MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: New computer help
July 10, 2020, 04:17:58 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 10, 2020, 04:17:58 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: New computer help  (Read 5577 times)
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« on: May 25, 2005, 02:03:16 AM »

I just got this notebook now I think I have messed it up. I can't get rid of this about blank page. I am running XP home and here is a highjack log.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:50 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\BigFix\BigFix.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ipoh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {226F805F-8E96-0121-4596-E21EA0B40429} - C:\WINDOWS\msnx32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ipoh.exe] C:\WINDOWS\system32\ipoh.exe
O4 - HKLM\..\RunOnce: [appdk.exe] C:\WINDOWS\appdk.exe
O4 - HKLM\..\RunOnce: [sdkht.exe] C:\WINDOWS\sdkht.exe
O4 - HKLM\..\RunOnce: [ntnz.exe] C:\WINDOWS\ntnz.exe
O4 - HKLM\..\RunOnce: [winfb32.exe] C:\WINDOWS\winfb32.exe
O4 - HKLM\..\RunOnce: [javalv.exe] C:\WINDOWS\system32\javalv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: May 25, 2005, 02:16:18 AM »

Hello Dragon .. Smiley

Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



Goto START>RUN
Type or Copy/Paste the line below into the Run Box:

regsvr32 /u zcjmm.dll
regsvr32 /u msnx32.dll

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

ipoh.exe
appdk.exe
sdkht.exe
ntnz.exe
winfb32.exe
javalv.exe

Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zcjmm.dll/sp.html#14044

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing

O2 - BHO: Class - {226F805F-8E96-0121-4596-E21EA0B40429} - C:\WINDOWS\msnx32.dll

O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - HKLM\..\Run: [ipoh.exe] C:\WINDOWS\system32\ipoh.exe
O4 - HKLM\..\RunOnce: [appdk.exe] C:\WINDOWS\appdk.exe
O4 - HKLM\..\RunOnce: [sdkht.exe] C:\WINDOWS\sdkht.exe
O4 - HKLM\..\RunOnce: [ntnz.exe] C:\WINDOWS\ntnz.exe
O4 - HKLM\..\RunOnce: [winfb32.exe] C:\WINDOWS\winfb32.exe
O4 - HKLM\..\RunOnce: [javalv.exe] C:\WINDOWS\system32\javalv.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM) <<< DID YOU PUT THESE IN THE TRUSTED ZONE??

O23 - Service: Network Security Service ( 11F
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #2 on: May 25, 2005, 03:04:31 AM »

Here is new log. I think I missed something.

Thanks for the help.

