Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bombarded By Spyware, Malware


  • This topic is locked This topic is locked
59 replies to this topic

#1 traumanurse

traumanurse

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 15 April 2006 - 12:10 AM

Have tried to remove spyware and malware by using Virobot antivirus, adaware, spybot, and panda repeatedly. Now can't open internet explorer.Am having to use AOL which freezes after a few minutes. After this started my Shield firewall was "disabled" and had errors and couldn't open. Also can't turn on Windows firewall. Have tried everything that I've read would help but getting worse. Your site said to do several things before posting log but as computer is barely functioning am afraid to not go ahead and post log while I still can. Antivirus and antispyware programs show that they are getting rid of a lot of this stuff but after reboot they come back. Help!


Logfile of HijackThis v1.99.1
Scan saved at 11:56:52 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\win32105-193118899.exe
C:\WINDOWS\sys011931188995-.exe
C:\WINDOWS\ms0688995-19311.exe
C:\WINDOWS\win3208995-1931188.exe
C:\WINDOWS\wmkjsbjA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ms05188995-1931.exe
C:\WINDOWS\ms041188995-193.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\sys11-1931188995.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\CheckS02.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 8.0a\waol.exe
C:\Program Files\America Online 8.0a\shellmon.exe
C:\Program Files\America Online 8.0a\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,wuhaltk.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpA4A2.tmp
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [ABB0B5B6B6B7B1B2] 454A4F5050514B.exe
O4 - HKLM\..\Run: [Setup94.exe] C:\WINDOWS\system32\Setup94.exe
O4 - HKLM\..\Run: [win32105-193118899] C:\WINDOWS\win32105-193118899.exe
O4 - HKLM\..\Run: [win32078995-193118] C:\WINDOWS\win32078995-193118.exe
O4 - HKLM\..\Run: [win320995-19311889] C:\WINDOWS\win320995-19311889.exe
O4 - HKLM\..\Run: [ms078995-193118] C:\WINDOWS\ms078995-193118.exe
O4 - HKLM\..\Run: [sys011931188995-] C:\WINDOWS\sys011931188995-.exe
O4 - HKLM\..\Run: [ms0688995-19311] C:\WINDOWS\ms0688995-19311.exe
O4 - HKLM\..\Run: [ms0331188995-19] C:\WINDOWS\ms0331188995-19.exe
O4 - HKLM\..\Run: [win3211-1931188995] C:\WINDOWS\win3211-1931188995.exe
O4 - HKLM\..\Run: [win3208995-1931188] C:\WINDOWS\win3208995-1931188.exe
O4 - HKLM\..\Run: [sys02931188995-1] C:\WINDOWS\sys02931188995-1.exe
O4 - HKLM\..\Run: [w0041b54.dll] RUNDLL32.EXE w0041b54.dll,I2 0000c6a100041b54
O4 - HKLM\..\Run: [wmkjsbjA] C:\WINDOWS\wmkjsbjA.exe
O4 - HKLM\..\Run: [w656c92a.dll] RUNDLL32.EXE w656c92a.dll,I2 0000c6a10656c92a
O4 - HKLM\..\Run: [ms05188995-1931] C:\WINDOWS\ms05188995-1931.exe
O4 - HKLM\..\Run: [ms041188995-193] C:\WINDOWS\ms041188995-193.exe
O4 - HKLM\..\Run: [w00416b1.dll] RUNDLL32.EXE w00416b1.dll,I2 0000c6a1000416b1
O4 - HKLM\..\Run: [w007f318.dll] RUNDLL32.EXE w007f318.dll,I2 0000c6a10007f318
O4 - HKLM\..\Run: [w08f4f51.dll] RUNDLL32.EXE w08f4f51.dll,I2 0000c6a1008f4f51
O4 - HKLM\..\Run: [sys11-1931188995] C:\WINDOWS\sys11-1931188995.exe
O4 - HKLM\..\Run: [sys0331188995-19] C:\WINDOWS\sys0331188995-19.exe
O4 - HKLM\..\Run: [w0030d20.dll] RUNDLL32.EXE w0030d20.dll,I2 0000c6a100030d20
O4 - HKLM\..\Run: [w00f5a3c.dll] RUNDLL32.EXE w00f5a3c.dll,I2 0000c6a1000f5a3c
O4 - HKLM\..\Run: [w021fa7c.dll] RUNDLL32.EXE w021fa7c.dll,I2 0000c6a10021fa7c
O4 - HKLM\..\Run: [w0017058.dll] RUNDLL32.EXE w0017058.dll,I2 0000c6a100017058
O4 - HKLM\..\Run: [w0031270.dll] RUNDLL32.EXE w0031270.dll,I2 0000c6a100031270
O4 - HKLM\..\Run: [w0029a32.dll] RUNDLL32.EXE w0029a32.dll,I2 0000c6a100029a32
O4 - HKLM\..\Run: [w0013e3c.dll] RUNDLL32.EXE w0013e3c.dll,I2 0000c6a100013e3c
O4 - HKLM\..\Run: [w0014a14.dll] RUNDLL32.EXE w0014a14.dll,I2 0000c6a100014a14
O4 - HKLM\..\Run: [w0046f21.dll] RUNDLL32.EXE w0046f21.dll,I2 0000c6a100046f21
O4 - HKLM\..\Run: [w001af46.dll] RUNDLL32.EXE w001af46.dll,I2 0000c6a10001af46
O4 - HKLM\..\Run: [w00149b6.dll] RUNDLL32.EXE w00149b6.dll,I2 0000c6a1000149b6
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [w003ff60.dll] RUNDLL32.EXE w003ff60.dll,I2 0000c6a10003ff60
O4 - HKLM\..\Run: [w00461b4.dll] RUNDLL32.EXE w00461b4.dll,I2 0000c6a1000461b4
O4 - HKLM\..\Run: [w00331bf.dll] RUNDLL32.EXE w00331bf.dll,I2 0000c6a1000331bf
O4 - HKLM\..\Run: [w00102aa.dll] RUNDLL32.EXE w00102aa.dll,I2 0000c6a1000102aa
O4 - HKLM\..\Run: [w00203bf.dll] RUNDLL32.EXE w00203bf.dll,I2 0000c6a1000203bf
O4 - HKLM\..\Run: [w0015d7c.dll] RUNDLL32.EXE w0015d7c.dll,I2 0000c6a100015d7c
O4 - HKLM\..\Run: [w0534031.dll] RUNDLL32.EXE w0534031.dll,I2 0000c6a100534031
O4 - HKLM\..\Run: [w058c9ac.dll] RUNDLL32.EXE w058c9ac.dll,I2 0000c6a10058c9ac
O4 - HKLM\..\Run: [w0010f2d.dll] RUNDLL32.EXE w0010f2d.dll,I2 0000c6a100010f2d
O4 - HKLM\..\Run: [w0010a1d.dll] RUNDLL32.EXE w0010a1d.dll,I2 0000c6a100010a1d
O4 - HKLM\..\Run: [w0013a35.dll] RUNDLL32.EXE w0013a35.dll,I2 0000c6a100013a35
O4 - HKLM\..\Run: [w002ce52.dll] RUNDLL32.EXE w002ce52.dll,I2 0000c6a10002ce52
O4 - HKLM\..\Run: [w003443e.dll] RUNDLL32.EXE w003443e.dll,I2 0000c6a10003443e
O4 - HKLM\..\Run: [w0010f3d.dll] RUNDLL32.EXE w0010f3d.dll,I2 0000c6a100010f3d
O4 - HKLM\..\Run: [w0e9d256.dll] RUNDLL32.EXE w0e9d256.dll,I2 0000c6a100e9d256
O4 - HKLM\..\Run: [w0f02b17.dll] RUNDLL32.EXE w0f02b17.dll,I2 0000c6a100f02b17
O4 - HKLM\..\Run: [w0f64cbc.dll] RUNDLL32.EXE w0f64cbc.dll,I2 0000c6a100f64cbc
O4 - HKLM\..\Run: [w002aadc.dll] RUNDLL32.EXE w002aadc.dll,I2 0000c6a10002aadc
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [w001be78.dll] RUNDLL32.EXE w001be78.dll,I2 0000c6a10001be78
O4 - HKLM\..\Run: [w0b62862.dll] RUNDLL32.EXE w0b62862.dll,I2 0000c6a100b62862
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [zofw] C:\Program Files\Common Files\zofw\zofwm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137252320593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137024856609
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC04D66-43A0-4F99-BD4E-7C8AE27C13AF}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:40 AM

