• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
MelKat

Problems with ISTbar, CommonName, etc.

5 posts in this topic

I need help completely removing ISTbar, CommonName and I am sure several

other types of malware. I followed the instructions in the FAQ, and ran

Ad-Aware and spybot S & D. When I reboot everything comes back. Now I

also have trouble with a Trojan Horse REVOP.C that AVG can find but can't

seem to remove. If anyone has the time to help I would greatly appreciate

it. This is my first posting, I tried deducing what I needed to do from

reading other posts but I am afraid of doing more damage on my own. Please

have patience with my replies I work odd hours.

 

Here is my Startup List and HiJack Log:

 

 

StartupList report, 5/21/2004, 11:01:52 AM

StartupList version: 1.52

Started from : C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\System32\NMSSvc.exe

C:\WINNT\GWMDMMSG.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\System32\SnoopFreeSvc.exe

C:\WINNT\System32\SnoopFreeSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ISP50\bin\bartshel.exe

C:\WINNT\System32\LXSUPMON.EXE

C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\SM1BG.EXE

C:\WINNT\System32\tnyuevh.exe

C:\WINNT\System32\jgdkxuw.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\WINNT\System32\hpdllhost.exe

C:\WINNT\System32\QuikSearch.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\PROGRA~1\ISP50\bin\ppshared.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\WINNT\SnoopFreeUI.exe

C:\WINNT\SnoopFreeUI.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\WINNT\System32\SQsky.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINNT\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Hot Key Kbd 9910 Daemon = SK9910DM.EXE

GWMDMMSG = GWMDMMSG.exe

IgfxTray = C:\WINNT\System32\igfxtray.exe

HotKeysCmds = C:\WINNT\System32\hkcmd.exe

Keyboard Preload Check = C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

GWMDMpi = C:\WINNT\GWMDMpi.exe

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

Bart Station = C:\Program Files\ISP50\hta\station.sbrt

PrinTray = C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe

LXSUPMON = C:\WINNT\System32\LXSUPMON.EXE RUN

SAITEKAUTOCONFIGURE = C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe

SM1BG = C:\WINNT\SM1BG.EXE

nssysconf = C:\WINNT\System32\tnyuevh.exe

hpsysconf1 = C:\WINNT\System32\jgdkxuw.exe

kw3eef76 = rundll32.exe C:\WINNT\System32\kw3eef76.dll,EnableRunDLL32

inetmgr = C:\PROGRA~1\INTERN~2\inetmgr.exe

he3e3fc4 = rundll32.exe C:\WINNT\System32\he3e3fc4.dll,EnableRunDLL32

li01f948 = rundll32.exe C:\WINNT\System32\li01f948.dll,EnableRunDLL32

000hpdllhost = C:\WINNT\System32\hpdllhost.exe

readdb40 = rundll32.exe C:\WINNT\System32\readdb40.dll,EnableRunDLL32

iel2cde8 = rundll32.exe C:\WINNT\System32\iel2cde8.dll,EnableRunDLL32

icdd7ee6 = rundll32.exe C:\WINNT\System32\icdd7ee6.dll,EnableRunDLL32

si91e44b = rundll32.exe C:\WINNT\System32\si91e44b.dll,EnableRunDLL32

wm41a398 = rundll32.exe C:\WINNT\System32\wm41a398.dll,EnableRunDLL32

QuikSearch = C:\WINNT\System32\QuikSearch.exe

PPCRunonce = C:\WINNT\System32\PPCRunOnce.exe

AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

Microsoft IIS = C:\WINNT\system32\syshost.exe

SnoopFreeUI = SnoopFreeUI.exe

Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

SQInstall = C:\WINNT\System32\SQsky.exe

ashMaiSv = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

RamBooster = C:\PROGRA~1\RAMBOO~1\RAMBOO~1.EXE

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\WINNT\System32\kw3eef76.dll - {00000000-0000-0000-8835-3EFF76BF2657}

(no name) - C:\WINNT\System32\icdd7ee6.dll - {00000000-0000-0000-BFA1-D7EE6696B865}

