• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
KevRus

My Computer Is Going Crazy! HELP!

28 posts in this topic

Okay, I've read the FAQ.

 

Lately my computer has been going CRAZY! I delete all spyware, and it comes back! My Internet Explorer homepage changes, I get weird fake search pages, when I just deleted spyware! My computer goes unusually slow... help!

 

Also, on startup, I get many random error message, but usually these are the ones I get:

 

C:\Program is missing.

javaob32.exe and netff.exe encountered errors and need to close

 

 

Sometimes when you click Send or Don't Send, they keep popping up, and you can't start Windows! And finally, explorer encounters an error and needs to close everytime I start up Windows too!

 

Can someone please help me? My computer is running so slow and I get pop-ups that make my full-screen programs minimize, only to find a stupid fake pop-up with Windows XP: Clean!!!! Internet Explorer: CLEAN!! SPYWARE: ERROR!!! lol some of these pop-ups crack me up. Can anyone help me? Thanks. :lol::techsupport::techsupport:

 

EDIT: I forgot to add that MIDI files aren't playing and Notepad closes out of nowhere while reading or creating text files without an error message or anything, just boom, it's gone....jeez my computer's messed up....

 

And here's my log from HijackThis:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:20:17 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\msCMTSrvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\netff.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\Program Files\2Wire\Gateway\2PortalMon.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Microsoft Works\WksSb.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\winbas12.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\system32\addxj.exe

C:\WINDOWS\System32\dxrdiag.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jlvga.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jlvga.dll/index.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jlvga.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jlvga.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jlvga.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jlvga.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {78D4C8D4-B5A0-4883-C6D7-F97D04BE0876} - C:\WINDOWS\system32\sysir.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apijz32.exe] C:\WINDOWS\system32\apijz32.exe

O4 - HKLM\..\Run: [appnc.exe] C:\WINDOWS\system32\appnc.exe

O4 - HKLM\..\Run: [addxj.exe] C:\WINDOWS\system32\addxj.exe

O4 - HKLM\..\Run: [ipny.exe] C:\WINDOWS\system32\ipny.exe

O4 - HKLM\..\Run: [sysnv.exe] C:\WINDOWS\system32\sysnv.exe

O4 - HKLM\..\Run: [winxa.exe] C:\WINDOWS\system32\winxa.exe

O4 - HKLM\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [nettr.exe] C:\WINDOWS\system32\nettr.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

O4 - HKCU\..\Run: [QuidditchWorldCupSnitchCluster] C:\Program Files\Desktop Golden Snitch US\skinkers.exe

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKLM\..\RunOnce: [msrh.exe] C:\WINDOWS\system32\msrh.exe