Dragon


Logfile of HijackThis v1.99.1
Scan saved at 10:02:37 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\d3hv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gcteu.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gcteu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gcteu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gcteu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gcteu.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gcteu.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {226F805F-8E96-0121-4596-E21EA0B40429} - C:\WINDOWS\msnx32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipoh.exe] C:\WINDOWS\system32\ipoh.exe
O4 - HKLM\..\Run: [d3cc32.exe] C:\WINDOWS\system32\d3cc32.exe
O4 - HKLM\..\Run: [d3hv.exe] C:\WINDOWS\d3hv.exe
O4 - HKLM\..\RunOnce: [msbe.exe] C:\WINDOWS\system32\msbe.exe
O4 - HKLM\..\RunOnce: [apikl32.exe] C:\WINDOWS\apikl32.exe
O4 - HKLM\..\RunOnce: [javaza.exe] C:\WINDOWS\javaza.exe
O4 - HKLM\..\RunOnce: [d3nc32.exe] C:\WINDOWS\d3nc32.exe
O4 - HKLM\..\RunOnce: [croa.exe] C:\WINDOWS\system32\croa.exe
O4 - HKLM\..\RunOnce: [msab32.exe] C:\WINDOWS\msab32.exe
O4 - HKLM\..\RunOnce: [netjp.exe] C:\WINDOWS\system32\netjp.exe
O4 - HKLM\..\RunOnce: [sdktc32.exe] C:\WINDOWS\system32\sdktc32.exe
O4 - HKLM\..\RunOnce: [atlhl.exe] C:\WINDOWS\atlhl.exe
O4 - HKLM\..\RunOnce: [addfg.exe] C:\WINDOWS\addfg.exe
O4 - HKLM\..\RunOnce: [atlaa32.exe] C:\WINDOWS\system32\atlaa32.exe
O4 - HKLM\..\RunOnce: [sdktn32.exe] C:\WINDOWS\sdktn32.exe
O4 - HKLM\..\RunOnce: [nttp32.exe] C:\WINDOWS\system32\nttp32.exe
O4 - HKLM\..\RunOnce: [apibe32.exe] C:\WINDOWS\apibe32.exe
O4 - HKLM\..\RunOnce: [crft.exe] C:\WINDOWS\system32\crft.exe
O4 - HKLM\..\RunOnce: [addbd.exe] C:\WINDOWS\system32\addbd.exe
O4 - HKLM\..\RunOnce: [crhx32.exe] C:\WINDOWS\crhx32.exe
O4 - HKLM\..\RunOnce: [netqm32.exe] C:\WINDOWS\netqm32.exe
O4 - HKLM\..\RunOnce: [adddg.exe] C:\WINDOWS\adddg.exe
O4 - HKLM\..\RunOnce: [netjs32.exe] C:\WINDOWS\system32\netjs32.exe
O4 - HKLM\..\RunOnce: [winpm.exe] C:\WINDOWS\winpm.exe
O4 - HKLM\..\RunOnce: [d3ly32.exe] C:\WINDOWS\d3ly32.exe
O4 - HKLM\..\RunOnce: [iehq.exe] C:\WINDOWS\iehq.exe
O4 - HKLM\..\RunOnce: [ntnl32.exe] C:\WINDOWS\ntnl32.exe
O4 - HKLM\..\RunOnce: [addvo32.exe] C:\WINDOWS\system32\addvo32.exe
O4 - HKLM\..\RunOnce: [d3bq.exe] C:\WINDOWS\system32\d3bq.exe
O4 - HKLM\..\RunOnce: [crvw32.exe] C:\WINDOWS\system32\crvw32.exe
O4 - HKLM\..\RunOnce: [iezs.exe] C:\WINDOWS\iezs.exe
O4 - HKLM\..\RunOnce: [ntmn32.exe] C:\WINDOWS\ntmn32.exe
O4 - HKLM\..\RunOnce: [wingy32.exe] C:\WINDOWS\system32\wingy32.exe
O4 - HKLM\..\RunOnce: [ntbh32.exe] C:\WINDOWS\system32\ntbh32.exe
O4 - HKLM\..\RunOnce: [appgk.exe] C:\WINDOWS\appgk.exe
O4 - HKLM\..\RunOnce: [ipnn.exe] C:\WINDOWS\system32\ipnn.exe
O4 - HKLM\..\RunOnce: [d3fj32.exe] C:\WINDOWS\d3fj32.exe
O4 - HKLM\..\RunOnce: [winkl.exe] C:\WINDOWS\winkl.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\ieza.exe
O4 - HKLM\..\RunOnce: [ntfu.exe] C:\WINDOWS\system32\ntfu.exe
O4 - HKLM\..\RunOnce: [netyv.exe] C:\WINDOWS\netyv.exe
O4 - HKLM\..\RunOnce: [addmx32.exe] C:\WINDOWS\system32\addmx32.exe
O4 - HKLM\..\RunOnce: [crrr32.exe] C:\WINDOWS\system32\crrr32.exe
O4 - HKLM\..\RunOnce: [sdkiq32.exe] C:\WINDOWS\sdkiq32.exe
O4 - HKLM\..\RunOnce: [sysha32.exe] C:\WINDOWS\system32\sysha32.exe
O4 - HKLM\..\RunOnce: [sdkmd.exe] C:\WINDOWS\sdkmd.exe
O4 - HKLM\..\RunOnce: [crkf.exe] C:\WINDOWS\crkf.exe
O4 - HKLM\..\RunOnce: [netxz32.exe] C:\WINDOWS\netxz32.exe
O4 - HKLM\..\RunOnce: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\RunOnce: [mfcvk.exe] C:\WINDOWS\mfcvk.exe
O4 - HKLM\..\RunOnce: [sysim32.exe] C:\WINDOWS\sysim32.exe
O4 - HKLM\..\RunOnce: [iphg32.exe] C:\WINDOWS\iphg32.exe
O4 - HKLM\..\RunOnce: [appub.exe] C:\WINDOWS\system32\appub.exe
O4 - HKLM\..\RunOnce: [sdkfk.exe] C:\WINDOWS\sdkfk.exe
O4 - HKLM\..\RunOnce: [atlfw.exe] C:\WINDOWS\system32\atlfw.exe
O4 - HKLM\..\RunOnce: [ipzq.exe] C:\WINDOWS\system32\ipzq.exe
O4 - HKLM\..\RunOnce: [addmk32.exe] C:\WINDOWS\system32\addmk32.exe
O4 - HKLM\..\RunOnce: [winmf.exe] C:\WINDOWS\system32\winmf.exe
O4 - HKLM\..\RunOnce: [crzh32.exe] C:\WINDOWS\crzh32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F
Logged

 
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #3 on: May 25, 2005, 01:57:10 PM »

Here is the latest hijack any help would be great.