Posted 15 April 2006 - 12:21 PM

Hello and welcome.. Lets get started. :thumbsup:

I hope you are able to finish this step.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download SmitfraudFix © S!Ri
Extract the content (a folder named SmitfraudFix) to your Desktop.

Do NOT do anything with it yet.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode
5) Choose your usual account.


==

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

==

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a fresh HijackThis log. :flowers:
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
Hi there, stranger!

#3 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 15 April 2006 - 09:07 PM

I followed the instructions. Here are the logs. Thanks for responding so quickly.

SmitFraudFix v2.31

Scan done at 20:44:15.20, Sat 04/15/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

Killing process


Deleting infected files

C:\WINDOWS\country.exe Deleted
C:\WINDOWS\gimmygames.dat Deleted
C:\WINDOWS\keyboard?.exe Deleted
C:\WINDOWS\kl1.exe Deleted
C:\WINDOWS\mousepad?.exe Deleted
C:\WINDOWS\newname?.exe Deleted
C:\WINDOWS\toolbar.exe Deleted
C:\WINDOWS\system32\dfrgsrv.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\interf.tlb Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\mssearchnet.exe Deleted
C:\WINDOWS\system32\ncompat.tlb Deleted
C:\WINDOWS\system32\nvctrl.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Documents and Settings\Owner\Favorites\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