O4 - HKLM\..\RunOnce: [javayv.exe] C:\WINDOWS\system32\javayv.exe

O4 - HKLM\..\RunOnce: [javaqc.exe] C:\WINDOWS\javaqc.exe

O4 - HKLM\..\RunOnce: [msoy.exe] C:\WINDOWS\msoy.exe

O4 - HKLM\..\RunOnce: [addwn32.exe] C:\WINDOWS\addwn32.exe

O4 - HKLM\..\RunOnce: [iefk32.exe] C:\WINDOWS\system32\iefk32.exe

O4 - HKLM\..\RunOnce: [nttm32.exe] C:\WINDOWS\nttm32.exe

O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe

O4 - HKLM\..\RunOnce: [sdkwn.exe] C:\WINDOWS\sdkwn.exe

O4 - HKLM\..\RunOnce: [ipzr32.exe] C:\WINDOWS\ipzr32.exe

O4 - HKLM\..\RunOnce: [mfchf.exe] C:\WINDOWS\system32\mfchf.exe

O4 - HKLM\..\RunOnce: [addmx.exe] C:\WINDOWS\addmx.exe

O4 - HKLM\..\RunOnce: [d3nc.exe] C:\WINDOWS\d3nc.exe

O4 - HKLM\..\RunOnce: [apihw.exe] C:\WINDOWS\system32\apihw.exe

O4 - HKLM\..\RunOnce: [apioq.exe] C:\WINDOWS\system32\apioq.exe

O4 - HKLM\..\RunOnce: [apicj.exe] C:\WINDOWS\system32\apicj.exe

O4 - HKLM\..\RunOnce: [netqh32.exe] C:\WINDOWS\netqh32.exe

O4 - HKLM\..\RunOnce: [ipys.exe] C:\WINDOWS\system32\ipys.exe

O4 - HKLM\..\RunOnce: [crrk.exe] C:\WINDOWS\system32\crrk.exe

O4 - HKLM\..\RunOnce: [d3wy.exe] C:\WINDOWS\system32\d3wy.exe

O4 - HKLM\..\RunOnce: [mfczh32.exe] C:\WINDOWS\mfczh32.exe

O4 - HKLM\..\RunOnce: [mfcll32.exe] C:\WINDOWS\mfcll32.exe

O4 - HKLM\..\RunOnce: [mfcwq.exe] C:\WINDOWS\system32\mfcwq.exe

O4 - HKLM\..\RunOnce: [javaob32.exe] C:\WINDOWS\javaob32.exe

O4 - HKLM\..\RunOnce: [atliv32.exe] C:\WINDOWS\system32\atliv32.exe

O4 - HKLM\..\RunOnce: [mshc.exe] C:\WINDOWS\system32\mshc.exe

O4 - HKLM\..\RunOnce: [nettw.exe] C:\WINDOWS\system32\nettw.exe

O4 - HKLM\..\RunOnce: [netol32.exe] C:\WINDOWS\system32\netol32.exe

O4 - HKLM\..\RunOnce: [ipxi.exe] C:\WINDOWS\system32\ipxi.exe

O4 - HKLM\..\RunOnce: [d3ib32.exe] C:\WINDOWS\system32\d3ib32.exe

O4 - HKLM\..\RunOnce: [sdkzt.exe] C:\WINDOWS\sdkzt.exe

O4 - HKLM\..\RunOnce: [iegx.exe] C:\WINDOWS\system32\iegx.exe

O4 - HKLM\..\RunOnce: [sdksm.exe] C:\WINDOWS\system32\sdksm.exe

O4 - HKLM\..\RunOnce: [mswk.exe] C:\WINDOWS\mswk.exe

O4 - HKLM\..\RunOnce: [appik32.exe] C:\WINDOWS\appik32.exe

O4 - HKLM\..\RunOnce: [javakw32.exe] C:\WINDOWS\javakw32.exe

O4 - HKLM\..\RunOnce: [addma32.exe] C:\WINDOWS\addma32.exe

O4 - HKLM\..\RunOnce: [atlah32.exe] C:\WINDOWS\atlah32.exe

O4 - HKLM\..\RunOnce: [d3lv32.exe] C:\WINDOWS\d3lv32.exe

O4 - HKLM\..\RunOnce: [iekn.exe] C:\WINDOWS\system32\iekn.exe

O4 - HKLM\..\RunOnce: [ntqm.exe] C:\WINDOWS\system32\ntqm.exe

O4 - HKLM\..\RunOnce: [crmc.exe] C:\WINDOWS\system32\crmc.exe

O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe

O4 - HKLM\..\RunOnce: [ntbf32.exe] C:\WINDOWS\ntbf32.exe

O4 - HKLM\..\RunOnce: [netag.exe] C:\WINDOWS\system32\netag.exe

O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe

O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe

O4 - HKLM\..\RunOnce: [sdkja32.exe] C:\WINDOWS\sdkja32.exe

O4 - HKLM\..\RunOnce: [netff.exe] C:\WINDOWS\system32\netff.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neoblue5.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\svchost.exe

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/NPC...otDateTeleX.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.i1.yimg.com/us.yimg.com/i/chat/a...v45/yacscom.cab

O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/Ma...cationTeleX.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {558958F1-FF22-4A76-8595-79A6B7BA698A} (PuzzleBobbleLauncher Control) - https://www.pbo.jp/bobrun/PuzzleBobbleLauncher.ocx

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13a70aa1c22959c20404/...ip/RdxIE601.cab

O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab

O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab

O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7494.3085300926

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.11...est/tt_test.cab

 

Please help! Thanks!

Edited by KevRus

Share this post


Link to post
Share on other sites

I'm sorry, I know I'm not supposed to bump so much, but it's been a while now and no one has replied to me. Is it because I have a huge problem? Can't anyone please at least reply to me? :-/ Please help me!

Share this post


Link to post
Share on other sites

hi,

 

I am by no means an expert. But from what I know I would suggest running both AdAware and Spybot Search and Destroy if you have not already done so. You can probably find links for them in others posts if you're unable to find them.