(no name) - C:\WINNT\System32\wm41a398.dll - {00000000-0000-41a3-98CF-00000000168B}

(no name) - C:\WINNT\System32\iel2cde8.dll - {00000000-0000-47c5-A90F-2CDE8F7638DB}

(no name) - C:\WINNT\System32\he3e3fc4.dll - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09}

(no name) - C:\PROGRA~1\INTERN~2\inetkw.dll - {046D6EA4-15E3-4b27-8010-45BD78A9219E}

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\ISP50\bin\BandObject.dll - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Norton AntiVirus - Scan my computer.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft Office Template and Media Control]

InProcServer32 = C:\WINNT\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

 

[MSSecurityAdvisor Class]

InProcServer32 = C:\WINNT\System32\mssecadv.dll

CODEBASE = http://protect.microsoft.com/security/prot...b?1063830139750

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[dldisplay Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\ghdlctl.dll

CODEBASE = http://www.gamehouse.com/ghdlctl.cab

 

[TechToolsActivex.TechTools]

InProcServer32 = C:\WINNT\Downloaded Program Files\TechTools.ocx

CODEBASE = hcp://system/TechTools.CAB

 

[RdxIE Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\RdxIE.dll

CODEBASE = http://207.188.7.150/12f9e97b04f502d65900/...ip/RdxIE601.cab

 

[RunExeActiveX.RunExe]

InProcServer32 = C:\WINNT\Downloaded Program Files\RunExeActiveX.ocx

CODEBASE = hcp://system/RunExeActiveX.CAB

 

[installShield International Setup Player]

InProcServer32 = c:\winnt\DOWNLO~1\isetup.dll

CODEBASE = http://www.napster.com/client/isetup.cab

 

[startFirstControl.CheckFirst]

InProcServer32 = C:\WINNT\Downloaded Program Files\StartFirstControl.ocx

CODEBASE = hcp://system/StartFirstControl.CAB

 

[compid Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\gwCID.dll

CODEBASE = http://support.gateway.com/support/serialharvest/gwCID.CAB

 

[update Class]

InProcServer32 = C:\WINNT\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8119.4641782407

 

[sassCln Object]

InProcServer32 = C:\WINNT\Downloaded Program Files\SassCln.dll

CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB

 

[{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}]

CODEBASE = http://install.wildtangent.com/bgn/partner...lls/install.cab

 

[View22RTE Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\View22RTE.dll

CODEBASE = http://kohler1.view22.com/apps/view22RTE.cab

 

[symantec RuFSI Registry Information Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINNT\System32\macromed\flash\swflash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[{DC187740-46A9-11D5-A815-00B0D0428C0C}]

CODEBASE = http://www.pcpowerscan.com/pcpowerscan.cab

 

[sDKInstall Class]

InProcServer32 = C:\WINNT\sdkinst.dll

CODEBASE = http://activex.microsoft.com/activex/contr...ate/sdkinst.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINNT\system32\SHELL32.dll

CDBurn: C:\WINNT\system32\SHELL32.dll

WebCheck: C:\WINNT\System32\webcheck.dll

SysTray: C:\WINNT\System32\stobject.dll

 

--------------------------------------------------

End of report, 10,381 bytes

Report generated in 1.297 seconds

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:03:14 AM, on 5/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\System32\NMSSvc.exe

C:\WINNT\GWMDMMSG.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\System32\SnoopFreeSvc.exe

C:\WINNT\System32\SnoopFreeSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ISP50\bin\bartshel.exe

C:\WINNT\System32\LXSUPMON.EXE

C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\SM1BG.EXE

C:\WINNT\System32\tnyuevh.exe

C:\WINNT\System32\jgdkxuw.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\WINNT\System32\hpdllhost.exe

C:\WINNT\System32\QuikSearch.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\PROGRA~1\ISP50\bin\ppshared.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\WINNT\SnoopFreeUI.exe

C:\WINNT\SnoopFreeUI.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\WINNT\System32\SQsky.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

C:\WINNT\System32\notepad.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage

O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts

O2 - BHO: (no name) - {00000000-0000-0000-8835-3EFF76BF2657} - C:\WINNT\System32\kw3eef76.dll

