• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
johnboy

back to the same problem

13 posts in this topic

im back to having the same problem again here is my hjt log someone help please Logfile of HijackThis v1.98.0

Scan saved at 8:19:49 AM, on 7/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\javaiw32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\svchosting.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\IEXPLORE.EXE

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jwvmp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jwvmp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jwvmp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jwvmp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jwvmp.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jwvmp.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {FE91B9D4-3653-458A-EDE1-263E7454EF29} - C:\WINDOWS\netpn32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\xczkpckx.exe

O4 - HKLM\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunServices: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunOnce: [crih.exe] C:\WINDOWS\crih.exe

O4 - HKLM\..\RunOnce: [javahm.exe] C:\WINDOWS\javahm.exe

O4 - HKLM\..\RunOnce: [msfk32.exe] C:\WINDOWS\msfk32.exe

O4 - HKLM\..\RunOnce: [javahg.exe] C:\WINDOWS\system32\javahg.exe

O4 - HKLM\..\RunOnce: [atlbg32.exe] C:\WINDOWS\atlbg32.exe

O4 - HKLM\..\RunOnce: [msdp.exe] C:\WINDOWS\system32\msdp.exe

O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\system32\appkz.exe

O4 - HKLM\..\RunOnce: [addoe32.exe] C:\WINDOWS\system32\addoe32.exe

O4 - HKLM\..\RunOnce: [winlw.exe] C:\WINDOWS\system32\winlw.exe

O4 - HKLM\..\RunOnce: [mfcov32.exe] C:\WINDOWS\system32\mfcov32.exe

O4 - HKLM\..\RunOnce: [wintc.exe] C:\WINDOWS\system32\wintc.exe

O4 - HKLM\..\RunOnce: [atley.exe] C:\WINDOWS\system32\atley.exe

O4 - HKLM\..\RunOnce: [crde.exe] C:\WINDOWS\system32\crde.exe

O4 - HKLM\..\RunOnce: [atlvw32.exe] C:\WINDOWS\atlvw32.exe

O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\system32\addwt.exe

O4 - HKLM\..\RunOnce: [appdn.exe] C:\WINDOWS\appdn.exe

O4 - HKLM\..\RunOnce: [iekq32.exe] C:\WINDOWS\system32\iekq32.exe

O4 - HKLM\..\RunOnce: [apigj.exe] C:\WINDOWS\apigj.exe

O4 - HKLM\..\RunOnce: [crqp.exe] C:\WINDOWS\crqp.exe

O4 - HKLM\..\RunOnce: [d3hi32.exe] C:\WINDOWS\d3hi32.exe

O4 - HKLM\..\RunOnce: [sdkax32.exe] C:\WINDOWS\system32\sdkax32.exe

O4 - HKLM\..\RunOnce: [apisx.exe] C:\WINDOWS\apisx.exe

O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe

O4 - HKLM\..\RunOnce: [addar.exe] C:\WINDOWS\system32\addar.exe

O4 - HKLM\..\RunOnce: [mfczk.exe] C:\WINDOWS\mfczk.exe

O4 - HKLM\..\RunOnce: [ntjz32.exe] C:\WINDOWS\ntjz32.exe

O4 - HKLM\..\RunOnce: [appyp32.exe] C:\WINDOWS\system32\appyp32.exe

O4 - HKLM\..\RunOnce: [ietn.exe] C:\WINDOWS\system32\ietn.exe

O4 - HKLM\..\RunOnce: [msco.exe] C:\WINDOWS\msco.exe

O4 - HKLM\..\RunOnce: [iplt32.exe] C:\WINDOWS\iplt32.exe

O4 - HKLM\..\RunOnce: [sdkpo32.exe] C:\WINDOWS\system32\sdkpo32.exe

O4 - HKLM\..\RunOnce: [appmm32.exe] C:\WINDOWS\system32\appmm32.exe

O4 - HKLM\..\RunOnce: [winsb32.exe] C:\WINDOWS\winsb32.exe

O4 - HKLM\..\RunOnce: [ntlr.exe] C:\WINDOWS\system32\ntlr.exe

O4 - HKLM\..\RunOnce: [javalv32.exe] C:\WINDOWS\javalv32.exe