 

I am also having computer difficulty...unable to connect to the internet at all, it's awful. Someone who replied to me sent me this link: http://vil.nai.com/vil/stinger/ on this webpage is a virus scan and removal tool which searches for many viruses at once and might be able to help you.

 

Your problem also sounds to me like it might be related to the CWS virus, although I'm not sure. You might want to research that possibility through this forum and others posts and by searching.

 

After doing anything, post a new log.

 

Good luck.

 

Sincerely,

Damsel in Distress

Share this post


Link to post
Share on other sites

Okay, thanks I've been scanning for viruses the past hour, it's almost done. And it came up with some infected files so I'll check on that. I'll also run the CWShredder and check on that. Thanks for the help. :)

Share this post


Link to post
Share on other sites

Okay I scanned with CWShredder and my system was clean of CWS.

 

Norton's scan finished and there were 21 infected files (yikes lol) so I quarantined and deleted them all in safe mode. I get no more error messages on start-up anymore, but Explorer still needs to close for every start-up when the sound icon and networking icons try to load in the taskbar.

 

Internet Explorer also still has a changed search page and start-up page and I'm still getting pop-ups. I'll run that scan you reccomended to check again. Here's my new HijackThis logfile:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:14:07 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\msCMTSrvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\netff.exe

C:\WINDOWS\system32\appnc.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\Program Files\2Wire\Gateway\2PortalMon.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Microsoft Works\WksSb.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\winbas12.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\WINDOWS\System32\dxrdiag.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\utqjz.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://utqjz.dll/index.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://utqjz.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\utqjz.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://utqjz.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\utqjz.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {A0E095EB-74FB-9288-E117-E4EB1BCBB1EA} - C:\WINDOWS\syswd32.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apijz32.exe] C:\WINDOWS\system32\apijz32.exe

O4 - HKLM\..\Run: [appnc.exe] C:\WINDOWS\system32\appnc.exe

O4 - HKLM\..\Run: [addxj.exe] C:\WINDOWS\system32\addxj.exe

O4 - HKLM\..\Run: [ipny.exe] C:\WINDOWS\system32\ipny.exe

O4 - HKLM\..\Run: [sysnv.exe] C:\WINDOWS\system32\sysnv.exe

O4 - HKLM\..\Run: [winxa.exe] C:\WINDOWS\system32\winxa.exe

O4 - HKLM\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [nettr.exe] C:\WINDOWS\system32\nettr.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

O4 - HKCU\..\Run: [QuidditchWorldCupSnitchCluster] C:\Program Files\Desktop Golden Snitch US\skinkers.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKLM\..\RunOnce: [msrh.exe] C:\WINDOWS\system32\msrh.exe

O4 - HKLM\..\RunOnce: [javayv.exe] C:\WINDOWS\system32\javayv.exe

O4 - HKLM\..\RunOnce: [javaqc.exe] C:\WINDOWS\javaqc.exe

O4 - HKLM\..\RunOnce: [msoy.exe] C:\WINDOWS\msoy.exe

O4 - HKLM\..\RunOnce: [addwn32.exe] C:\WINDOWS\addwn32.exe

O4 - HKLM\..\RunOnce: [iefk32.exe] C:\WINDOWS\system32\iefk32.exe

O4 - HKLM\..\RunOnce: [nttm32.exe] C:\WINDOWS\nttm32.exe

O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe

O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe

O4 - HKLM\..\RunOnce: [ntbf32.exe] C:\WINDOWS\ntbf32.exe

O4 - HKLM\..\RunOnce: [netag.exe] C:\WINDOWS\system32\netag.exe

O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe

O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe

O4 - HKLM\..\RunOnce: [sdkja32.exe] C:\WINDOWS\sdkja32.exe

O4 - HKLM\..\RunOnce: [netff.exe] C:\WINDOWS\system32\netff.exe

O4 - HKLM\..\RunOnce: [ipfo.exe] C:\WINDOWS\ipfo.exe

O4 - HKLM\..\RunOnce: [atlhw32.exe] C:\WINDOWS\atlhw32.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neoblue5.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/NPC...otDateTeleX.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.i1.yimg.com/us.yimg.com/i/chat/a...v45/yacscom.cab

O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/Ma...cationTeleX.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {558958F1-FF22-4A76-8595-79A6B7BA698A} (PuzzleBobbleLauncher Control) - https://www.pbo.jp/bobrun/PuzzleBobbleLauncher.ocx

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13a70aa1c22959c20404/...ip/RdxIE601.cab

O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab

O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7494.3085300926

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.11...est/tt_test.cab

 

 

Does anyone see anything suspicious? What should I do next?? :wtf:

Share this post


Link to post
Share on other sites

I've already scanned and used Adaware and Spybot, I used a tutorial on Hijackthis and got rid of files I didn't need-but I'll check it again and run spybot and adaware again.