Logfile of HijackThis v1.99.1
Scan saved at 8:56:16 AM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\mfcuk.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wcrto.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcrto.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wcrto.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wcrto.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcrto.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wcrto.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {226F805F-8E96-0121-4596-E21EA0B40429} - C:\WINDOWS\msnx32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipoh.exe] C:\WINDOWS\system32\ipoh.exe
O4 - HKLM\..\Run: [d3cc32.exe] C:\WINDOWS\system32\d3cc32.exe
O4 - HKLM\..\Run: [d3hv.exe] C:\WINDOWS\d3hv.exe
O4 - HKLM\..\Run: [sysqh.exe] C:\WINDOWS\system32\sysqh.exe
O4 - HKLM\..\Run: [iect32.exe] C:\WINDOWS\iect32.exe
O4 - HKLM\..\Run: [mfcuk.exe] C:\WINDOWS\system32\mfcuk.exe
O4 - HKLM\..\RunOnce: [msbe.exe] C:\WINDOWS\system32\msbe.exe
O4 - HKLM\..\RunOnce: [apikl32.exe] C:\WINDOWS\apikl32.exe
O4 - HKLM\..\RunOnce: [d3nc32.exe] C:\WINDOWS\d3nc32.exe
O4 - HKLM\..\RunOnce: [addfg.exe] C:\WINDOWS\addfg.exe
O4 - HKLM\..\RunOnce: [atlaa32.exe] C:\WINDOWS\system32\atlaa32.exe
O4 - HKLM\..\RunOnce: [sdktn32.exe] C:\WINDOWS\sdktn32.exe
O4 - HKLM\..\RunOnce: [ipks.exe] C:\WINDOWS\system32\ipks.exe
O4 - HKLM\..\RunOnce: [crii32.exe] C:\WINDOWS\system32\crii32.exe
O4 - HKLM\..\RunOnce: [d3qw32.exe] C:\WINDOWS\system32\d3qw32.exe
O4 - HKLM\..\RunOnce: [ipbn.exe] C:\WINDOWS\ipbn.exe
O4 - HKLM\..\RunOnce: [sysuo32.exe] C:\WINDOWS\sysuo32.exe
O4 - HKLM\..\RunOnce: [msnp.exe] C:\WINDOWS\system32\msnp.exe
O4 - HKLM\..\RunOnce: [crxt32.exe] C:\WINDOWS\crxt32.exe
O4 - HKLM\..\RunOnce: [sdkyt32.exe] C:\WINDOWS\sdkyt32.exe
O4 - HKLM\..\RunOnce: [crwn.exe] C:\WINDOWS\crwn.exe
O4 - HKLM\..\RunOnce: [winbp.exe] C:\WINDOWS\system32\winbp.exe
O4 - HKLM\..\RunOnce: [sdkaw.exe] C:\WINDOWS\system32\sdkaw.exe
O4 - HKLM\..\RunOnce: [atlre32.exe] C:\WINDOWS\system32\atlre32.exe
O4 - HKLM\..\RunOnce: [addvg32.exe] C:\WINDOWS\system32\addvg32.exe
O4 - HKLM\..\RunOnce: [atlun32.exe] C:\WINDOWS\atlun32.exe
O4 - HKLM\..\RunOnce: [javaet.exe] C:\WINDOWS\system32\javaet.exe
O4 - HKLM\..\RunOnce: [sysng.exe] C:\WINDOWS\system32\sysng.exe
O4 - HKLM\..\RunOnce: [d3rq32.exe] C:\WINDOWS\d3rq32.exe
O4 - HKLM\..\RunOnce: [sysha32.exe] C:\WINDOWS\sysha32.exe
O4 - HKLM\..\RunOnce: [sdkfg32.exe] C:\WINDOWS\system32\sdkfg32.exe
O4 - HKLM\..\RunOnce: [sysbq.exe] C:\WINDOWS\sysbq.exe
O4 - HKLM\..\RunOnce: [adddn.exe] C:\WINDOWS\adddn.exe
O4 - HKLM\..\RunOnce: [atlrp32.exe] C:\WINDOWS\atlrp32.exe
O4 - HKLM\..\RunOnce: [mfcxm.exe] C:\WINDOWS\system32\mfcxm.exe
O4 - HKLM\..\RunOnce: [atlli.exe] C:\WINDOWS\atlli.exe
O4 - HKLM\..\RunOnce: [apilo32.exe] C:\WINDOWS\system32\apilo32.exe
O4 - HKLM\..\RunOnce: [atlad32.exe] C:\WINDOWS\system32\atlad32.exe
O4 - HKLM\..\RunOnce: [ielw.exe] C:\WINDOWS\ielw.exe
O4 - HKLM\..\RunOnce: [ipzr.exe] C:\WINDOWS\system32\ipzr.exe
O4 - HKLM\..\RunOnce: [mfcdd.exe] C:\WINDOWS\mfcdd.exe
O4 - HKLM\..\RunOnce: [crmj32.exe] C:\WINDOWS\crmj32.exe
O4 - HKLM\..\RunOnce: [javanj32.exe] C:\WINDOWS\system32\javanj32.exe
O4 - HKLM\..\RunOnce: [apirp.exe] C:\WINDOWS\system32\apirp.exe
O4 - HKLM\..\RunOnce: [sysws.exe] C:\WINDOWS\system32\sysws.exe
O4 - HKLM\..\RunOnce: [ntil32.exe] C:\WINDOWS\ntil32.exe
O4 - HKLM\..\RunOnce: [atlof.exe] C:\WINDOWS\atlof.exe
O4 - HKLM\..\RunOnce: [sdkgt.exe] C:\WINDOWS\sdkgt.exe
O4 - HKLM\..\RunOnce: [mfcmw32.exe] C:\WINDOWS\mfcmw32.exe
O4 - HKLM\..\RunOnce: [javayb.exe] C:\WINDOWS\javayb.exe
O4 - HKLM\..\RunOnce: [apidd32.exe] C:\WINDOWS\apidd32.exe
O4 - HKLM\..\RunOnce: [ntvq.exe] C:\WINDOWS\system32\ntvq.exe
O4 - HKLM\..\RunOnce: [atlal32.exe] C:\WINDOWS\atlal32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #4 on: May 26, 2005, 02:42:20 AM »