End


Logfile of HijackThis v1.99.1
Scan saved at 9:03:01 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\win32105-193118899.exe
C:\WINDOWS\sys011931188995-.exe
C:\WINDOWS\ms0688995-19311.exe
C:\WINDOWS\win3208995-1931188.exe
C:\WINDOWS\wmkjsbjA.exe
C:\WINDOWS\ms05188995-1931.exe
C:\WINDOWS\ms041188995-193.exe
C:\WINDOWS\sys11-1931188995.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,wuhaltk.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [ABB0B5B6B6B7B1B2] 454A4F5050514B.exe
O4 - HKLM\..\Run: [Setup94.exe] C:\WINDOWS\system32\Setup94.exe
O4 - HKLM\..\Run: [win32105-193118899] C:\WINDOWS\win32105-193118899.exe
O4 - HKLM\..\Run: [win32078995-193118] C:\WINDOWS\win32078995-193118.exe
O4 - HKLM\..\Run: [win320995-19311889] C:\WINDOWS\win320995-19311889.exe
O4 - HKLM\..\Run: [ms078995-193118] C:\WINDOWS\ms078995-193118.exe
O4 - HKLM\..\Run: [sys011931188995-] C:\WINDOWS\sys011931188995-.exe
O4 - HKLM\..\Run: [ms0688995-19311] C:\WINDOWS\ms0688995-19311.exe
O4 - HKLM\..\Run: [ms0331188995-19] C:\WINDOWS\ms0331188995-19.exe
O4 - HKLM\..\Run: [win3211-1931188995] C:\WINDOWS\win3211-1931188995.exe
O4 - HKLM\..\Run: [win3208995-1931188] C:\WINDOWS\win3208995-1931188.exe
O4 - HKLM\..\Run: [sys02931188995-1] C:\WINDOWS\sys02931188995-1.exe
O4 - HKLM\..\Run: [w0041b54.dll] RUNDLL32.EXE w0041b54.dll,I2 0000c6a100041b54
O4 - HKLM\..\Run: [wmkjsbjA] C:\WINDOWS\wmkjsbjA.exe
O4 - HKLM\..\Run: [w656c92a.dll] RUNDLL32.EXE w656c92a.dll,I2 0000c6a10656c92a
O4 - HKLM\..\Run: [ms05188995-1931] C:\WINDOWS\ms05188995-1931.exe
O4 - HKLM\..\Run: [ms041188995-193] C:\WINDOWS\ms041188995-193.exe
O4 - HKLM\..\Run: [w00416b1.dll] RUNDLL32.EXE w00416b1.dll,I2 0000c6a1000416b1
O4 - HKLM\..\Run: [w007f318.dll] RUNDLL32.EXE w007f318.dll,I2 0000c6a10007f318
O4 - HKLM\..\Run: [w08f4f51.dll] RUNDLL32.EXE w08f4f51.dll,I2 0000c6a1008f4f51
O4 - HKLM\..\Run: [sys11-1931188995] C:\WINDOWS\sys11-1931188995.exe
O4 - HKLM\..\Run: [sys0331188995-19] C:\WINDOWS\sys0331188995-19.exe
O4 - HKLM\..\Run: [w0030d20.dll] RUNDLL32.EXE w0030d20.dll,I2 0000c6a100030d20
O4 - HKLM\..\Run: [w00f5a3c.dll] RUNDLL32.EXE w00f5a3c.dll,I2 0000c6a1000f5a3c
O4 - HKLM\..\Run: [w021fa7c.dll] RUNDLL32.EXE w021fa7c.dll,I2 0000c6a10021fa7c
O4 - HKLM\..\Run: [w0017058.dll] RUNDLL32.EXE w0017058.dll,I2 0000c6a100017058
O4 - HKLM\..\Run: [w0031270.dll] RUNDLL32.EXE w0031270.dll,I2 0000c6a100031270
O4 - HKLM\..\Run: [w0029a32.dll] RUNDLL32.EXE w0029a32.dll,I2 0000c6a100029a32
O4 - HKLM\..\Run: [w0013e3c.dll] RUNDLL32.EXE w0013e3c.dll,I2 0000c6a100013e3c
O4 - HKLM\..\Run: [w0014a14.dll] RUNDLL32.EXE w0014a14.dll,I2 0000c6a100014a14