Share this post


Link to post
Share on other sites

hi again,

 

good job getting rid of those infected files. one thing that you might want to try is disabling system restore (it will ask you to reboot, do so) before you run the programs to get rid of the spyware. once the spyware is removed you can re-enable the system restore. here are directions for disabling system restore: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

 

also, you might want to run another virus scan with the system restore disabled.

 

also, are you still having problems with the notepad and midi files?

 

let me know what's going on...i'm leaving around 6

 

Sincerely,

:love:Damsel in Distress :love:

Share this post


Link to post
Share on other sites

Yes, I had system restore disabled for the Norton scan and everything I've been doing. I read that tutorial on HijackThis that was VERY helpful! I'm going to reboot into Normal Mode right now. (I'm in safe mode) There was tons of stuff in Hijackthis I didn't notice before. I'm going to restart right now and let you know if everything is working.

 

Just one question for now: Whenever I use spybot S&D, after the scan I get this message

 

Error during check!

Xabot (Ungulfiger Datentyp fur")

 

Is that a problem, and what's with the German or whatever it is?

 

Here's my new Hijackthis Log:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:07:25 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {A0E095EB-74FB-9288-E117-E4EB1BCBB1EA} - C:\WINDOWS\syswd32.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apijz32.exe] C:\WINDOWS\system32\apijz32.exe

O4 - HKLM\..\Run: [appnc.exe] C:\WINDOWS\system32\appnc.exe

O4 - HKLM\..\Run: [addxj.exe] C:\WINDOWS\system32\addxj.exe

O4 - HKLM\..\Run: [ipny.exe] C:\WINDOWS\system32\ipny.exe

O4 - HKLM\..\Run: [sysnv.exe] C:\WINDOWS\system32\sysnv.exe

O4 - HKLM\..\Run: [winxa.exe] C:\WINDOWS\system32\winxa.exe

O4 - HKLM\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [nettr.exe] C:\WINDOWS\system32\nettr.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

O4 - HKCU\..\Run: [QuidditchWorldCupSnitchCluster] C:\Program Files\Desktop Golden Snitch US\skinkers.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\RunOnce: [msrh.exe] C:\WINDOWS\system32\msrh.exe

O4 - HKLM\..\RunOnce: [javayv.exe] C:\WINDOWS\system32\javayv.exe

O4 - HKLM\..\RunOnce: [javaqc.exe] C:\WINDOWS\javaqc.exe

O4 - HKLM\..\RunOnce: [msoy.exe] C:\WINDOWS\msoy.exe

O4 - HKLM\..\RunOnce: [addwn32.exe] C:\WINDOWS\addwn32.exe

O4 - HKLM\..\RunOnce: [iefk32.exe] C:\WINDOWS\system32\iefk32.exe

O4 - HKLM\..\RunOnce: [nttm32.exe] C:\WINDOWS\nttm32.exe

O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe

O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe

O4 - HKLM\..\RunOnce: [ntbf32.exe] C:\WINDOWS\ntbf32.exe

O4 - HKLM\..\RunOnce: [netag.exe] C:\WINDOWS\system32\netag.exe

O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe

O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe

O4 - HKLM\..\RunOnce: [sdkja32.exe] C:\WINDOWS\sdkja32.exe

O4 - HKLM\..\RunOnce: [netff.exe] C:\WINDOWS\system32\netff.exe

O4 - HKLM\..\RunOnce: [ipfo.exe] C:\WINDOWS\ipfo.exe

O4 - HKLM\..\RunOnce: [atlhw32.exe] C:\WINDOWS\atlhw32.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neoblue5.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/NPC...otDateTeleX.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.i1.yimg.com/us.yimg.com/i/chat/a...v45/yacscom.cab

O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/Ma...cationTeleX.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {558958F1-FF22-4A76-8595-79A6B7BA698A} (PuzzleBobbleLauncher Control) - https://www.pbo.jp/bobrun/PuzzleBobbleLauncher.ocx

O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab

O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7494.3085300926

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.11...est/tt_test.cab

 

 

Better?