O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\WINNT\System32\icdd7ee6.dll

O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - C:\WINNT\System32\wm41a398.dll

O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\WINNT\System32\iel2cde8.dll

O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\WINNT\System32\he3e3fc4.dll

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~2\inetkw.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\WINNT\System32\li01f948.dll

O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\WINNT\System32\readdb40.dll

O3 - Toolbar: (no name) - {28A19C3E-91E4-4bca-A623-BAF3C43C4F49} - C:\WINNT\System32\si91e44b.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [bart Station] C:\Program Files\ISP50\hta\station.sbrt

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [sAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXE

O4 - HKLM\..\Run: [nssysconf] C:\WINNT\System32\tnyuevh.exe

O4 - HKLM\..\Run: [hpsysconf1] C:\WINNT\System32\jgdkxuw.exe

O4 - HKLM\..\Run: [kw3eef76] rundll32.exe C:\WINNT\System32\kw3eef76.dll,EnableRunDLL32

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\WINNT\System32\he3e3fc4.dll,EnableRunDLL32

O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\WINNT\System32\li01f948.dll,EnableRunDLL32

O4 - HKLM\..\Run: [000hpdllhost] C:\WINNT\System32\hpdllhost.exe

O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\WINNT\System32\readdb40.dll,EnableRunDLL32

O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\WINNT\System32\iel2cde8.dll,EnableRunDLL32

O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\WINNT\System32\icdd7ee6.dll,EnableRunDLL32

O4 - HKLM\..\Run: [si91e44b] rundll32.exe C:\WINNT\System32\si91e44b.dll,EnableRunDLL32

O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\WINNT\System32\wm41a398.dll,EnableRunDLL32

O4 - HKLM\..\Run: [QuikSearch] C:\WINNT\System32\QuikSearch.exe

O4 - HKLM\..\Run: [PPCRunonce] C:\WINNT\System32\PPCRunOnce.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe

O4 - HKLM\..\Run: [snoopFreeUI] SnoopFreeUI.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [sQInstall] C:\WINNT\System32\SQsky.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKCU\..\Run: [RamBooster] C:\PROGRA~1\RAMBOO~1\RAMBOO~1.EXE

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/prot...b?1063830139750

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab

O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12f9e97b04f502d65900/...ip/RdxIE601.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8119.4641782407

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...lls/install.cab

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/apps/view22RTE.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab

O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/contr...ate/sdkinst.cab

 

 

Thanks in advance for any and all assistance. I can tell from looking at other HiJack logs mine is a piece of work.

Edited by MelKat

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {00000000-0000-0000-8835-3EFF76BF2657} - C:\WINNT\System32\kw3eef76.dll

O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\WINNT\System32\icdd7ee6.dll

O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - C:\WINNT\System32\wm41a398.dll

O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\WINNT\System32\iel2cde8.dll

O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\WINNT\System32\he3e3fc4.dll

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~2\inetkw.dll

 

O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\WINNT\System32\li01f948.dll

O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\WINNT\System32\readdb40.dll

O3 - Toolbar: (no name) - {28A19C3E-91E4-4bca-A623-BAF3C43C4F49} - C:\WINNT\System32\si91e44b.dll

 

O4 - HKLM\..\Run: [nssysconf] C:\WINNT\System32\tnyuevh.exe

O4 - HKLM\..\Run: [hpsysconf1] C:\WINNT\System32\jgdkxuw.exe

O4 - HKLM\..\Run: [kw3eef76] rundll32.exe C:\WINNT\System32\kw3eef76.dll,EnableRunDLL32

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\WINNT\System32\he3e3fc4.dll,EnableRunDLL32

O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\WINNT\System32\li01f948.dll,EnableRunDLL32

O4 - HKLM\..\Run: [000hpdllhost] C:\WINNT\System32\hpdllhost.exe

O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\WINNT\System32\readdb40.dll,EnableRunDLL32

O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\WINNT\System32\iel2cde8.dll,EnableRunDLL32

O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\WINNT\System32\icdd7ee6.dll,EnableRunDLL32

