} - C:\WINDOWS\system32\d3dt.dll
O2 - BHO: Class - {F252B597-9791-2380-904F-55CD7338EA24} - C:\WINDOWS\system32\iemr32.dll (file missing)
O2 - BHO: Class - {F8DD58A3-392C-9160-C63A-DEFE0C0B32CB} - C:\WINDOWS\winix32.dll (file missing)
O2 - BHO: Class - {FA1833EB-F0F0-A5E9-A669-2EDCD03477DB} - C:\WINDOWS\system32\sdksa.dll
O2 - BHO: Class - {FA78BCF6-1C11-1477-172D-2FA8B8257F0B} - C:\WINDOWS\system32\mscq.dll (file missing)
O2 - BHO: Class - {FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} - C:\WINDOWS\apidq.dll (file missing)
O2 - BHO: Class - {FFB2B347-F318-AD04-9CDF-925741BAA0FA} - C:\WINDOWS\ntpy.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [5s8X36h] gcuppp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sdkob.exe] C:\WINDOWS\system32\sdkob.exe
O4 - HKLM\..\Run: [ipfm32.exe] C:\WINDOWS\ipfm32.exe
O4 - HKLM\..\Run: [netgm32.exe] C:\WINDOWS\netgm32.exe
O4 - HKLM\..\Run: [javaah.exe] C:\WINDOWS\javaah.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KBr7RWN7i] gccclip.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\MiniMavis.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syslk.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 October 2005 - 04:45 AM

Sorry RichZip for all these delays,You will have my full attention for the duration of the weekend!

Post a fresh HijackThis log and lets get busy!

#5 richzip

richzip
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 15 October 2005 - 01:59 PM

Sorry RichZip for all these delays,You will have my full attention for the duration of the weekend!

Post a fresh HijackThis log and lets get busy!

Not a problem .. here it is:

Logfile of HijackThis v1.99.1
Scan saved at 11:58:49 AM, on 10/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\syslk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MiniMavis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sdkob.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - C:\WINDOWS\system32\sdkor32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {093646C5-CDDB-2035-BD50-008A30E3EA96} - C:\WINDOWS\javafb32.dll
O2 - BHO: Class - {124FA683-824F-56B1-A647-959543371EAD} - C:\WINDOWS\sdkac.dll (file missing)
O2 - BHO: Class - {137FBD76-C94E-29D8-CB88-FB29E07E3C8E} - C:\WINDOWS\system32\craq32.dll (file missing)
O2 - BHO: Class - {1801F3E4-30B9-6127-58F8-3C65653A5167} - C:\WINDOWS\crbt.dll (file missing)
O2 - BHO: Class - {1F27E4E9-A37D-2E37-800C-C621F8F0E04D} - C:\WINDOWS\mfcza.dll (file missing)
O2 - BHO: Class - {229A699F-EDC6-7278-F8D2-335DEE8BA464} - C:\WINDOWS\system32\netwm.dll
O2 - BHO: Class - {277E5F3C-350E-D4AA-D732-FD7D04A3A0B7} - C:\WINDOWS\system32\addcj.dll (file missing)
O2 - BHO: Class - {2FF6767A-BCD1-C176-FEEA-A1B2B283DFE0} - C:\WINDOWS\system32\javahx.dll (file missing)
O2 - BHO: Class - {36B0A261-EA24-6BE5-6027-7FC4035DD69B} - C:\WINDOWS\sdkrz32.dll (file missing)
O2 - BHO: Class - {3ABB6571-5627-1F6D-12EC-627B4EB1C713} - C:\WINDOWS\adddo32.dll (file missing)
O2 - BHO: Class - {3C516757-3A0D-13BA-59B9-2F9DA13BB41E} - C:\WINDOWS\system32\netqt.dll (file missing)
O2 - BHO: Class - {40D569C1-F9AA-178A-455D-97CE4369C208} - C:\WINDOWS\sdkpw32.dll (file missing)
O2 - BHO: Class - {45932E37-6D54-6EDE-F0CD-8EDC86755B6A} - C:\WINDOWS\system32\ntqp32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} - C:\WINDOWS\d3mw32.dll (file missing)
O2 - BHO: Class - {820EE400-4068-7AC4-7934-F519A5AC7D69} - C:\WINDOWS\system32\sdkvg.dll (file missing)
O2 - BHO: Class - {85207839-3806-D845-DDE9-5ADD23506597} - C:\WINDOWS\apizz.dll
O2 - BHO: Class - {90619904-53C7-45AF-F23E-403703516D19} - C:\WINDOWS\system32\mfcfx.dll (file missing)
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\javaco.dll (file missing)
O2 - BHO: Class - {936AA364-95C3-AB06-8422-C5C12E153660} - C:\WINDOWS\netvw.dll (file missing)
O2 - BHO: Class - {A1651542-D287-13F8-EA3E-BBF8181F75DE} - C:\WINDOWS\system32\sdkxe32.dll
O2 - BHO: Class - {A3ADD21E-02D3-30AF-04FD-5138BFE2FBF9} - C:\WINDOWS\system32\systs32.dll (file missing)
O2 - BHO: Class - {ABDA69CA-252A-681A-53BE-11365742DA6D} - C:\WINDOWS\apixj32.dll (file missing)
O2 - BHO: Class - {ADEB754D-254F-7D77-7CB8-010E3738C8C6} - C:\WINDOWS\system32\sysoo.dll (file missing)
O2 - BHO: Class - {AF2EE742-5DA8-18C9-C2ED-E2A6A656CC6A} - C:\WINDOWS\ipdt32.dll (file missing)
O2 - BHO: Class - {B043489C-6BF0-01EB-E5BD-CE306F545707} - C:\WINDOWS\system32\ieim.dll (file missing)
O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - C:\WINDOWS\javayb32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C0C3A22C-1EB7-A108-F824-1678C8D550B4} - C:\WINDOWS\ipwc32.dll (file missing)
O2 - BHO: Class - {D3B84570-2079-8EDD-541C-21F6A4481CA3} - C:\WINDOWS\system32\ipas.dll (file missing)
O2 - BHO: Class - {D82EE588-4BCA-D64F-594D-C86A9AAE64BF} - C:\WINDOWS\apixr.dll (file missing)
O2 - BHO: Class - {D8F31A52-4A98-397B-48A7-1CA3B87C457E} - C:\WINDOWS\sdkbv32.dll (file missing)
O2 - BHO: Class - {D9B4EDA5-91D0-9FD3-9C3E-056224B01178} - C:\WINDOWS\system32\winxa32.dll (file missing)
O2 - BHO: Class - {DE16FD7C-EF33-8A48-686D-E9319A871319} - C:\WINDOWS\cror.dll (file missing)
O2 - BHO: Class - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - C:\WINDOWS\system32\appjt32.dll (file missing)
O2 - BHO: Class - {E35E5A14-8A25-1FDC-DF6F-49CB85079086} - C:\WINDOWS\mfcva.dll (file missing)
O2 - BHO: Class - {EFBBEF1A-21B6-994C-632E-201DE3EF2428} - C:\WINDOWS\system32\d3dt.dll
O2 - BHO: Class - {F252B597-9791-2380-904F-55CD7338EA24} - C:\WINDOWS\system32\iemr32.dll (file missing)
O2 - BHO: Class - {F8DD58A3-392C-9160-C63A-DEFE0C0B32CB} - C:\WINDOWS\winix32.dll (file missing)
O2 - BHO: Class - {FA1833EB-F0F0-A5E9-A669-2EDCD03477DB} - C:\WINDOWS\system32\sdksa.dll
O2 - BHO: Class - {FA78BCF6-1C11-1477-172D-2FA8B8257F0B} - C:\WINDOWS\system32\mscq.dll (file missing)
O2 - BHO: Class - {FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} - C:\WINDOWS\apidq.dll (file missing)
O2 - BHO: Class - {FFB2B347-F318-AD04-9CDF-925741BAA0FA} - C:\WINDOWS\ntpy.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [5s8X36h] gcuppp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sdkob.exe] C:\WINDOWS\system32\sdkob.exe
O4 - HKLM\..\Run: [ipfm32.exe] C:\WINDOWS\ipfm32.exe
O4 - HKLM\..\Run: [netgm32.exe] C:\WINDOWS\netgm32.exe
O4 - HKLM\..\Run: [javaah.exe] C:\WINDOWS\javaah.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [syslk.exe] C:\WINDOWS\syslk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KBr7RWN7i] gccclip.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\MiniMavis.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syslk.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 October 2005 - 10:56 AM

Well,isnt this cute,when the board was upgraded,my email settings were set back to no email notification!


Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entry

Network Security Service

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Click Apply-> OK and Exit the Services Page!


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
After SpySweeper has finished,download the following but dont run them yet,just update AboutBuster

Download cwsserviceremove and unzip it to your desktop.
http://ralphcaddell.com/Uploads/cwsserviceremove.zip

ABout Buster
http://www.besttechie.net/forums/index.php?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode!

CleanUp!
http://downloads.stevengould.org/cleanup/CleanUp40.exe


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qtqvq.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - C:\WINDOWS\system32\sdkor32.dll (file missing)

O2 - BHO: Class - {093646C5-CDDB-2035-BD50-008A30E3EA96} - C:\WINDOWS\javafb32.dll

O2 - BHO: Class - {124FA683-824F-56B1-A647-959543371EAD} - C:\WINDOWS\sdkac.dll (file missing)

O2 - BHO: Class - {137FBD76-C94E-29D8-CB88-FB29E07E3C8E} - C:\WINDOWS\system32\craq32.dll (file missing)

O2 - BHO: Class - {1801F3E4-30B9-6127-58F8-3C65653A5167} - C:\WINDOWS\crbt.dll (file missing)

O2 - BHO: Class - {1F27E4E9-A37D-2E37-800C-C621F8F0E04D} - C:\WINDOWS\mfcza.dll (file missing)

O2 - BHO: Class - {229A699F-EDC6-7278-F8D2-335DEE8BA464} - C:\WINDOWS\system32\netwm.dll

O2 - BHO: Class - {277E5F3C-350E-D4AA-D732-FD7D04A3A0B7} - C:\WINDOWS\system32\addcj.dll (file missing)

O2 - BHO: Class - {2FF6767A-BCD1-C176-FEEA-A1B2B283DFE0} - C:\WINDOWS\system32\javahx.dll (file missing)

O2 - BHO: Class - {36B0A261-EA24-6BE5-6027-7FC4035DD69B} - C:\WINDOWS\sdkrz32.dll (file missing)

O2 - BHO: Class - {3ABB6571-5627-1F6D-12EC-627B4EB1C713} - C:\WINDOWS\adddo32.dll (file missing)

O2 - BHO: Class - {3C516757-3A0D-13BA-59B9-2F9DA13BB41E} - C:\WINDOWS\system32\netqt.dll (file missing)

O2 - BHO: Class - {40D569C1-F9AA-178A-455D-97CE4369C208} - C:\WINDOWS\sdkpw32.dll (file missing)

O2 - BHO: Class - {45932E37-6D54-6EDE-F0CD-8EDC86755B6A} - C:\WINDOWS\system32\ntqp32.dll

O2 - BHO: Class - {6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} - C:\WINDOWS\d3mw32.dll (file missing)

O2 - BHO: Class - {820EE400-4068-7AC4-7934-F519A5AC7D69} - C:\WINDOWS\system32\sdkvg.dll (file missing)

O2 - BHO: Class - {85207839-3806-D845-DDE9-5ADD23506597} - C:\WINDOWS\apizz.dll

O2 - BHO: Class - {90619904-53C7-45AF-F23E-403703516D19} - C:\WINDOWS\system32\mfcfx.dll (file missing)

O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\javaco.dll (file missing)

O2 - BHO: Class - {936AA364-95C3-AB06-8422-C5C12E153660} - C:\WINDOWS\netvw.dll (file missing)

O2 - BHO: Class - {A1651542-D287-13F8-EA3E-BBF8181F75DE} - C:\WINDOWS\system32\sdkxe32.dll

O2 - BHO: Class - {A3ADD21E-02D3-30AF-04FD-5138BFE2FBF9} - C:\WINDOWS\system32\systs32.dll (file missing)