O4 - HKLM\..\RunOnce: [javasn.exe] C:\WINDOWS\system32\javasn.exe

O4 - HKLM\..\RunOnce: [sysuc32.exe] C:\WINDOWS\system32\sysuc32.exe

O4 - HKLM\..\RunOnce: [appjg.exe] C:\WINDOWS\system32\appjg.exe

O4 - HKLM\..\RunOnce: [apptj.exe] C:\WINDOWS\system32\apptj.exe

O4 - HKLM\..\RunOnce: [ntyo32.exe] C:\WINDOWS\system32\ntyo32.exe

O4 - HKLM\..\RunOnce: [d3ao32.exe] C:\WINDOWS\d3ao32.exe

O4 - HKLM\..\RunOnce: [winym32.exe] C:\WINDOWS\winym32.exe

O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\system32\ipko.exe

O4 - HKLM\..\RunOnce: [atldt.exe] C:\WINDOWS\system32\atldt.exe

O4 - HKLM\..\RunOnce: [atlcl.exe] C:\WINDOWS\system32\atlcl.exe

O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\netuo32.exe

O4 - HKLM\..\RunOnce: [mfcqt32.exe] C:\WINDOWS\mfcqt32.exe

O4 - HKLM\..\RunOnce: [winwi.exe] C:\WINDOWS\system32\winwi.exe

O4 - HKLM\..\RunOnce: [javadn.exe] C:\WINDOWS\javadn.exe

O4 - HKLM\..\RunOnce: [ntdh.exe] C:\WINDOWS\ntdh.exe

O4 - HKLM\..\RunOnce: [addnh32.exe] C:\WINDOWS\system32\addnh32.exe

O4 - HKLM\..\RunOnce: [syske32.exe] C:\WINDOWS\system32\syske32.exe

O4 - HKLM\..\RunOnce: [netlh32.exe] C:\WINDOWS\netlh32.exe

O4 - HKLM\..\RunOnce: [sysfo32.exe] C:\WINDOWS\system32\sysfo32.exe

O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\apipu32.exe

O4 - HKLM\..\RunOnce: [mfcpw32.exe] C:\WINDOWS\mfcpw32.exe

O4 - HKLM\..\RunOnce: [appcs.exe] C:\WINDOWS\appcs.exe

O4 - HKLM\..\RunOnce: [netro.exe] C:\WINDOWS\netro.exe

O4 - HKLM\..\RunOnce: [msyq.exe] C:\WINDOWS\msyq.exe

O4 - HKLM\..\RunOnce: [winix.exe] C:\WINDOWS\system32\winix.exe

O4 - HKLM\..\RunOnce: [javahx32.exe] C:\WINDOWS\system32\javahx32.exe

O4 - HKLM\..\RunOnce: [ntvn32.exe] C:\WINDOWS\ntvn32.exe

O4 - HKLM\..\RunOnce: [sdkie32.exe] C:\WINDOWS\system32\sdkie32.exe

O4 - HKLM\..\RunOnce: [iemt32.exe] C:\WINDOWS\iemt32.exe

O4 - HKLM\..\RunOnce: [d3oz32.exe] C:\WINDOWS\d3oz32.exe

O4 - HKLM\..\RunOnce: [javaiw32.exe] C:\WINDOWS\javaiw32.exe

O4 - HKLM\..\RunOnce: [ietm32.exe] C:\WINDOWS\ietm32.exe

O4 - HKLM\..\RunOnce: [addeg32.exe] C:\WINDOWS\system32\addeg32.exe

O4 - HKLM\..\RunOnce: [winrc32.exe] C:\WINDOWS\winrc32.exe

O4 - HKLM\..\RunOnce: [sdkle32.exe] C:\WINDOWS\sdkle32.exe

O4 - HKLM\..\RunOnce: [apimz.exe] C:\WINDOWS\system32\apimz.exe

O4 - HKLM\..\RunOnce: [winax.exe] C:\WINDOWS\winax.exe

O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\ipep.exe

O4 - HKLM\..\RunOnce: [addzx32.exe] C:\WINDOWS\system32\addzx32.exe

O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\apinv32.exe

O4 - HKLM\..\RunOnce: [addhs32.exe] C:\WINDOWS\system32\addhs32.exe

O4 - HKLM\..\RunOnce: [ipvc32.exe] C:\WINDOWS\system32\ipvc32.exe

O4 - HKLM\..\RunOnce: [javabs.exe] C:\WINDOWS\javabs.exe

O4 - HKLM\..\RunOnce: [addao32.exe] C:\WINDOWS\system32\addao32.exe

O4 - HKLM\..\RunOnce: [mfckb32.exe] C:\WINDOWS\system32\mfckb32.exe

O4 - HKLM\..\RunOnce: [atlwh32.exe] C:\WINDOWS\system32\atlwh32.exe

O4 - HKLM\..\RunOnce: [javaiu32.exe] C:\WINDOWS\javaiu32.exe

O4 - HKLM\..\RunOnce: [iebd32.exe] C:\WINDOWS\system32\iebd32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Lbnohl32.dll

Share this post


Link to post
Share on other sites

well here is the 1st b-- Scan 1 --------

About:Buster Version 2.0

Deleted Service Key Successfully!