O4 - HKLM\..\Run: [w0046f21.dll] RUNDLL32.EXE w0046f21.dll,I2 0000c6a100046f21
O4 - HKLM\..\Run: [w001af46.dll] RUNDLL32.EXE w001af46.dll,I2 0000c6a10001af46
O4 - HKLM\..\Run: [w00149b6.dll] RUNDLL32.EXE w00149b6.dll,I2 0000c6a1000149b6
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [w003ff60.dll] RUNDLL32.EXE w003ff60.dll,I2 0000c6a10003ff60
O4 - HKLM\..\Run: [w00461b4.dll] RUNDLL32.EXE w00461b4.dll,I2 0000c6a1000461b4
O4 - HKLM\..\Run: [w00331bf.dll] RUNDLL32.EXE w00331bf.dll,I2 0000c6a1000331bf
O4 - HKLM\..\Run: [w00102aa.dll] RUNDLL32.EXE w00102aa.dll,I2 0000c6a1000102aa
O4 - HKLM\..\Run: [w00203bf.dll] RUNDLL32.EXE w00203bf.dll,I2 0000c6a1000203bf
O4 - HKLM\..\Run: [w0015d7c.dll] RUNDLL32.EXE w0015d7c.dll,I2 0000c6a100015d7c
O4 - HKLM\..\Run: [w0534031.dll] RUNDLL32.EXE w0534031.dll,I2 0000c6a100534031
O4 - HKLM\..\Run: [w058c9ac.dll] RUNDLL32.EXE w058c9ac.dll,I2 0000c6a10058c9ac
O4 - HKLM\..\Run: [w0010f2d.dll] RUNDLL32.EXE w0010f2d.dll,I2 0000c6a100010f2d
O4 - HKLM\..\Run: [w0010a1d.dll] RUNDLL32.EXE w0010a1d.dll,I2 0000c6a100010a1d
O4 - HKLM\..\Run: [w0013a35.dll] RUNDLL32.EXE w0013a35.dll,I2 0000c6a100013a35
O4 - HKLM\..\Run: [w002ce52.dll] RUNDLL32.EXE w002ce52.dll,I2 0000c6a10002ce52
O4 - HKLM\..\Run: [w003443e.dll] RUNDLL32.EXE w003443e.dll,I2 0000c6a10003443e
O4 - HKLM\..\Run: [w0010f3d.dll] RUNDLL32.EXE w0010f3d.dll,I2 0000c6a100010f3d
O4 - HKLM\..\Run: [w0e9d256.dll] RUNDLL32.EXE w0e9d256.dll,I2 0000c6a100e9d256
O4 - HKLM\..\Run: [w0f02b17.dll] RUNDLL32.EXE w0f02b17.dll,I2 0000c6a100f02b17
O4 - HKLM\..\Run: [w0f64cbc.dll] RUNDLL32.EXE w0f64cbc.dll,I2 0000c6a100f64cbc
O4 - HKLM\..\Run: [w002aadc.dll] RUNDLL32.EXE w002aadc.dll,I2 0000c6a10002aadc
O4 - HKLM\..\Run: [w001be78.dll] RUNDLL32.EXE w001be78.dll,I2 0000c6a10001be78
O4 - HKLM\..\Run: [w0b62862.dll] RUNDLL32.EXE w0b62862.dll,I2 0000c6a100b62862
O4 - HKLM\..\Run: [w0011027.dll] RUNDLL32.EXE w0011027.dll,I2 0000c6a100011027
O4 - HKLM\..\Run: [w0010b55.dll] RUNDLL32.EXE w0010b55.dll,I2 0000c6a100010b55
O4 - HKLM\..\Run: [w000fe45.dll] RUNDLL32.EXE w000fe45.dll,I2 0000c6a10000fe45
O4 - HKLM\..\Run: [w0011bef.dll] RUNDLL32.EXE w0011bef.dll,I2 0000c6a100011bef
O4 - HKLM\..\Run: [w022ace4.dll] RUNDLL32.EXE w022ace4.dll,I2 0000c6a10022ace4
O4 - HKLM\..\Run: [w0028245.dll] RUNDLL32.EXE w0028245.dll,I2 0000c6a100028245
O4 - HKLM\..\Run: [w000f59b.dll] RUNDLL32.EXE w000f59b.dll,I2 0000c6a10000f59b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [zofw] C:\Program Files\Common Files\zofw\zofwm.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137252320593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137024856609
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:40 AM