O2 - BHO: Class - {ABDA69CA-252A-681A-53BE-11365742DA6D} - C:\WINDOWS\apixj32.dll (file missing)

O2 - BHO: Class - {ADEB754D-254F-7D77-7CB8-010E3738C8C6} - C:\WINDOWS\system32\sysoo.dll (file missing)

O2 - BHO: Class - {AF2EE742-5DA8-18C9-C2ED-E2A6A656CC6A} - C:\WINDOWS\ipdt32.dll (file missing)

O2 - BHO: Class - {B043489C-6BF0-01EB-E5BD-CE306F545707} - C:\WINDOWS\system32\ieim.dll (file missing)

O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - C:\WINDOWS\javayb32.dll

O2 - BHO: Class - {C0C3A22C-1EB7-A108-F824-1678C8D550B4} - C:\WINDOWS\ipwc32.dll (file missing)

O2 - BHO: Class - {D3B84570-2079-8EDD-541C-21F6A4481CA3} - C:\WINDOWS\system32\ipas.dll (file missing)

O2 - BHO: Class - {D82EE588-4BCA-D64F-594D-C86A9AAE64BF} - C:\WINDOWS\apixr.dll (file missing)

O2 - BHO: Class - {D8F31A52-4A98-397B-48A7-1CA3B87C457E} - C:\WINDOWS\sdkbv32.dll (file missing)

O2 - BHO: Class - {D9B4EDA5-91D0-9FD3-9C3E-056224B01178} - C:\WINDOWS\system32\winxa32.dll (file missing)

O2 - BHO: Class - {DE16FD7C-EF33-8A48-686D-E9319A871319} - C:\WINDOWS\cror.dll (file missing)

O2 - BHO: Class - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - C:\WINDOWS\system32\appjt32.dll (file missing)

O2 - BHO: Class - {E35E5A14-8A25-1FDC-DF6F-49CB85079086} - C:\WINDOWS\mfcva.dll (file missing)

O2 - BHO: Class - {EFBBEF1A-21B6-994C-632E-201DE3EF2428} - C:\WINDOWS\system32\d3dt.dll

O2 - BHO: Class - {F252B597-9791-2380-904F-55CD7338EA24} - C:\WINDOWS\system32\iemr32.dll (file missing)

O2 - BHO: Class - {F8DD58A3-392C-9160-C63A-DEFE0C0B32CB} - C:\WINDOWS\winix32.dll (file missing)

O2 - BHO: Class - {FA1833EB-F0F0-A5E9-A669-2EDCD03477DB} - C:\WINDOWS\system32\sdksa.dll

O2 - BHO: Class - {FA78BCF6-1C11-1477-172D-2FA8B8257F0B} - C:\WINDOWS\system32\mscq.dll (file missing)

O2 - BHO: Class - {FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} - C:\WINDOWS\apidq.dll (file missing)

O2 - BHO: Class - {FFB2B347-F318-AD04-9CDF-925741BAA0FA} - C:\WINDOWS\ntpy.dll (file missing)

O4 - HKLM\..\Run: [5s8X36h] gcuppp.exe

O4 - HKLM\..\Run: [sdkob.exe] C:\WINDOWS\system32\sdkob.exe

O4 - HKLM\..\Run: [ipfm32.exe] C:\WINDOWS\ipfm32.exe

O4 - HKLM\..\Run: [netgm32.exe] C:\WINDOWS\netgm32.exe

O4 - HKLM\..\Run: [javaah.exe] C:\WINDOWS\javaah.exe

O4 - HKLM\..\RunOnce: [syslk.exe] C:\WINDOWS\syslk.exe

O4 - HKCU\..\Run: [KBr7RWN7i] gccclip.exe

O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\syslk.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Run ABout Buster just as described in the link!

Please run it until you get these Results:

No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY



Double-click the cwsserviceremove.reg file you downloaded at the beginning.
Answer "Yes"when prompted to add the contents to the registry.


Run CleanUp!

Click on the "CleanUp!" Tab and let it remove all Temp files-> Click "Close" and Click "NO" to log off!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the report fromPanda!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users