Removed! : C:\WINDOWS\abbwlb.dat

Removed! : C:\WINDOWS\addgo.dll

Removed! : C:\WINDOWS\addiu.exe

Removed! : C:\WINDOWS\alchem.exe

Removed! : C:\WINDOWS\annnuv.dat

Removed! : C:\WINDOWS\anrnp.dat

Removed! : C:\WINDOWS\apigj.exe

Removed! : C:\WINDOWS\apihd32.exe

Removed! : C:\WINDOWS\apipu32.exe

Removed! : C:\WINDOWS\apiqp.dll

Removed! : C:\WINDOWS\apird.exe

Removed! : C:\WINDOWS\apisx.exe

Removed! : C:\WINDOWS\appcs.exe

Removed! : C:\WINDOWS\appdn.exe

Removed! : C:\WINDOWS\appgz32.dll

Removed! : C:\WINDOWS\appsr.exe

Removed! : C:\WINDOWS\appti32.dll

Removed! : C:\WINDOWS\appyu32.exe

Removed! : C:\WINDOWS\appzf.dll

Removed! : C:\WINDOWS\atlbg32.exe

Removed! : C:\WINDOWS\atlds.exe

Removed! : C:\WINDOWS\atlou32.exe

Removed! : C:\WINDOWS\atlvw32.exe

Removed! : C:\WINDOWS\azlbq.dat

Removed! : C:\WINDOWS\bpioyc.dat

Removed! : C:\WINDOWS\btjty.dat

Removed! : C:\WINDOWS\cafhx.dat

Removed! : C:\WINDOWS\ckwmc.dat

Removed! : C:\WINDOWS\ckwmc.dll

Removed! : C:\WINDOWS\cnjwt.dll

Removed! : C:\WINDOWS\cqbjj.dll

Removed! : C:\WINDOWS\crby32.dll

Removed! : C:\WINDOWS\crfne.dat

Removed! : C:\WINDOWS\crih.exe

Removed! : C:\WINDOWS\crqp.exe

Removed! : C:\WINDOWS\cruv.exe

Removed! : C:\WINDOWS\cruv.exe.$$$

Removed! : C:\WINDOWS\ctzjgp.dat

Removed! : C:\WINDOWS\cwckr.dat

Removed! : C:\WINDOWS\czgop.dat

Removed! : C:\WINDOWS\d3ao32.exe

Removed! : C:\WINDOWS\d3ep.exe

Removed! : C:\WINDOWS\d3hi32.exe

Removed! : C:\WINDOWS\d3oz32.exe

Removed! : C:\WINDOWS\d3qg.dll

Removed! : C:\WINDOWS\d3ut.dll

Removed! : C:\WINDOWS\d3yt.dll

Removed! : C:\WINDOWS\dbdmp.dll

Removed! : C:\WINDOWS\dedmm.dll

Removed! : C:\WINDOWS\djfvf.dat

Removed! : C:\WINDOWS\dtigj.dll

Removed! : C:\WINDOWS\dxhxwo.dat

Removed! : C:\WINDOWS\eazmrv.dat

Removed! : C:\WINDOWS\ebenge.dat

Removed! : C:\WINDOWS\ejnxs.dll

Removed! : C:\WINDOWS\ejqsj.dll

Removed! : C:\WINDOWS\emzqy.dat

Removed! : C:\WINDOWS\etibdh.dat

Removed! : C:\WINDOWS\etrvo.dat

Removed! : C:\WINDOWS\fdueu.dat

Removed! : C:\WINDOWS\ffdio.dat

Removed! : C:\WINDOWS\ffpcp.dat

Removed! : C:\WINDOWS\fkpkn.dat

Removed! : C:\WINDOWS\fmfns.dat

Removed! : C:\WINDOWS\frjet.dll

Removed! : C:\WINDOWS\fvzps.dll

Removed! : C:\WINDOWS\fxxap.dll

Removed! : C:\WINDOWS\fykumi.dat

Removed! : C:\WINDOWS\fzlrs.dat

Removed! : C:\WINDOWS\gqwaw.dat

Removed! : C:\WINDOWS\hmsuu.dat

Removed! : C:\WINDOWS\hoosu.dll

Removed! : C:\WINDOWS\ibuxy.dat

Removed! : C:\WINDOWS\iegy.dll

Removed! : C:\WINDOWS\iekr.exe

Removed! : C:\WINDOWS\iemt32.exe

Removed! : C:\WINDOWS\iepu.dll

Removed! : C:\WINDOWS\ierl32.dll

Removed! : C:\WINDOWS\ietk.dll

Removed! : C:\WINDOWS\ietm32.exe

Removed! : C:\WINDOWS\ieyr32.dll

Removed! : C:\WINDOWS\ihuja.dat

Removed! : C:\WINDOWS\inwxu.dll

Removed! : C:\WINDOWS\ipeji.dat

Removed! : C:\WINDOWS\ipgg.exe

Removed! : C:\WINDOWS\iplt32.exe

Removed! : C:\WINDOWS\ipot.dll

Removed! : C:\WINDOWS\iprf32.dll

Removed! : C:\WINDOWS\iprx32.dll

Removed! : C:\WINDOWS\iubbw.dat

Removed! : C:\WINDOWS\ivetl.dat

Removed! : C:\WINDOWS\iwdnjw.dat

Removed! : C:\WINDOWS\iwxaqa.dat

Removed! : C:\WINDOWS\javadh.dll

Removed! : C:\WINDOWS\javadn.exe

Removed! : C:\WINDOWS\javafn.exe

Removed! : C:\WINDOWS\javahm.exe

Removed! : C:\WINDOWS\javaiu32.exe

Error Removing! : C:\WINDOWS\javaiw32.exe

Removed! : C:\WINDOWS\javalg.exe

Removed! : C:\WINDOWS\javalv32.exe

Removed! : C:\WINDOWS\jfjkzq.dat

Removed! : C:\WINDOWS\jmcvs.dat

Removed! : C:\WINDOWS\jnxtg.dat

Removed! : C:\WINDOWS\jpcue.dat

Removed! : C:\WINDOWS\keoyl.dat

Removed! : C:\WINDOWS\kexve.dll

Removed! : C:\WINDOWS\kgvgha.dat

Removed! : C:\WINDOWS\khuym.dll

Removed! : C:\WINDOWS\kkqum.dat

Removed! : C:\WINDOWS\ktjedh.dat

Removed! : C:\WINDOWS\kxvbas.dat

Removed! : C:\WINDOWS\kykbk.dll

Removed! : C:\WINDOWS\lfukt.dat

Removed! : C:\WINDOWS\lhlyh.dat

Removed! : C:\WINDOWS\loruq.dat