Starting a NEW Thread for your problem won't get it answered any quicker .. Wink

I see you ran another Scan today at 1:08:20 PM, which looks alot different than the logfile above.

Re-run HJT and post another logfile.

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #5 on: May 26, 2005, 01:04:16 PM »

Here is a fresh log. I will not do anything until I hear back from you.

Logfile of HijackThis v1.99.1
Scan saved at 8:02:48 AM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sysii.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3F1BCB7B-D035-B70D-5646-5B4D9D6D374C} - C:\WINDOWS\netcp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FBD510D7-7593-FDD3-1C34-C5FEB77E69B3} - C:\WINDOWS\system32\mfcvn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mfcuk.exe] C:\WINDOWS\system32\mfcuk.exe
O4 - HKLM\..\Run: [sysii.exe] C:\WINDOWS\system32\sysii.exe
O4 - HKLM\..\RunOnce: [winbp.exe] C:\WINDOWS\system32\winbp.exe
O4 - HKLM\..\RunOnce: [atlad32.exe] C:\WINDOWS\system32\atlad32.exe
O4 - HKLM\..\RunOnce: [crmj32.exe] C:\WINDOWS\crmj32.exe
O4 - HKLM\..\RunOnce: [sdktg32.exe] C:\WINDOWS\sdktg32.exe
O4 - HKLM\..\RunOnce: [mfcte.exe] C:\WINDOWS\mfcte.exe
O4 - HKLM\..\RunOnce: [iejq.exe] C:\WINDOWS\iejq.exe
O4 - HKLM\..\RunOnce: [crto32.exe] C:\WINDOWS\crto32.exe
O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\ntup32.exe
O4 - HKLM\..\RunOnce: [ievn32.exe] C:\WINDOWS\ievn32.exe
O4 - HKLM\..\RunOnce: [mste32.exe] C:\WINDOWS\system32\mste32.exe
O4 - HKLM\..\RunOnce: [ieak.exe] C:\WINDOWS\ieak.exe
O4 - HKLM\..\RunOnce: [ieph.exe] C:\WINDOWS\system32\ieph.exe
O4 - HKLM\..\RunOnce: [ipdb.exe] C:\WINDOWS\system32\ipdb.exe
O4 - HKLM\..\RunOnce: [mssq32.exe] C:\WINDOWS\mssq32.exe
O4 - HKLM\..\RunOnce: [winjg.exe] C:\WINDOWS\winjg.exe
O4 - HKLM\..\RunOnce: [sysxu.exe] C:\WINDOWS\sysxu.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ieqb32.exe] C:\WINDOWS\system32\ieqb32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\system32\atldh.exe
O4 - HKLM\..\RunOnce: [appkb32.exe] C:\WINDOWS\system32\appkb32.exe
O4 - HKLM\..\RunOnce: [ipdy32.exe] C:\WINDOWS\ipdy32.exe
O4 - HKLM\..\RunOnce: [addua32.exe] C:\WINDOWS\addua32.exe
O4 - HKLM\..\RunOnce: [crzc.exe] C:\WINDOWS\crzc.exe
O4 - HKLM\..\RunOnce: [netmw32.exe] C:\WINDOWS\netmw32.exe
O4 - HKLM\..\RunOnce: [ipst32.exe] C:\WINDOWS\system32\ipst32.exe
O4 - HKLM\..\RunOnce: [d3nq32.exe] C:\WINDOWS\d3nq32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11F
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #6 on: May 26, 2005, 09:57:27 PM »

Let's try this again..please FOLLOW my instruction exactly .. Wink
Don't skip anything...if a file is NOT there don't worry...just continue with the fix.