Share this post


Link to post
Share on other sites

Alright when I rebooted, I immediately got tons of "registry change" message from Spybot S&D that were all of the homepage that always comes up on Internet Explorer from the spyware!!! So something's STILL on my computer!!! I said deny and to remember my selection, so it didn't change, but something's still on my computer!! Can anyone please help me? I'm still getting pop-ups, and explorer still closes on start-up. What is going on here???

 

EDIT: Midi's still aren't working too.... :hmmm: I need to be able to listen to midi's for my synth...... :hmmm:

Edited by KevRus

Share this post


Link to post
Share on other sites

ok, sounds like a major problem. Lets take it one piece at a time.

 

1. go to http://easyrcon.com/spyremove/ and d/l the program there. That will address the homepage issue. If u can't d/l the program, print/copy the manual instructions. While you're at it, remove all cookies and temp internet files. You will probably have to reset your computer after this. Once u do that, let me know if ur homepage keeps loading the same homepage after u reset it.

 

2. next, close any program in the task bar that you don't need to be running at the moment. run hijackthis and repost the log.

Share this post


Link to post
Share on other sites

Alright I'll try that, but I have one problem, everytime I delete temporary internet files, it either takes soooo long, or it freezes on me, because eventually after a while, it just says "not responding....."

Share this post


Link to post
Share on other sites

Okay, I deleted cookies and temporary internet files in safe mode and it worked fine. But that program you told me to download didn't work at all. I ran it in safe mode and restarted, but I still got messages from Spybot S&D that something was trying to change my registry. (my homepage and search pages) Some of them I can't click Deny Access!

 

That program didn't work. :mellow: :weep: :oops: I'm so FRUSTRATED!!!!! What else can I dooo?

Share this post


Link to post
Share on other sites

close Spybot S&D and try rerunnig the program. What the program does is wipes clean the files that spyware is using and replaces them w/ blanks. It then changes them to read only to close the IE loophole that they're exploiting. It may be that Spybot S&D is conflicting w/ the program. If that doesn't work go back to the webpage and follow the manual instructions. Also, update your hijackthis to ver1.98

Share this post


Link to post
Share on other sites

Okay I did as you said and disabled Spybot S&D and ran the program and it still didn't work.....I upgraded my hijackthis and I'll go check on the manual instructions now...

Share this post


Link to post
Share on other sites

Yes,

 

 

Okay I did the manual instructions and every single thing the manual instructions told me to do were already done. None of the files it said to delete were there. The registry keys it said to delete weren't there either.......

Edited by KevRus

Share this post


Link to post
Share on other sites

Ok

 

Logfile of HijackThis v1.98.0

Scan saved at 3:50:51 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zkjjt.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zkjjt.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zkjjt.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zkjjt.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zkjjt.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zkjjt.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9FE7DEEF-D8F3-5B9A-63B8-39936AA6BF41} - C:\WINDOWS\apijp32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apijz32.exe] C:\WINDOWS\system32\apijz32.exe

O4 - HKLM\..\Run: [appnc.exe] C:\WINDOWS\system32\appnc.exe

O4 - HKLM\..\Run: [addxj.exe] C:\WINDOWS\system32\addxj.exe

O4 - HKLM\..\Run: [ipny.exe] C:\WINDOWS\system32\ipny.exe

O4 - HKLM\..\Run: [sysnv.exe] C:\WINDOWS\system32\sysnv.exe

O4 - HKLM\..\Run: [winxa.exe] C:\WINDOWS\system32\winxa.exe

O4 - HKLM\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [nettr.exe] C:\WINDOWS\system32\nettr.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\RunOnce: [msrh.exe] C:\WINDOWS\system32\msrh.exe