Removed! : C:\WINDOWS\lsasss.exe

Removed! : C:\WINDOWS\mfcbg32.dll

Removed! : C:\WINDOWS\mfcbz.dll

Removed! : C:\WINDOWS\mfcpw32.exe

Removed! : C:\WINDOWS\mfcqt32.exe

Removed! : C:\WINDOWS\mfcvh.dll

Removed! : C:\WINDOWS\mfcvi32.exe

Removed! : C:\WINDOWS\mfcwf32.dll

Removed! : C:\WINDOWS\mfcyl.dll

Removed! : C:\WINDOWS\mfczk.exe

Removed! : C:\WINDOWS\mfredf.dat

Removed! : C:\WINDOWS\mkiuz.dat

Removed! : C:\WINDOWS\mktzqf.dat

Removed! : C:\WINDOWS\mmrgf.dat

Removed! : C:\WINDOWS\mpufm.dll

Removed! : C:\WINDOWS\mrqlw.dll

Removed! : C:\WINDOWS\msco.exe

Removed! : C:\WINDOWS\mscv.exe

Removed! : C:\WINDOWS\msfk32.exe

Removed! : C:\WINDOWS\msia.exe

Removed! : C:\WINDOWS\msyq.exe

Removed! : C:\WINDOWS\mvsln.dll

Removed! : C:\WINDOWS\mwcqp.dll

Removed! : C:\WINDOWS\nbsir.dll

Removed! : C:\WINDOWS\ndrbz.dll

Removed! : C:\WINDOWS\ndwqv.dat

Removed! : C:\WINDOWS\nejmx.dat

Removed! : C:\WINDOWS\netch.dll

Removed! : C:\WINDOWS\netdm.dll

Removed! : C:\WINDOWS\netfv32.dll

Removed! : C:\WINDOWS\netlh32.exe

Removed! : C:\WINDOWS\netoe32.dll

Removed! : C:\WINDOWS\netow32.exe

Removed! : C:\WINDOWS\netpn32.dll

Removed! : C:\WINDOWS\netrn32.dll

Removed! : C:\WINDOWS\netro.exe

Removed! : C:\WINDOWS\nettl32.exe

Removed! : C:\WINDOWS\netuo32.exe

Removed! : C:\WINDOWS\netwh.exe

Removed! : C:\WINDOWS\npkec.dll

Removed! : C:\WINDOWS\ntcu.dll

Removed! : C:\WINDOWS\ntdh.exe

Removed! : C:\WINDOWS\ntjz32.exe

Removed! : C:\WINDOWS\ntrm32.dll

Removed! : C:\WINDOWS\ntvn32.exe

Removed! : C:\WINDOWS\n_aqgmtj.dat

Removed! : C:\WINDOWS\n_evpwsz.dat

Removed! : C:\WINDOWS\odubf.dll

Removed! : C:\WINDOWS\ogglw.dll

Removed! : C:\WINDOWS\oiylq.dll

Removed! : C:\WINDOWS\oqsth.dat

Removed! : C:\WINDOWS\oyiqe.dll

Removed! : C:\WINDOWS\pedwq.dll

Removed! : C:\WINDOWS\plqup.dll

Removed! : C:\WINDOWS\qfoju.dat

Removed! : C:\WINDOWS\qlzhp.dat

Removed! : C:\WINDOWS\qqukr.dll

Removed! : C:\WINDOWS\quzdf.dll

Removed! : C:\WINDOWS\qvykbf.dat

Removed! : C:\WINDOWS\qybat.dll

Removed! : C:\WINDOWS\rfglq.dat

Removed! : C:\WINDOWS\ridri.dll

Removed! : C:\WINDOWS\rlqkk.dat

Removed! : C:\WINDOWS\rmqdj.dat

Removed! : C:\WINDOWS\rqrkq.dat

Removed! : C:\WINDOWS\rtont.dll

Removed! : C:\WINDOWS\saqsi.dll

Removed! : C:\WINDOWS\sdeaq.dll

Removed! : C:\WINDOWS\sdkcj32.exe

Removed! : C:\WINDOWS\sdkdk32.dll

Removed! : C:\WINDOWS\sdkdy.dll

Removed! : C:\WINDOWS\sdkkc.dll

Removed! : C:\WINDOWS\sdkle32.exe

Removed! : C:\WINDOWS\sdkoq.exe

Removed! : C:\WINDOWS\sdkua.exe

Removed! : C:\WINDOWS\sdkut32.exe

Removed! : C:\WINDOWS\snngk.dat

Removed! : C:\WINDOWS\spdgu.dll

Removed! : C:\WINDOWS\spdin.dll

Removed! : C:\WINDOWS\spqcs.dll

Removed! : C:\WINDOWS\stwgp.dat

Removed! : C:\WINDOWS\sysap32.exe

Removed! : C:\WINDOWS\sysmz32.exe

Removed! : C:\WINDOWS\sysnj.exe

Removed! : C:\WINDOWS\sysra.exe

Removed! : C:\WINDOWS\sytns.dll

Removed! : C:\WINDOWS\tigcg.dll

Removed! : C:\WINDOWS\tilino.dat

Removed! : C:\WINDOWS\tlaib.dat

Removed! : C:\WINDOWS\tnipo.dat

Removed! : C:\WINDOWS\umjyc.dat

Removed! : C:\WINDOWS\uqgrel.dat

Removed! : C:\WINDOWS\uthvdc.dat

Removed! : C:\WINDOWS\vjzjr.dll

Removed! : C:\WINDOWS\vnzrq.dat

Removed! : C:\WINDOWS\vpadt.dat

Removed! : C:\WINDOWS\winlb.dll

Removed! : C:\WINDOWS\winsb32.exe

Removed! : C:\WINDOWS\winym32.exe

Removed! : C:\WINDOWS\wwjrs.dat

Removed! : C:\WINDOWS\xalrg.dll

Removed! : C:\WINDOWS\xbved.dat

Removed! : C:\WINDOWS\xszgi.dat

Removed! : C:\WINDOWS\xumlf.dll

Removed! : C:\WINDOWS\xvwbu.dll

Removed! : C:\WINDOWS\ycrff.dat

Removed! : C:\WINDOWS\ycufev.dat

Removed! : C:\WINDOWS\yjzfw.dat

Removed! : C:\WINDOWS\yoxxw.dll

Removed! : C:\WINDOWS\yrkmfc.dat

Removed! : C:\WINDOWS\yyjoh.dll

Removed! : C:\WINDOWS\zbfly.dll

Removed! : C:\WINDOWS\znpxf.dll

Removed! : C:\WINDOWS\zwvxco.dat

Removed! : C:\WINDOWS\System32\aaaiy.dll