I WANT YOU TO PRINT THIS OUT

ALL WINDOWS MUST BE CLOSED - INCLUDING THIS ONE


Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**


Restart your computer in Safe Mode. How do I Safe Boot my computer?

Now Goto START>RUN
Type or Copy/Paste the line below into the Run Box:

regsvr32 /u zwwim.dll
regsvr32 /u netcp.dll
regsvr32 /u mfcvn.dll



Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zwwim.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zwwim.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {3F1BCB7B-D035-B70D-5646-5B4D9D6D374C} - C:\WINDOWS\netcp.dll

O2 - BHO: Class - {FBD510D7-7593-FDD3-1C34-C5FEB77E69B3} - C:\WINDOWS\system32\mfcvn.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mfcuk.exe] C:\WINDOWS\system32\mfcuk.exe
O4 - HKLM\..\Run: [sysii.exe] C:\WINDOWS\system32\sysii.exe
O4 - HKLM\..\RunOnce: [winbp.exe] C:\WINDOWS\system32\winbp.exe
O4 - HKLM\..\RunOnce: [atlad32.exe] C:\WINDOWS\system32\atlad32.exe
O4 - HKLM\..\RunOnce: [crmj32.exe] C:\WINDOWS\crmj32.exe
O4 - HKLM\..\RunOnce: [sdktg32.exe] C:\WINDOWS\sdktg32.exe
O4 - HKLM\..\RunOnce: [mfcte.exe] C:\WINDOWS\mfcte.exe
O4 - HKLM\..\RunOnce: [iejq.exe] C:\WINDOWS\iejq.exe
O4 - HKLM\..\RunOnce: [crto32.exe] C:\WINDOWS\crto32.exe
O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\ntup32.exe
O4 - HKLM\..\RunOnce: [ievn32.exe] C:\WINDOWS\ievn32.exe
O4 - HKLM\..\RunOnce: [mste32.exe] C:\WINDOWS\system32\mste32.exe
O4 - HKLM\..\RunOnce: [ieak.exe] C:\WINDOWS\ieak.exe
O4 - HKLM\..\RunOnce: [ieph.exe] C:\WINDOWS\system32\ieph.exe
O4 - HKLM\..\RunOnce: [ipdb.exe] C:\WINDOWS\system32\ipdb.exe
O4 - HKLM\..\RunOnce: [mssq32.exe] C:\WINDOWS\mssq32.exe
O4 - HKLM\..\RunOnce: [winjg.exe] C:\WINDOWS\winjg.exe
O4 - HKLM\..\RunOnce: [sysxu.exe] C:\WINDOWS\sysxu.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ieqb32.exe] C:\WINDOWS\system32\ieqb32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\system32\atldh.exe
O4 - HKLM\..\RunOnce: [appkb32.exe] C:\WINDOWS\system32\appkb32.exe
O4 - HKLM\..\RunOnce: [ipdy32.exe] C:\WINDOWS\ipdy32.exe
O4 - HKLM\..\RunOnce: [addua32.exe] C:\WINDOWS\addua32.exe
O4 - HKLM\..\RunOnce: [crzc.exe] C:\WINDOWS\crzc.exe
O4 - HKLM\..\RunOnce: [netmw32.exe] C:\WINDOWS\netmw32.exe
O4 - HKLM\..\RunOnce: [ipst32.exe] C:\WINDOWS\system32\ipst32.exe
O4 - HKLM\..\RunOnce: [d3nq32.exe] C:\WINDOWS\d3nq32.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O23 - Service: Network Security Service (NSS) ( 11F
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #7 on: May 27, 2005, 01:55:05 PM »

Cactus, my computer was used before I could tell someone not to use it. Here is a fresh log. I am not sure If I should continue since the hijack looks a bit different now.