O4 - HKLM\..\RunOnce: [javayv.exe] C:\WINDOWS\system32\javayv.exe

O4 - HKLM\..\RunOnce: [javaqc.exe] C:\WINDOWS\javaqc.exe

O4 - HKLM\..\RunOnce: [msoy.exe] C:\WINDOWS\msoy.exe

O4 - HKLM\..\RunOnce: [addwn32.exe] C:\WINDOWS\addwn32.exe

O4 - HKLM\..\RunOnce: [iefk32.exe] C:\WINDOWS\system32\iefk32.exe

O4 - HKLM\..\RunOnce: [nttm32.exe] C:\WINDOWS\nttm32.exe

O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe

O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe

O4 - HKLM\..\RunOnce: [ntbf32.exe] C:\WINDOWS\ntbf32.exe

O4 - HKLM\..\RunOnce: [netag.exe] C:\WINDOWS\system32\netag.exe

O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe

O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe

O4 - HKLM\..\RunOnce: [sdkja32.exe] C:\WINDOWS\sdkja32.exe

O4 - HKLM\..\RunOnce: [netff.exe] C:\WINDOWS\system32\netff.exe

O4 - HKLM\..\RunOnce: [ipfo.exe] C:\WINDOWS\ipfo.exe

O4 - HKLM\..\RunOnce: [atlhw32.exe] C:\WINDOWS\atlhw32.exe

O4 - HKLM\..\RunOnce: [crml.exe] C:\WINDOWS\crml.exe

O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\system32\d3ct.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

O4 - HKCU\..\Run: [QuidditchWorldCupSnitchCluster] C:\Program Files\Desktop Golden Snitch US\skinkers.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neoblue5.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/NPC...otDateTeleX.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.i1.yimg.com/us.yimg.com/i/chat/a...v45/yacscom.cab

O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/Ma...cationTeleX.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {558958F1-FF22-4A76-8595-79A6B7BA698A} (PuzzleBobbleLauncher Control) - https://www.pbo.jp/bobrun/PuzzleBobbleLauncher.ocx

O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab

O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.11...est/tt_test.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

 

 

Explorer still crashes on start-up and midi's don't work too.....

Edited by KevRus

Share this post


Link to post
Share on other sites

Alright, here we go:

 

Step 1: D/l AboutBuster.exe (will be used for later)

 

Make sure u have saved hijackthis in its own folder so that u can save the logs in case u need to restore any system settings. Make sure your computer is set to show hidden files.

 

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK

 

Step 2: Have your computer reboot in Safe mode, run hjt while closing everything else.

 

Step 2: Check the following boxes next to thelines below and have hjt repair/erase these files

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zkjjt.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zkjjt.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zkjjt.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zkjjt.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zkjjt.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zkjjt.dll/index.html#37049

 

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

 

O2 - BHO: (no name) - {9FE7DEEF-D8F3-5B9A-63B8-39936AA6BF41} - C:\WINDOWS\apijp32.dll

 

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

 

Step 4: Find and delete the following files:

 

C:\WINDOWS\apijp32.dll

C:\Program Files\RSNet\RSEDNClient.exe

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\lsass.exe

 

Step 5: Run AboutBuster.exe and click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file)

 

Step 6: Scan w/ Adaware once again and let it clean up any bad files found.

 

Step 7: Once again clean out any cookies and temporary internet files that may have been reinstalled. Go to Start --> Run ---> cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove, Temporary Files, Temporary Internet Files and Recycle Bin.

 

Okay reboot to normal mode and run hjt once again. Repost your log here. Hope this fixes it. :gasp:

Share this post


Link to post
Share on other sites

One change don't delete lsass.exe or the smss.exe. They're in the right place. Sorry for the confusion...its late over here.

 

giren

Share this post


Link to post
Share on other sites

Okay I did as you said and it STILL didn't work! now the main page is the same, but the address changed to something like omngo.....I also get tons of pop-ups that have the title "Only the Best" and explorer still crashes and midi's don't work......

 

During the AboutBuster scan, it said some things were unable to be removed. Do you want the log of it?

 

Here's new hijack log:

 

Logfile of HijackThis v1.98.0

Scan saved at 6:35:04 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\msCMTSrvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\netff.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\Program Files\2Wire\Gateway\2PortalMon.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Microsoft Works\WksSb.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\winbas12.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\system32\apijz32.exe

C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe

C:\WINDOWS\System32\dxrdiag.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\omngo.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://omngo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://omngo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\omngo.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\omngo.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://omngo.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R3 - Default URLSearchHook is missing

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

N2 - Netscape 6: # Mozilla User Preferences

// This is a generated file!

 

user_pref("aim.session.firsttime", false);

user_pref("browser.history.last_page_visited", "http://forums.prospero.com/n/mb/message.asp?webtag=foxeden&msg=355.5&=Keep+Reading%3E%3E");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");

user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4");

user_pref("prefs.converted-to-utf8", true);

user_pref("security.warn_submit_insecure", false);

user_pref("signon.SignonFileName", "78379029.s");

user_pref("timebomb.first_launch_time", "1078378885515000");

user_pref("wallet.caveat", true);

user_pref("intl.accept_languages", "rs1_b70b52e624c, rs2_e4ac4a18221, rs3_7ec70bd751");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\ixs1j5xh.