Removed! : C:\WINDOWS\System32\addao32.exe

Removed! : C:\WINDOWS\System32\addar.exe

Removed! : C:\WINDOWS\System32\addgi.exe

Removed! : C:\WINDOWS\System32\addmm32.dll

Removed! : C:\WINDOWS\System32\addnh32.exe

Removed! : C:\WINDOWS\System32\addoe32.exe

Removed! : C:\WINDOWS\System32\addwt.exe

Removed! : C:\WINDOWS\System32\aemiu.dll

Removed! : C:\WINDOWS\System32\agvup.dat

Removed! : C:\WINDOWS\System32\aljaq.dll

Removed! : C:\WINDOWS\System32\apikz.exe

Removed! : C:\WINDOWS\System32\apimz.exe

Removed! : C:\WINDOWS\System32\apiud.dll

Removed! : C:\WINDOWS\System32\apiwa.dll

Removed! : C:\WINDOWS\System32\apixj32.exe

Removed! : C:\WINDOWS\System32\appba.dll

Removed! : C:\WINDOWS\System32\appef32.dll

Removed! : C:\WINDOWS\System32\appfy32.exe

Removed! : C:\WINDOWS\System32\appjg.exe

Removed! : C:\WINDOWS\System32\appkz.exe

Removed! : C:\WINDOWS\System32\appmm32.exe

Removed! : C:\WINDOWS\System32\apptj.exe

Removed! : C:\WINDOWS\System32\appyp32.exe

Removed! : C:\WINDOWS\System32\atlcl.exe

Removed! : C:\WINDOWS\System32\atldt.exe

Removed! : C:\WINDOWS\System32\atley.exe

Removed! : C:\WINDOWS\System32\atlfz.dll

Removed! : C:\WINDOWS\System32\atlgy32.dll

Removed! : C:\WINDOWS\System32\atltv32.dll

Removed! : C:\WINDOWS\System32\atlwh32.exe

Removed! : C:\WINDOWS\System32\avrql.dat

Removed! : C:\WINDOWS\System32\awnze.dat

Removed! : C:\WINDOWS\System32\axrwc.dat

Removed! : C:\WINDOWS\System32\aymsb.dll

Removed! : C:\WINDOWS\System32\bdrav.dll

Removed! : C:\WINDOWS\System32\bffwr.dat

Removed! : C:\WINDOWS\System32\bhnxe.dat

Removed! : C:\WINDOWS\System32\bjqnt.dll

Removed! : C:\WINDOWS\System32\bopfk.dat

Removed! : C:\WINDOWS\System32\bsjks.dat

Removed! : C:\WINDOWS\System32\bxrzq.dll

Removed! : C:\WINDOWS\System32\cmtox.dat

Removed! : C:\WINDOWS\System32\crapg.dat

Removed! : C:\WINDOWS\System32\crde.exe

Removed! : C:\WINDOWS\System32\crie32.dll

Removed! : C:\WINDOWS\System32\crppi.dat

Removed! : C:\WINDOWS\System32\crxs32.exe

Removed! : C:\WINDOWS\System32\cuqto.dll

Removed! : C:\WINDOWS\System32\cxtxr.dat

Removed! : C:\WINDOWS\System32\d3an32.dll

Removed! : C:\WINDOWS\System32\d3fz.dll

Removed! : C:\WINDOWS\System32\d3zw.exe

Removed! : C:\WINDOWS\System32\dafoa.dat

Removed! : C:\WINDOWS\System32\daprt.dat

Removed! : C:\WINDOWS\System32\doomx.dat

Removed! : C:\WINDOWS\System32\doxyr.dll

Removed! : C:\WINDOWS\System32\dyhmu.dat

Removed! : C:\WINDOWS\System32\enysu.dat

Removed! : C:\WINDOWS\System32\fdxkn.dll

Removed! : C:\WINDOWS\System32\fgiaf.dat

Removed! : C:\WINDOWS\System32\fkemu.dll

Removed! : C:\WINDOWS\System32\folez.dat

Removed! : C:\WINDOWS\System32\fpzss.dat

Removed! : C:\WINDOWS\System32\fsjid.dll

Removed! : C:\WINDOWS\System32\fztzo.dat

Removed! : C:\WINDOWS\System32\gpifn.dll

Removed! : C:\WINDOWS\System32\grcdk.dat

Removed! : C:\WINDOWS\System32\hcyht.dat

Removed! : C:\WINDOWS\System32\hinea.dat

Removed! : C:\WINDOWS\System32\hkjcw.dll

Removed! : C:\WINDOWS\System32\hniga.dll

Removed! : C:\WINDOWS\System32\hofmr.dll

Removed! : C:\WINDOWS\System32\hshid.dat

Removed! : C:\WINDOWS\System32\iaobj.dat

Removed! : C:\WINDOWS\System32\iebd32.exe

Removed! : C:\WINDOWS\System32\iekq32.exe

Removed! : C:\WINDOWS\System32\ietn.dll

Removed! : C:\WINDOWS\System32\ietn.exe

Removed! : C:\WINDOWS\System32\igpja.dat

Removed! : C:\WINDOWS\System32\ipko.exe

Removed! : C:\WINDOWS\System32\irqzm.dat

Removed! : C:\WINDOWS\System32\itifz.dat

Removed! : C:\WINDOWS\System32\ittvx.dat

Removed! : C:\WINDOWS\System32\iverk.dat

Removed! : C:\WINDOWS\System32\iwvms.dll

Removed! : C:\WINDOWS\System32\iyizp.dat

Removed! : C:\WINDOWS\System32\jagcr.dll

Removed! : C:\WINDOWS\System32\javaan32.exe

Removed! : C:\WINDOWS\System32\javadc.exe

Removed! : C:\WINDOWS\System32\javadu32.dll

Removed! : C:\WINDOWS\System32\javahg.exe

Removed! : C:\WINDOWS\System32\javahx32.exe