Posted 16 April 2006 - 03:53 AM

Ok.. Lets continue. :thumbsup:

Go ahead and remove SmitFraudFix if you want.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

2. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

4. Once in Safe Mode, Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.

==

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by double-clicking BFU.exe
  • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :flowers:
Hi there, stranger!

#5 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 08:29 PM

I ran ewido in safe mode. Will post scan report. When I tried to right click and save the file for use with BFU as you instructed, my computer couldn't open that type of file. I tried to follow the instructions for running BFU but it immediately said completed and I never saw a progress bar so I guess it didn't work.I now get over 40 RUNDLL error messages that appear when I restart my computer. Wrote down what it says so let me know if I need to post them. I have tried seeveral times to post my ewido scan report in this message and can't get my response to post.

#6 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 08:49 PM

I think the file is too big for me to post. It looks like a LOT of stuff was cleaned with backup. Here's the only thing I could find that said there was an error during cleaning. Also what do I do about all of the errors messages (RUNDLL) that pop up when I start my computer? Does this mean I've messed something up?

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:16:19 PM, 4/16/2006
+ Report-Checksum: 5F3EEA9A

+ Scan result:

HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Error during cleaning

#7 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 08:54 PM

Here's the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:42:38 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe

#8 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 08:58 PM

I'm havins to send a little at a time. Somethings messed up. Can't get the whole log to go through at once.