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EDB01F6E-9066-86A1-6292-AB9DCF3AB6EC} - C:\WINDOWS\system32\mskn32.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apijz32.exe] C:\WINDOWS\system32\apijz32.exe

O4 - HKLM\..\Run: [appnc.exe] C:\WINDOWS\system32\appnc.exe

O4 - HKLM\..\Run: [addxj.exe] C:\WINDOWS\system32\addxj.exe

O4 - HKLM\..\Run: [ipny.exe] C:\WINDOWS\system32\ipny.exe

O4 - HKLM\..\Run: [sysnv.exe] C:\WINDOWS\system32\sysnv.exe

O4 - HKLM\..\Run: [winxa.exe] C:\WINDOWS\system32\winxa.exe

O4 - HKLM\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [nettr.exe] C:\WINDOWS\system32\nettr.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\RunOnce: [msrh.exe] C:\WINDOWS\system32\msrh.exe

O4 - HKLM\..\RunOnce: [javayv.exe] C:\WINDOWS\system32\javayv.exe

O4 - HKLM\..\RunOnce: [iefk32.exe] C:\WINDOWS\system32\iefk32.exe

O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe

O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe

O4 - HKLM\..\RunOnce: [ntbf32.exe] C:\WINDOWS\ntbf32.exe

O4 - HKLM\..\RunOnce: [netag.exe] C:\WINDOWS\system32\netag.exe

O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe

O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe

O4 - HKLM\..\RunOnce: [sdkja32.exe] C:\WINDOWS\sdkja32.exe

O4 - HKLM\..\RunOnce: [netff.exe] C:\WINDOWS\system32\netff.exe

O4 - HKLM\..\RunOnce: [ipfo.exe] C:\WINDOWS\ipfo.exe

O4 - HKLM\..\RunOnce: [crml.exe] C:\WINDOWS\crml.exe

O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\system32\d3ct.exe

O4 - HKLM\..\RunOnce: [msmp32.exe] C:\WINDOWS\msmp32.exe

O4 - HKLM\..\RunOnce: [appta.exe] C:\WINDOWS\system32\appta.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [QuidditchWorldCupSnitchCluster] C:\Program Files\Desktop Golden Snitch US\skinkers.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neoblue5.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/NPC...otDateTeleX.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.i1.yimg.com/us.yimg.com/i/chat/a...v45/yacscom.cab

O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/Ma...cationTeleX.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {558958F1-FF22-4A76-8595-79A6B7BA698A} (PuzzleBobbleLauncher Control) - https://www.pbo.jp/bobrun/PuzzleBobbleLauncher.ocx

O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab

O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.11...est/tt_test.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

 

 

When will the suffering end!!! :alarm::techsupport:

Edited by KevRus

Share this post


Link to post
Share on other sites

also uninstall any toolbar and any freeware in your Add/Remove Programs. This will remove a location where the CWS program spawns from.

Share this post


Link to post
Share on other sites

Ok, did some research and have some new ideas.

 

Run hjt and check the following boxes:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\omngo.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://omngo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://omngo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\omngo.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\omngo.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://omngo.dll/index.html#37049

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {EDB01F6E-9066-86A1-6292-AB9DCF3AB6EC} - C:\WINDOWS\system32\mskn32.dll

 

O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

O4 - HKLM\..\Run: [apijz32.exe] C:\WINDOWS\system32\apijz32.exe

O4 - HKLM\..\Run: [appnc.exe] C:\WINDOWS\system32\appnc.exe

O4 - HKLM\..\Run: [addxj.exe] C:\WINDOWS\system32\addxj.exe

O4 - HKLM\..\Run: [ipny.exe] C:\WINDOWS\system32\ipny.exe

O4 - HKLM\..\Run: [sysnv.exe] C:\WINDOWS\system32\sysnv.exe

O4 - HKLM\..\Run: [winxa.exe] C:\WINDOWS\system32\winxa.exe

O4 - HKLM\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - HKLM\..\Run: [nettr.exe] C:\WINDOWS\system32\nettr.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\RunOnce: [msrh.exe] C:\WINDOWS\system32\msrh.exe