O4 - HKLM\..\Run: [si91e44b] rundll32.exe C:\WINNT\System32\si91e44b.dll,EnableRunDLL32

O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\WINNT\System32\wm41a398.dll,EnableRunDLL32

O4 - HKLM\..\Run: [QuikSearch] C:\WINNT\System32\QuikSearch.exe

O4 - HKLM\..\Run: [PPCRunonce] C:\WINNT\System32\PPCRunOnce.exe

O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe

O4 - HKLM\..\Run: [snoopFreeUI] SnoopFreeUI.exe

O4 - HKLM\..\Run: [sQInstall] C:\WINNT\System32\SQsky.exe

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12f9e97b04f502d65900/...ip/RdxIE601.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...lls/install.cab

Reboot, and delete

 

files

C:\WINNT\System32\tnyuevh.exe

C:\WINNT\System32\jgdkxuw.exe

C:\WINNT\System32\kw3eef76.dll

C:\Program Files\INTERN~2\inetmgr.exe

C:\WINNT\System32\he3e3fc4.dll

C:\WINNT\System32\li01f948.dll

C:\WINNT\System32\hpdllhost.exe

C:\WINNT\System32\readdb40.dll

C:\WINNT\System32\iel2cde8.dll

C:\WINNT\System32\icdd7ee6.dll

C:\WINNT\System32\si91e44b.dll

C:\WINNT\System32\wm41a398.dll

C:\WINNT\System32\QuikSearch.exe

C:\WINNT\system32\syshost.exe

C:\WINNT\System32\SQsky.exe

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if the problems persist.

Share this post


Link to post
Share on other sites

Dave38,

 

I did everything you said and I can tell my computer is running smoother, thank you very much.

 

The only problem I had was being unable to remove C:\Program Files\INTERN~2\inetmgr.exe. I kept getting an error message "Cannot delete inetmgr: Access Denied". Is it possible to delete this in a DOS window without damaging anything or can it be done in Safe Mode?

 

Here is my new Startup List and HiJack Log:

 

StartupList report, 5/22/2004, 7:44:30 AM

StartupList version: 1.52

Started from : C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\NMSSvc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ISP50\bin\bartshel.exe

C:\WINNT\System32\LXSUPMON.EXE

C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\SM1BG.EXE

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\PROGRA~1\ISP50\bin\ppshared.exe

C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINNT\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Hot Key Kbd 9910 Daemon = SK9910DM.EXE

GWMDMMSG = GWMDMMSG.exe

IgfxTray = C:\WINNT\System32\igfxtray.exe

HotKeysCmds = C:\WINNT\System32\hkcmd.exe

Keyboard Preload Check = C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

GWMDMpi = C:\WINNT\GWMDMpi.exe

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

Bart Station = C:\Program Files\ISP50\hta\station.sbrt

PrinTray = C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe

LXSUPMON = C:\WINNT\System32\LXSUPMON.EXE RUN

SAITEKAUTOCONFIGURE = C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe

SM1BG = C:\WINNT\SM1BG.EXE

AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

ashMaiSv = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

inetmgr = C:\PROGRA~1\INTERN~2\inetmgr.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

RamBooster = C:\PROGRA~1\RAMBOO~1\RAMBOO~1.EXE

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRA~1\INTERN~2\inetkw.dll - {046D6EA4-15E3-4b27-8010-45BD78A9219E}

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\ISP50\bin\BandObject.dll - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Norton AntiVirus - Scan my computer.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft Office Template and Media Control]

InProcServer32 = C:\WINNT\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

 

[MSSecurityAdvisor Class]

InProcServer32 = C:\WINNT\System32\mssecadv.dll

CODEBASE = http://protect.microsoft.com/security/prot...b?1063830139750

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[dldisplay Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\ghdlctl.dll

CODEBASE = http://www.gamehouse.com/ghdlctl.cab

 

[TechToolsActivex.TechTools]

InProcServer32 = C:\WINNT\Downloaded Program Files\TechTools.ocx

CODEBASE = hcp://system/TechTools.CAB

 

[RunExeActiveX.RunExe]