C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\AIM\aim.exe

#9 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:03 PM

F2 - REG:system.ini: UserInit=userinit.exe,wuhaltk.exe
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [ABB0B5B6B6B7B1B2] 454A4F5050514B.exe
O4 - HKLM\..\Run: [Setup94.exe] C:\WINDOWS\system32\Setup94.exe
O4 - HKLM\..\Run: [win32078995-193118] C:\WINDOWS\win32078995-193118.exe
O4 - HKLM\..\Run: [win320995-19311889] C:\WINDOWS\win320995-19311889.exe
O4 - HKLM\..\Run: [ms078995-193118] C:\WINDOWS\ms078995-193118.exe
O4 - HKLM\..\Run: [ms0331188995-19] C:\WINDOWS\ms0331188995-19.exe
O4 - HKLM\..\Run: [win3211-1931188995] C:\WINDOWS\win3211-1931188995.exe
O4 - HKLM\..\Run: [sys02931188995-1] C:\WINDOWS\sys02931188995-1.exe

O4 - HKLM\..\Run: [w0041b54.dll] RUNDLL32.EXE w0041b54.dll,I2 0000c6a100041b54
O4 - HKLM\..\Run: [w656c92a.dll] RUNDLL32.EXE w656c92a.dll,I2 0000c6a10656c92a
O4 - HKLM\..\Run: [w00416b1.dll] RUNDLL32.EXE w00416b1.dll,I2 0000c6a1000416b1
O4 - HKLM\..\Run: [w007f318.dll] RUNDLL32.EXE w007f318.dll,I2 0000c6a10007f318
O4 - HKLM\..\Run: [w08f4f51.dll] RUNDLL32.EXE w08f4f51.dll,I2 0000c6a1008f4f51
O4 - HKLM\..\Run: [sys0331188995-19] C:\WINDOWS\sys0331188995-19.exe
O4 - HKLM\..\Run: [w0030d20.dll] RUNDLL32.EXE w0030d20.dll,I2 0000c6a100030d20
O4 - HKLM\..\Run: [w00f5a3c.dll] RUNDLL32.EXE w00f5a3c.dll,I2 0000c6a1000f5a3c
O4 - HKLM\..\Run: [w021fa7c.dll] RUNDLL32.EXE w021fa7c.dll,I2 0000c6a10021fa7c
O4 - HKLM\..\Run: [w0017058.dll] RUNDLL32.EXE w0017058.dll,I2 0000c6a100017058
O4 - HKLM\..\Run: [w0031270.dll] RUNDLL32.EXE w0031270.dll,I2 0000c6a100031270
O4 - HKLM\..\Run: [w0029a32.dll] RUNDLL32.EXE w0029a32.dll,I2 0000c6a100029a32
O4 - HKLM\..\Run: [w0013e3c.dll] RUNDLL32.EXE w0013e3c.dll,I2 0000c6a100013e3c
O4 - HKLM\..\Run: [w0014a14.dll] RUNDLL32.EXE w0014a14.dll,I2 0000c6a100014a14
O4 - HKLM\..\Run: [w0046f21.dll] RUNDLL32.EXE w0046f21.dll,I2 0000c6a100046f21
O4 - HKLM\..\Run: [w001af46.dll] RUNDLL32.EXE w001af46.dll,I2 0000c6a10001af46
O4 - HKLM\..\Run: [w00149b6.dll] RUNDLL32.EXE w00149b6.dll,I2 0000c6a1000149b6
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [w003ff60.dll] RUNDLL32.EXE w003ff60.dll,I2 0000c6a10003ff60
O4 - HKLM\..\Run: [w00461b4.dll] RUNDLL32.EXE w00461b4.dll,I2 0000c6a1000461b4
O4 - HKLM\..\Run: [w00331bf.dll] RUNDLL32.EXE w00331bf.dll,I2 0000c6a1000331bf
O4 - HKLM\..\Run: [w00102aa.dll] RUNDLL32.EXE w00102aa.dll,I2 0000c6a1000102aa
O4 - HKLM\..\Run: [w00203bf.dll] RUNDLL32.EXE w00203bf.dll,I2 0000c6a1000203bf
O4 - HKLM\..\Run: [w0015d7c.dll] RUNDLL32.EXE w0015d7c.dll,I2 0000c6a100015d7c
O4 - HKLM\..\Run: [w0534031.dll] RUNDLL32.EXE w0534031.dll,I2 0000c6a100534031
O4 - HKLM\..\Run: [w058c9ac.dll] RUNDLL32.EXE w058c9ac.dll,I2 0000c6a10058c9ac
O4 - HKLM\..\Run: [w0010f2d.dll] RUNDLL32.EXE w0010f2d.dll,I2 0000c6a100010f2d
O4 - HKLM\..\Run: [w0010a1d.dll] RUNDLL32.EXE w0010a1d.dll,I2 0000c6a100010a1d
O4 - HKLM\..\Run: [w0013a35.dll] RUNDLL32.EXE w0013a35.dll,I2 0000c6a100013a35
O4 - HKLM\..\Run: [w002ce52.dll] RUNDLL32.EXE w002ce52.dll,I2 0000c6a10002ce52
O4 - HKLM\..\Run: [w003443e.dll] RUNDLL32.EXE w003443e.dll,I2 0000c6a10003443e
O4 - HKLM\..\Run: [w0010f3d.dll] RUNDLL32.EXE w0010f3d.dll,I2 0000c6a100010f3d