O4 - HKLM\..\RunOnce: [javayv.exe] C:\WINDOWS\system32\javayv.exe

O4 - HKLM\..\RunOnce: [iefk32.exe] C:\WINDOWS\system32\iefk32.exe

O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe

O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe

O4 - HKLM\..\RunOnce: [ntbf32.exe] C:\WINDOWS\ntbf32.exe

O4 - HKLM\..\RunOnce: [netag.exe] C:\WINDOWS\system32\netag.exe

O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\system32\winro.exe

O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe

O4 - HKLM\..\RunOnce: [sdkja32.exe] C:\WINDOWS\sdkja32.exe

O4 - HKLM\..\RunOnce: [netff.exe] C:\WINDOWS\system32\netff.exe

O4 - HKLM\..\RunOnce: [ipfo.exe] C:\WINDOWS\ipfo.exe

O4 - HKLM\..\RunOnce: [crml.exe] C:\WINDOWS\crml.exe

O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\system32\d3ct.exe

O4 - HKLM\..\RunOnce: [msmp32.exe] C:\WINDOWS\msmp32.exe

O4 - HKLM\..\RunOnce: [appta.exe] C:\WINDOWS\system32\appta.exe

O4 - HKCU\..\Run: [dxrdiag.exe] C:\WINDOWS\System32\dxrdiag.exe

O4 - Startup: PowerReg Scheduler V3.exe

 

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.11...est/tt_test.cab

 

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

 

 

Miscellaneous:

 

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe - Could be corrupted which may explain your midi sound problem, go to a Compaq support site for help as it is a Compaq svc support issue.

 

 

Now in Safe Mode delete the following files if they're still 'round (they may be hidden):

 

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\system32\msCMTSrvc.exe

C:\WINDOWS\system32\apijz32.exe

C:\Program Files\winbas12.exe

C:\WINDOWS\System32\dxrdiag.exe

C:\Program Files\winbas12.exe

C:\WINDOWS\system32\apijz32.exe

C:\WINDOWS\system32\appnc.exe

C:\WINDOWS\system32\addxj.exe

C:\WINDOWS\system32\ipny.exe

C:\WINDOWS\system32\sysnv.exe

C:\WINDOWS\system32\winxa.exe

C:\WINDOWS\System32\dxrdiag.exe

C:\WINDOWS\system32\nettr.exe

C:\WINDOWS\system32\msrh.exe

C:\WINDOWS\system32\javayv.exe

C:\WINDOWS\system32\iefk32.exe

C:\WINDOWS\system32\javaac32.exe

C:\WINDOWS\system32\winzg.exe

C:\WINDOWS\ntbf32.exe

C:\WINDOWS\system32\netag.exe

C:\WINDOWS\system32\winro.exe

C:\WINDOWS\system32\addnj32.exe

C:\WINDOWS\sdkja32.exe

C:\WINDOWS\system32\netff.exe

C:\WINDOWS\ipfo.exe

C:\WINDOWS\crml.exe

C:\WINDOWS\system32\d3ct.exe

C:\WINDOWS\msmp32.exe

C:\WINDOWS\system32\appta.exe

 

 

!!!C:\WINDOWS\explorer.exe!!!

Go to the link below and see if your IE meets one of the descriptions. There they have links to surgically remove the trojan that may be emulating/corrupting your IE.

http://www.sysinfo.org/startuplist.php?filter=explorer.exe

 

 

 

Now make sure you're disconnected from the internet when you run About:Blank and CWS. Go ahead and fix anything that appears. Once you've done that do a search for any recently created files (as in around the time your computer troubles started) on your computer that is 70,656 bytes. This should be the culprit and delete it as it is the trojan file.

 

 

Ok if your computer is still running really slow it may b/c of the files below are corrupted and are using 90% or more of your system memory. You can check in the Windows Task Manager Window.

 

C:\Program Files\Norton Internet Security\SymProxySvc.exe

In this case go to this thread w/ a solution located at http://www.dslreports.com/forum/remark,...0#10386208

 

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

(O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe)

Possible malware installation by this program, see thread below on solution http://discussions.virtualdr.com/showthrea...threadid=164317

 

C:\WINDOWS\system32\netff.exe

Again, a corrupted Norton Security file is responsible. Go to the below link for repairs

http://service1.symantec.com/SUPPORT/nip.n...000072411305936

 

 

Once you're done, reboot in normal mode and run hjt and post the log so that I can see if you're clean.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0