Logfile of HijackThis v1.99.1
Scan saved at 8:51:38 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sysii.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\upogh.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FBD510D7-7593-FDD3-1C34-C5FEB77E69B3} - C:\WINDOWS\system32\mfcvn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mfcuk.exe] C:\WINDOWS\system32\mfcuk.exe
O4 - HKLM\..\Run: [sysii.exe] C:\WINDOWS\system32\sysii.exe
O4 - HKLM\..\RunOnce: [winbp.exe] C:\WINDOWS\system32\winbp.exe
O4 - HKLM\..\RunOnce: [atlad32.exe] C:\WINDOWS\system32\atlad32.exe
O4 - HKLM\..\RunOnce: [iejq.exe] C:\WINDOWS\iejq.exe
O4 - HKLM\..\RunOnce: [crto32.exe] C:\WINDOWS\crto32.exe
O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\ntup32.exe
O4 - HKLM\..\RunOnce: [ievn32.exe] C:\WINDOWS\ievn32.exe
O4 - HKLM\..\RunOnce: [mste32.exe] C:\WINDOWS\system32\mste32.exe
O4 - HKLM\..\RunOnce: [ieak.exe] C:\WINDOWS\ieak.exe
O4 - HKLM\..\RunOnce: [ieph.exe] C:\WINDOWS\system32\ieph.exe
O4 - HKLM\..\RunOnce: [ipdb.exe] C:\WINDOWS\system32\ipdb.exe
O4 - HKLM\..\RunOnce: [mssq32.exe] C:\WINDOWS\mssq32.exe
O4 - HKLM\..\RunOnce: [winjg.exe] C:\WINDOWS\winjg.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ieqb32.exe] C:\WINDOWS\system32\ieqb32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\system32\atldh.exe
O4 - HKLM\..\RunOnce: [appkb32.exe] C:\WINDOWS\system32\appkb32.exe
O4 - HKLM\..\RunOnce: [ipdy32.exe] C:\WINDOWS\ipdy32.exe
O4 - HKLM\..\RunOnce: [apiqq32.exe] C:\WINDOWS\system32\apiqq32.exe
O4 - HKLM\..\RunOnce: [ieek32.exe] C:\WINDOWS\system32\ieek32.exe
O4 - HKLM\..\RunOnce: [sysye.exe] C:\WINDOWS\sysye.exe
O4 - HKLM\..\RunOnce: [ntda.exe] C:\WINDOWS\system32\ntda.exe
O4 - HKLM\..\RunOnce: [sysym.exe] C:\WINDOWS\sysym.exe
O4 - HKLM\..\RunOnce: [msnb.exe] C:\WINDOWS\msnb.exe
O4 - HKLM\..\RunOnce: [applo.exe] C:\WINDOWS\system32\applo.exe
O4 - HKLM\..\RunOnce: [addmo32.exe] C:\WINDOWS\addmo32.exe
O4 - HKLM\..\RunOnce: [addal32.exe] C:\WINDOWS\system32\addal32.exe
O4 - HKLM\..\RunOnce: [crfp32.exe] C:\WINDOWS\crfp32.exe
O4 - HKLM\..\RunOnce: [addab32.exe] C:\WINDOWS\system32\addab32.exe
O4 - HKLM\..\RunOnce: [mfcnf.exe] C:\WINDOWS\mfcnf.exe
O4 - HKLM\..\RunOnce: [atlog32.exe] C:\WINDOWS\system32\atlog32.exe
O4 - HKLM\..\RunOnce: [appcc32.exe] C:\WINDOWS\appcc32.exe
O4 - HKLM\..\RunOnce: [ipmt.exe] C:\WINDOWS\system32\ipmt.exe
O4 - HKLM\..\RunOnce: [crfu.exe] C:\WINDOWS\system32\crfu.exe
O4 - HKLM\..\RunOnce: [apiwb32.exe] C:\WINDOWS\system32\apiwb32.exe
O4 - HKLM\..\RunOnce: [d3kq32.exe] C:\WINDOWS\system32\d3kq32.exe
O4 - HKLM\..\RunOnce: [mfckq32.exe] C:\WINDOWS\mfckq32.exe
O4 - HKLM\..\RunOnce: [javafk32.exe] C:\WINDOWS\system32\javafk32.exe
O4 - HKLM\..\RunOnce: [mssg.exe] C:\WINDOWS\system32\mssg.exe
O4 - HKLM\..\RunOnce: [ipyj.exe] C:\WINDOWS\ipyj.exe
O4 - HKLM\..\RunOnce: [atlcv.exe] C:\WINDOWS\system32\atlcv.exe
O4 - HKLM\..\RunOnce: [sdkpa32.exe] C:\WINDOWS\system32\sdkpa32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11F
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #8 on: May 27, 2005, 02:15:45 PM »

Ok Dragon .. as you know the file keeps changing names .. Lips Sealed

Until you can post a logfile and NOT reboot until you do the fix,we're both wasting our time .. Wink

So.. when your prepared to do that,let me know and I'll get you to post another log.

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #9 on: May 27, 2005, 02:26:48 PM »

I apologize for all the trouble, I did not realize that the rebooting was part of the problem I was turning my computer off each time while waiting for a reply. I am serious about fixing this problem and would appreciate your help

Dragon
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #10 on: May 27, 2005, 03:21:44 PM »

Ok no problem Dragon .. Wink

Let me do the FIX up and then we'll take it from there ..Smiley

Keep your PC on until I post back..

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #11 on: May 27, 2005, 03:35:44 PM »

I will keep it on. Sorry about the frustration.

Dragon
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #12 on: May 27, 2005, 04:14:07 PM »

My fault .. Embarrassed .. I should have told you .. Wink

Ok let's go ..