#10 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:06 PM

O4 - HKLM\..\Run: [w0e9d256.dll] RUNDLL32.EXE w0e9d256.dll,I2 0000c6a100e9d256
O4 - HKLM\..\Run: [w0f02b17.dll] RUNDLL32.EXE w0f02b17.dll,I2 0000c6a100f02b17
O4 - HKLM\..\Run: [w0f64cbc.dll] RUNDLL32.EXE w0f64cbc.dll,I2 0000c6a100f64cbc
O4 - HKLM\..\Run: [w002aadc.dll] RUNDLL32.EXE w002aadc.dll,I2 0000c6a10002aadc
O4 - HKLM\..\Run: [w001be78.dll] RUNDLL32.EXE w001be78.dll,I2 0000c6a10001be78
O4 - HKLM\..\Run: [w0b62862.dll] RUNDLL32.EXE w0b62862.dll,I2 0000c6a100b62862
O4 - HKLM\..\Run: [w0011027.dll] RUNDLL32.EXE w0011027.dll,I2 0000c6a100011027
O4 - HKLM\..\Run: [w0010b55.dll] RUNDLL32.EXE w0010b55.dll,I2 0000c6a100010b55
O4 - HKLM\..\Run: [w000fe45.dll] RUNDLL32.EXE w000fe45.dll,I2 0000c6a10000fe45
O4 - HKLM\..\Run: [w0011bef.dll] RUNDLL32.EXE w0011bef.dll,I2 0000c6a100011bef
O4 - HKLM\..\Run: [w022ace4.dll] RUNDLL32.EXE w022ace4.dll,I2 0000c6a10022ace4
O4 - HKLM\..\Run: [w0028245.dll] RUNDLL32.EXE w0028245.dll,I2 0000c6a100028245
O4 - HKLM\..\Run: [w000f59b.dll] RUNDLL32.EXE w000f59b.dll,I2 0000c6a10000f59b
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [w0013b6e.dll] RUNDLL32.EXE w0013b6e.dll,I2 0000c6a100013b6e
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [zofw] C:\Program Files\Common Files\zofw\zofwm.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

#11 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:08 PM

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137252320593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

#12 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:10 PM

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC04D66-43A0-4F99-BD4E-7C8AE27C13AF}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

#13 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:13 PM

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

#14 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:16 PM

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#15 traumanurse

traumanurse
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 April 2006 - 09:19 PM

I can't get any of the log to go through when I try to post. Says "cannot find server" when I hit "add reply"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users