InProcServer32 = C:\WINNT\Downloaded Program Files\RunExeActiveX.ocx

CODEBASE = hcp://system/RunExeActiveX.CAB

 

[startFirstControl.CheckFirst]

InProcServer32 = C:\WINNT\Downloaded Program Files\StartFirstControl.ocx

CODEBASE = hcp://system/StartFirstControl.CAB

 

[compid Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\gwCID.dll

CODEBASE = http://support.gateway.com/support/serialharvest/gwCID.CAB

 

[update Class]

InProcServer32 = C:\WINNT\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8119.4641782407

 

[sassCln Object]

InProcServer32 = C:\WINNT\Downloaded Program Files\SassCln.dll

CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB

 

[View22RTE Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\View22RTE.dll

CODEBASE = http://kohler1.view22.com/apps/view22RTE.cab

 

[symantec RuFSI Registry Information Class]

InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINNT\System32\macromed\flash\swflash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[{DC187740-46A9-11D5-A815-00B0D0428C0C}]

CODEBASE = http://www.pcpowerscan.com/pcpowerscan.cab

 

[sDKInstall Class]

InProcServer32 = C:\WINNT\sdkinst.dll

CODEBASE = http://activex.microsoft.com/activex/contr...ate/sdkinst.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINNT\system32\SHELL32.dll

CDBurn: C:\WINNT\system32\SHELL32.dll

WebCheck: C:\WINNT\System32\webcheck.dll

SysTray: C:\WINNT\System32\stobject.dll

 

--------------------------------------------------

End of report, 8,324 bytes

Report generated in 4.828 seconds

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:46:54 AM, on 5/22/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\NMSSvc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ISP50\bin\bartshel.exe

C:\WINNT\System32\LXSUPMON.EXE

C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\SM1BG.EXE

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\PROGRA~1\ISP50\bin\ppshared.exe

C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage

O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~2\inetkw.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [bart Station] C:\Program Files\ISP50\hta\station.sbrt

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [sAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - HKCU\..\Run: [RamBooster] C:\PROGRA~1\RAMBOO~1\RAMBOO~1.EXE

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/prot...b?1063830139750

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab

O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8119.4641782407

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/apps/view22RTE.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab

O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/contr...ate/sdkinst.cab

 

 

 

While I was deleting all the files from the System32 file, I noticed several other programs that looked questionable. I performed a search inclusive of the time frame I believe most of this junk got into the computer system and here is a list of what it found:

ai_loader.exe

Aischk.exe

Aisysus.exe

Bischk.exe

Bisys.exe

Ez032304.exe

Ezschk.exe

Ezsys.exe

Ielreg.exe

Inetkw.exe

inetkwschk.exe

inetkwsys.exe

kzc.exe

Lzreg.exe

Rdreg.exe

sahagent-skyhorn.exe

Sahschk.exe

Sahsys.exe

Sq2chk.exe

Sqsysnew.exe

Tvm_b5.exe

Tvmschk.exe

Tvmsys.exe

 

Is it possible for me to delete any of these without damaging my system?

 

Please get back with me whenever you can, I really appreciate your assistance.

 

 

Thanks!

MelKat

Edited by MelKat

Share this post


Link to post
Share on other sites

some of these can be very sticky!

 

Reboot into safe mode.(tap F8 as the computer boots, and select safe mode from the menu.)

 

Run Hijack this again, and fix the entry

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

Then, WITHOUT rebooting, delete the folder C:\PROGRA~1\INTERN~2.

 

The other files you list certainly do not appear to be associated with legitimate programs. To check find each one, and inspect the properties to see if is associeated with any of the programs you have installed. If not, delete them. (to the recycle bin), and see if anything is broken, or any error messages appear.

Share this post


Link to post
Share on other sites

Dave38,

 

I did as you advised and everything seems to be back to normal. I ran Ad-Aware and had a clean report. I did remove the suspicious programs with no ill effects so far. Thank you very much for all of your help, I felt like my computer was being held hostage and you "saved" it. I am so glad I found this forum!

 

 

Thank You

 

MelKat

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0