** PRINT THIS FIX OUT **

** CLOSE ALL OPEN WINDOWS INCLUDING THIS ONE **


Now Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



First Goto START>RUN
Type or Copy/Paste these lines below into the Run Box 1 at a time Pressing OK after each:

regsvr32 /u upogh.dll
regsvr32 /u mfcvn.dll



Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

wuauclt.exe <<< STOP THIS PROCESS - DO NOT DELETE
mfcuk.exe
sysii.exe
winbp.exe
atlad32.exe
iejq.exe
crto32.exe
ntup32.exe
ievn32.exe
mste32.exe
ieak.exe
ieph.exe
ipdb.exe
mssq32.exe
winjg.exe
mshb.exe
ieqb32.exe
atldh.exe
appkb32.exe
ipdy32.exe
apiqq32.exe
ieek32.exe
sysye.exe
ntda.exe
sysym.exe
msnb.exe
applo.exe
addmo32.exe
addal32.exe
crfp32.exe
addab32.exe
mfcnf.exe
atlog32.exe
appcc32.exe
ipmt.exe
crfu.exe
apiwb32.exe
d3kq32.exe
mfckq32.exe
javafk32.exe
mssg.exe
ipyj.exe
atlcv.exe
sdkpa32.exe

Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\upogh.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\upogh.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\upogh.dll/sp.html#14044

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {FBD510D7-7593-FDD3-1C34-C5FEB77E69B3} - C:\WINDOWS\system32\mfcvn.dll

O4 - HKLM\..\Run: [mfcuk.exe] C:\WINDOWS\system32\mfcuk.exe
O4 - HKLM\..\Run: [sysii.exe] C:\WINDOWS\system32\sysii.exe

O4 - HKLM\..\RunOnce: [winbp.exe] C:\WINDOWS\system32\winbp.exe
O4 - HKLM\..\RunOnce: [atlad32.exe] C:\WINDOWS\system32\atlad32.exe
O4 - HKLM\..\RunOnce: [iejq.exe] C:\WINDOWS\iejq.exe
O4 - HKLM\..\RunOnce: [crto32.exe] C:\WINDOWS\crto32.exe
O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\ntup32.exe
O4 - HKLM\..\RunOnce: [ievn32.exe] C:\WINDOWS\ievn32.exe
O4 - HKLM\..\RunOnce: [mste32.exe] C:\WINDOWS\system32\mste32.exe
O4 - HKLM\..\RunOnce: [ieak.exe] C:\WINDOWS\ieak.exe
O4 - HKLM\..\RunOnce: [ieph.exe] C:\WINDOWS\system32\ieph.exe
O4 - HKLM\..\RunOnce: [ipdb.exe] C:\WINDOWS\system32\ipdb.exe
O4 - HKLM\..\RunOnce: [mssq32.exe] C:\WINDOWS\mssq32.exe
O4 - HKLM\..\RunOnce: [winjg.exe] C:\WINDOWS\winjg.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ieqb32.exe] C:\WINDOWS\system32\ieqb32.exe
O4 - HKLM\..\RunOnce: [atldh.exe] C:\WINDOWS\system32\atldh.exe
O4 - HKLM\..\RunOnce: [appkb32.exe] C:\WINDOWS\system32\appkb32.exe
O4 - HKLM\..\RunOnce: [ipdy32.exe] C:\WINDOWS\ipdy32.exe
O4 - HKLM\..\RunOnce: [apiqq32.exe] C:\WINDOWS\system32\apiqq32.exe
O4 - HKLM\..\RunOnce: [ieek32.exe] C:\WINDOWS\system32\ieek32.exe
O4 - HKLM\..\RunOnce: [sysye.exe] C:\WINDOWS\sysye.exe
O4 - HKLM\..\RunOnce: [ntda.exe] C:\WINDOWS\system32\ntda.exe
O4 - HKLM\..\RunOnce: [sysym.exe] C:\WINDOWS\sysym.exe
O4 - HKLM\..\RunOnce: [msnb.exe] C:\WINDOWS\msnb.exe
O4 - HKLM\..\RunOnce: [applo.exe] C:\WINDOWS\system32\applo.exe
O4 - HKLM\..\RunOnce: [addmo32.exe] C:\WINDOWS\addmo32.exe
O4 - HKLM\..\RunOnce: [addal32.exe] C:\WINDOWS\system32\addal32.exe
O4 - HKLM\..\RunOnce: [crfp32.exe] C:\WINDOWS\crfp32.exe
O4 - HKLM\..\RunOnce: [addab32.exe] C:\WINDOWS\system32\addab32.exe
O4 - HKLM\..\RunOnce: [mfcnf.exe] C:\WINDOWS\mfcnf.exe
O4 - HKLM\..\RunOnce: [atlog32.exe] C:\WINDOWS\system32\atlog32.exe
O4 - HKLM\..\RunOnce: [appcc32.exe] C:\WINDOWS\appcc32.exe
O4 - HKLM\..\RunOnce: [ipmt.exe] C:\WINDOWS\system32\ipmt.exe
O4 - HKLM\..\RunOnce: [crfu.exe] C:\WINDOWS\system32\crfu.exe
O4 - HKLM\..\RunOnce: [apiwb32.exe] C:\WINDOWS\system32\apiwb32.exe
O4 - HKLM\..\RunOnce: [d3kq32.exe] C:\WINDOWS\system32\d3kq32.exe
O4 - HKLM\..\RunOnce: [mfckq32.exe] C:\WINDOWS\mfckq32.exe
O4 - HKLM\..\RunOnce: [javafk32.exe] C:\WINDOWS\system32\javafk32.exe
O4 - HKLM\..\RunOnce: [mssg.exe] C:\WINDOWS\system32\mssg.exe
O4 - HKLM\..\RunOnce: [ipyj.exe] C:\WINDOWS\ipyj.exe
O4 - HKLM\..\RunOnce: [atlcv.exe] C:\WINDOWS\system32\atlcv.exe
O4 - HKLM\..\RunOnce: [sdkpa32.exe] C:\WINDOWS\system32\sdkpa32.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)