Removed! : C:\WINDOWS\System32\javakj.exe

Removed! : C:\WINDOWS\System32\javaob.exe

Removed! : C:\WINDOWS\System32\javapc32.exe

Removed! : C:\WINDOWS\System32\javasi.dll

Removed! : C:\WINDOWS\System32\javasn.exe

Removed! : C:\WINDOWS\System32\javasr32.dll

Removed! : C:\WINDOWS\System32\javata.dll

Removed! : C:\WINDOWS\System32\javawa.dll

Removed! : C:\WINDOWS\System32\jkfgn.dll

Removed! : C:\WINDOWS\System32\jteqy.dat

Removed! : C:\WINDOWS\System32\jwvmp.dll

Removed! : C:\WINDOWS\System32\kdtgy.dll

Removed! : C:\WINDOWS\System32\kjnix.dll

Removed! : C:\WINDOWS\System32\kligl.dat

Removed! : C:\WINDOWS\System32\knxza.dat

Removed! : C:\WINDOWS\System32\ktvnb.dat

Removed! : C:\WINDOWS\System32\ltruc.dat

Removed! : C:\WINDOWS\System32\lwuyp.dat

Removed! : C:\WINDOWS\System32\matds.dat

Removed! : C:\WINDOWS\System32\mfcgu32.dll

Removed! : C:\WINDOWS\System32\mfckb32.exe

Removed! : C:\WINDOWS\System32\mfcop32.exe

Removed! : C:\WINDOWS\System32\mfcov32.exe

Removed! : C:\WINDOWS\System32\mfcpj.dll

Removed! : C:\WINDOWS\System32\mfctd.dll

Removed! : C:\WINDOWS\System32\mfcvx32.exe

Removed! : C:\WINDOWS\System32\msdp.exe

Removed! : C:\WINDOWS\System32\msff32.dll

Removed! : C:\WINDOWS\System32\msjy.dll

Removed! : C:\WINDOWS\System32\nacbm.dll

Removed! : C:\WINDOWS\System32\ndezf.dll

Removed! : C:\WINDOWS\System32\nehxa.dat

Removed! : C:\WINDOWS\System32\netkx32.exe

Removed! : C:\WINDOWS\System32\netlu32.dll

Removed! : C:\WINDOWS\System32\netvi.dll

Removed! : C:\WINDOWS\System32\netvs32.dll

Removed! : C:\WINDOWS\System32\netyl32.dll

Error Removing! : C:\WINDOWS\System32\netzr.dll

Removed! : C:\WINDOWS\System32\nqlqn.dat

Removed! : C:\WINDOWS\System32\nrygw.dat

Removed! : C:\WINDOWS\System32\nsiec.dat

Removed! : C:\WINDOWS\System32\ntlr.exe

Removed! : C:\WINDOWS\System32\ntws.dll

Removed! : C:\WINDOWS\System32\ntyo32.exe

Removed! : C:\WINDOWS\System32\okuak.dat

Removed! : C:\WINDOWS\System32\olwld.dat

Removed! : C:\WINDOWS\System32\ossuv.dat

Removed! : C:\WINDOWS\System32\otlzv.dat

Removed! : C:\WINDOWS\System32\pamrk.dat

Removed! : C:\WINDOWS\System32\pdkqi.dll

Removed! : C:\WINDOWS\System32\pefbf.dat

Removed! : C:\WINDOWS\System32\qlqke.dat

Removed! : C:\WINDOWS\System32\qqcjo.dll

Removed! : C:\WINDOWS\System32\qxjbz.dll

Removed! : C:\WINDOWS\System32\qzewo.dat

Removed! : C:\WINDOWS\System32\rwkhh.dat

Removed! : C:\WINDOWS\System32\sdkad32.dll

Removed! : C:\WINDOWS\System32\sdkax32.exe

Removed! : C:\WINDOWS\System32\sdkbp32.exe

Removed! : C:\WINDOWS\System32\sdkie32.exe

Removed! : C:\WINDOWS\System32\sdklr.dll

Removed! : C:\WINDOWS\System32\sdkpo32.exe

Removed! : C:\WINDOWS\System32\sgreg.dat

Removed! : C:\WINDOWS\System32\smkbr.dll

Removed! : C:\WINDOWS\System32\sysfo32.exe

Removed! : C:\WINDOWS\System32\syske32.exe

Removed! : C:\WINDOWS\System32\syssu.exe

Removed! : C:\WINDOWS\System32\sysuc32.exe

Removed! : C:\WINDOWS\System32\sysuh.exe

Removed! : C:\WINDOWS\System32\tacjq.dll

Removed! : C:\WINDOWS\System32\tbvlf.dll

Removed! : C:\WINDOWS\System32\tgcax.dat

Removed! : C:\WINDOWS\System32\tgxbm.dat

Removed! : C:\WINDOWS\System32\uruoe.dat

Removed! : C:\WINDOWS\System32\veohw.dll

Removed! : C:\WINDOWS\System32\vlmpf.dat

Removed! : C:\WINDOWS\System32\vuwmw.dat

Removed! : C:\WINDOWS\System32\wfjne.dat

Removed! : C:\WINDOWS\System32\winix.exe

Removed! : C:\WINDOWS\System32\winlw.exe

Removed! : C:\WINDOWS\System32\winlx32.dll

Removed! : C:\WINDOWS\System32\wintc.exe

Removed! : C:\WINDOWS\System32\winvb.exe

Removed! : C:\WINDOWS\System32\winwi.exe

Removed! : C:\WINDOWS\System32\wtfxv.dll

Removed! : C:\WINDOWS\System32\wwatw.dll

Removed! : C:\WINDOWS\System32\xkqvt.dat

Removed! : C:\WINDOWS\System32\xvure.dat

Removed! : C:\WINDOWS\System32\yixov.dll

Removed! : C:\WINDOWS\System32\zfkbs.dll

Removed! : C:\WINDOWS\System32\zphnj.dll