O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab

O23 - Service: Network Security Service (NSS) ( 11F
« Last Edit: May 27, 2005, 11:53:50 PM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Dragon25030
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 88


Bookmark and Share

View Profile
« Reply #13 on: May 27, 2005, 06:38:30 PM »

I tried everything you said to do, but ran into trouble when I was supposed to download the ccleaner. To do that I had to open my browser. The log looks better but there is still something hijacking my homepage. Here is a new log I will try to keep my computer on until I hear back from you but I may have to leave in about an hour or so. I will do nothing else until I hear from you.

Logfile of HijackThis v1.99.1
Scan saved at 1:33:40 PM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntha.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ryali.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8D0E2CDC-2340-2D6B-DBFC-F49D56B0FCEC} - C:\WINDOWS\winbe.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntha.exe] C:\WINDOWS\system32\ntha.exe
O4 - HKLM\..\RunOnce: [javaam32.exe] C:\WINDOWS\javaam32.exe
O4 - HKLM\..\RunOnce: [netjm32.exe] C:\WINDOWS\system32\netjm32.exe
O4 - HKLM\..\RunOnce: [msls.exe] C:\WINDOWS\msls.exe
O4 - HKLM\..\RunOnce: [addok.exe] C:\WINDOWS\system32\addok.exe
O4 - HKLM\..\RunOnce: [addkd32.exe] C:\WINDOWS\system32\addkd32.exe
O4 - HKLM\..\RunOnce: [apilu.exe] C:\WINDOWS\apilu.exe
O4 - HKLM\..\RunOnce: [appck.exe] C:\WINDOWS\system32\appck.exe
O4 - HKLM\..\RunOnce: [ntnh32.exe] C:\WINDOWS\ntnh32.exe
O4 - HKLM\..\RunOnce: [iplf32.exe] C:\WINDOWS\system32\iplf32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11F
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #14 on: May 28, 2005, 12:09:50 AM »

Restart your computer in Safe Mode. How do I Safe Boot my computer?


First Goto START>RUN
Type or Copy/Paste these lines below into the Run Box 1 at a time Pressing OK after each:

regsvr32 /u ryali.dll
regsvr32 /u winbe.dll

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

ntha.exe
javaam32.exe
netjm32.exe
msls.exe
addok.exe
addkd32.exe
apilu.exe
appck.exe
ntnh32.exe
iplf32.exe

Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ryali.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ryali.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ryali.dll/sp.html#14044

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing


O2 - BHO: Class - {8D0E2CDC-2340-2D6B-DBFC-F49D56B0FCEC} - C:\WINDOWS\winbe.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ntha.exe] C:\WINDOWS\system32\ntha.exe
O4 - HKLM\..\RunOnce: [javaam32.exe] C:\WINDOWS\javaam32.exe
O4 - HKLM\..\RunOnce: [netjm32.exe] C:\WINDOWS\system32\netjm32.exe
O4 - HKLM\..\RunOnce: [msls.exe] C:\WINDOWS\msls.exe
O4 - HKLM\..\RunOnce: [addok.exe] C:\WINDOWS\system32\addok.exe
O4 - HKLM\..\RunOnce: [addkd32.exe] C:\WINDOWS\system32\addkd32.exe
O4 - HKLM\..\RunOnce: [apilu.exe] C:\WINDOWS\apilu.exe
O4 - HKLM\..\RunOnce: [appck.exe] C:\WINDOWS\system32\appck.exe
O4 - HKLM\..\RunOnce: [ntnh32.exe] C:\WINDOWS\ntnh32.exe
O4 - HKLM\..\RunOnce: [iplf32.exe] C:\WINDOWS\system32\iplf32.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O23 - Service: Network Security Service (NSS) ( 11F
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 26, 2018, 03:37:39 AM