Removed! : C:\WINDOWS\System32\zqkib.dat

Removed! : C:\WINDOWS\System32\zslyo.dat

Removed! : C:\WINDOWS\System32\ztgwj.dat

Removed! : C:\WINDOWS\System32\zyuec.dll

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!uster log

Share this post


Link to post
Share on other sites

here is the next-- Scan 1 --------

About:Buster Version 2.0

Error Removing! : C:\WINDOWS\javaiw32.exe

Removed! : C:\WINDOWS\System32\bopfk.dat

Removed! : C:\WINDOWS\System32\enysu.dat

Removed! : C:\WINDOWS\System32\fpzss.dat

Removed! : C:\WINDOWS\System32\netzr.dll

Removed! : C:\WINDOWS\System32\tbvlf.dll

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 2.0

Error Removing! : C:\WINDOWS\javaiw32.exe

Removed! : C:\WINDOWS\System32\bopfk.dat

Removed! : C:\WINDOWS\System32\enysu.dat

Removed! : C:\WINDOWS\System32\fpzss.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done! buster log

Share this post


Link to post
Share on other sites

and here is the nLogfile of HijackThis v1.98.0

Scan saved at 3:19:37 PM, on 7/31/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\javaiw32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\svchosting.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\IEXPLORE.EXE

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\mIRC\mirc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tbvlf.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://tbvlf.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tbvlf.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tbvlf.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tbvlf.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://tbvlf.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {9ABD7A72-E3AF-99CC-2DB5-195B9DBD1932} - C:\WINDOWS\system32\apphr.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bnvbhung.exe

O4 - HKLM\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunServices: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunOnce: [addeg32.exe] C:\WINDOWS\system32\addeg32.exe

O4 - HKLM\..\RunOnce: [winrc32.exe] C:\WINDOWS\winrc32.exe

O4 - HKLM\..\RunOnce: [winax.exe] C:\WINDOWS\winax.exe

O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\ipep.exe

O4 - HKLM\..\RunOnce: [addzx32.exe] C:\WINDOWS\system32\addzx32.exe

O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\apinv32.exe

O4 - HKLM\..\RunOnce: [addhs32.exe] C:\WINDOWS\system32\addhs32.exe

O4 - HKLM\..\RunOnce: [ipvc32.exe] C:\WINDOWS\system32\ipvc32.exe

O4 - HKLM\..\RunOnce: [javabs.exe] C:\WINDOWS\javabs.exe

O4 - HKLM\..\RunOnce: [apibb32.exe] C:\WINDOWS\apibb32.exe

O4 - HKLM\..\RunOnce: [crld.exe] C:\WINDOWS\system32\crld.exe

O4 - HKLM\..\RunOnce: [atllq32.exe] C:\WINDOWS\system32\atllq32.exe

O4 - HKLM\..\RunOnce: [ntpv32.exe] C:\WINDOWS\system32\ntpv32.exe

O4 - HKLM\..\RunOnce: [d3wz.exe] C:\WINDOWS\d3wz.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Lbnohl32.dll

 

ext hjt log

Share this post


Link to post
Share on other sites

First end these processes

 

appnz32.exe

javaiw32.exe

 

Then can you please see if you can find any of these files and send them to here. Follow the directions below.

 

C:\WINDOWS\system32\apphr.dll

C:\WINDOWS\system32\addeg32.exe

C:\WINDOWS\winrc32.exe

C:\WINDOWS\winax.exe

C:\WINDOWS\ipep.exe

C:\WINDOWS\system32\addzx32.exe

C:\WINDOWS\apinv32.exe

C:\WINDOWS\system32\addhs32.exe

C:\WINDOWS\system32\ipvc32.exe

C:\WINDOWS\javabs.exe

C:\WINDOWS\apibb32.exe

C:\WINDOWS\system32\crld.exe

C:\WINDOWS\system32\atllq32.exe

C:\WINDOWS\system32\ntpv32.exe

C:\WINDOWS\d3wz.exe

 

Create a compressed folder called submit.zip on your desktop. If you find any of the files above. Drag them into the compressed folder and then delete the from their original location. After going through all the files. Send the compressed folder to the address above. Do not delete the compressed folder just yet.

 

Note the files may be hidden so do this first.

Show hidden files and folders.

Share this post


Link to post
Share on other sites

here is the new hjt loLogfile of HijackThis v1.98.0

Scan saved at 5:27:20 PM, on 7/31/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\svchosting.exe

C:\WINDOWS\netei32.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\IEXPLORE.EXE

C:\WINDOWS\System32\ms32cfg.exe

C:\Program Files\mIRC\mirc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\swfyq.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://swfyq.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://swfyq.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\swfyq.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\swfyq.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://swfyq.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {CDD86D3D-AA27-ABC8-6C93-9E5DB990A866} - C:\WINDOWS\javagf.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bnvbhung.exe

O4 - HKLM\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunServices: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunOnce: [netsj32.exe] C:\WINDOWS\netsj32.exe

O4 - HKLM\..\RunOnce: [javate.exe] C:\WINDOWS\javate.exe

O4 - HKLM\..\RunOnce: [ntvz.exe] C:\WINDOWS\ntvz.exe

O4 - HKLM\..\RunOnce: [crcc.exe] C:\WINDOWS\system32\crcc.exe

O4 - HKLM\..\RunOnce: [netei32.exe] C:\WINDOWS\netei32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Lbnohl32.dll

 

g

Share this post


Link to post
Share on other sites

hello

 

The O21 you have indicates a trojan and so run an Online AV scan, it'll probably find much more.

 

Trendmicro

 

Click free online scan and continue from there to get it started, don't exit the site while it is scanning or else itlll close.

 

Check auto clean before you start the scan. Try and delete as much as you can, it should delete all of it. When it's done, right click my computer..properties...restore tab...check the box to disable it..apply-ok. Restart computer. then go back to the same place and uncheck the box to enable it again, apply-ok. Then post a new log.

Share this post


Link to post
Share on other sites

here it isLogfile of HijackThis v1.98.0

Scan saved at 1:52:05 PM, on 8/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\sysbz32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\svchosting.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\IEXPLORE.EXE

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\ms32cfg.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zitqe.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zitqe.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zitqe.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zitqe.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zitqe.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zitqe.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {40967C3E-0316-B8F3-7AC2-AC680D6E22D9} - C:\WINDOWS\crzw.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bnvbhung.exe

O4 - HKLM\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunServices: [internet Explorer] IEXPLORE.EXE

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O4 - HKLM\..\RunOnce: [sysbz32.exe] C:\WINDOWS\sysbz32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Lbnohl32.dll

Share this post


Link to post
Share on other sites

hey ok let's try this.

 

Boot up into safe mode. Have hijackthis fix the following with no browser windows open of course:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zitqe.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zitqe.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zitqe.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zitqe.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zitqe.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zitqe.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {40967C3E-0316-B8F3-7AC2-AC680D6E22D9} - C:\WINDOWS\crzw.dll

O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Lbnohl32.dll

 

Reboot your computer back into safe mode.

 

Find and delete:

 

C:\WINDOWS\crzw.dll

 

Empty recycling bin.

 

Boot into normal mode now.

 

Go here http://download.nai.com/products/mcafee-avert/stinger.exe and download the removal tool to your desktop.

 

Also go here and download another removal tool to your desktop http://www.sophos.com/support/cleaners/sdbotgui.com

 

Boot into safe mode.

 

Open up stinger.exe and start the scan, if it finds anything , delete anything it finds. When it's done, restart computer back into safe mode.

 

Open sdbptgui.com and start the scan on that, if it finds anything remove everything it finds.

 

Restart computer back into safe mode. Right click my computer-properties..restore tab..check the box to disable restore..apply-ok.

 

Boot finally back into normal mode, post a new hijackthis log.

Edited by pomp86

Share this post


Link to post
Share on other sites

here is the new 1 aLogfile of HijackThis v1.98.0

Scan saved at 9:50:48 AM, on 8/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\sysbz32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ms32cfg.exe

C:\WINDOWS\System32\ms32cfg.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ddzxa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ddzxa.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ddzxa.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ddzxa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ddzxa.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ddzxa.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {7410FF16-07DC-0AB0-315E-D232123E588C} - C:\WINDOWS\system32\javaxm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunOnce: [sysbz32.exe] C:\WINDOWS\sysbz32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

fter all of the scanning

Share this post


Link to post
Share on other sites

hey

 

Reboot computer into safe mode. Open up about:buster, update the program first. Make sure te ref file is 6 . Then scan with the program, scan twice and save the log file for each scan. Restart computer back into safe mode.

 

Have hijackthis fix the following with no browser windows open:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe

O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

 

reboot computer back into safe mode.

 

Find and delete the following in bold if there:

 

C:\WINDOWS\Fonts\win.hta

C:\WINDOWS\System32\ms32cfg.exe

c:\program files\GlobalDialer

C:\WINDOWS\System32\svchosting.exe

 

Empty recycling bin. Boot back into normal mode, post both about:buster logs and a new hijackthis log.

Share this post


Link to post
Share on other sites

well here is theLogfile of HijackThis v1.98.0

Scan saved at 5:46:30 PM, on 8/4/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\sysbz32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ddzxa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ddzxa.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {7410FF16-07DC-0AB0-315E-D232123E588C} - C:\WINDOWS\system32\javaxm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [sysbz32.exe] C:\WINDOWS\sysbz32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

O4 - HKCU\..\Run: [internet Explorer] IEXPLORE.EXE

O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

hjt log

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0