I need help with a iexplorer32 virus

I have a virus in the System32\iexplorer32.exe
here is a list of my startup

StartupList report, 10/25/2004, 6:49:44 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\The Man\Desktop\startuplist1521\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\iexplore32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\GWMDMMSG.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BestBuy\HelpExpress\HXDL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BestBuy\HelpExpress\HXIUL.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\The Man\Application Data\iwar.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\BestBuy\HelpExpress\Client\HELPEXP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\The Man\Desktop\startuplist1521\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\The Man\Start Menu\Programs\Startup]
Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
IW Controlcenter = C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
updater = C:\Program Files\Common files\updater\wupdater.exe
RunDLL = rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
iched32r = C:\WINDOWS\System32\iched32r.exe
UsbD = C:\WINDOWS\System32\iexplore32.exe
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
WildTangent CDA = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
susp = C:\WINDOWS\susp.exe
stcloader = C:\WINDOWS\System32\stcloader.exe
SAHBundle = C:\DOCUME~1\THEMAN~1\LOCALS~1\Temp\bundle.exe
SAHAgent = C:\WINDOWS\System32\SahAgent.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
nwiz = nwiz.exe /install
MyWebSearch Email Plugin = C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
mswspl = C:\WINDOWS\System32\stcloader.exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Tray = C:\My Shared Folder\Games (1).exe
kdx = C:\WINDOWS\kdx\KHost.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
Internet Optimizer = "C:\Program Files\Internet Optimizer\optimize.exe"
GWMDMMSG = GWMDMMSG.exe
DM_Server = C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
ClrSchLoader = C:\Program Files\ClearSearch\Loader.exe
CHotkey = mHotkey.exe
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
WebRebates0 = "C:\Program Files\Web_Rebates\WebRebates0.exe"
EbatesMoeMoneyMaker = wjview /cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
bxxs5 = RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HXDL.EXE = C:\Program Files\BestBuy\HelpExpress\HXDL.EXE -from="CLIENT.CAB" -to="Download\CLIENT.CAB"
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
HXIUL.EXE = C:\Program Files\BestBuy\HelpExpress\HXIUL.EXE
NVIEW = rundll32.exe nview.dll,nViewLoadHook
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Weather = C:\Program Files\AWS\WeatherBug\Weather.exe 1
Rcsh = C:\Documents and Settings\The Man\Application Data\iwar.exe
Aurrvsy = C:\WINDOWS\System32\?hkntfs.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINDOWS\System32\FORDTR~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\FORDTR~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\bi.dll - {000006B1-19B5-414A-849F-2A3C64AE6939}
(no name) - C:\Program Files\Lycos\Sidesearch\sidesearch1500.dll - {00000762-3965-4A1A-98CE-3D4BF457D4C8}
(no name) - C:\WINDOWS\System32\ATPART~1.DLL - {00000EF1-0786-4633-87C6-1AA7A44296DA}
(no name) - C:\WINDOWS\twaintec.dll - {000020DD-C72E-4113-AF77-DD56626C6C42}
(no name) - C:\WINDOWS\System32\n3tpa1.dll - {000E7270-CC7A-0786-8E7A-DA09B51938A6}
(no name) - C:\WINDOWS\bxxs5.dll - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
MyWebSearch Search Assistant BHO - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing) - {00A6FAF1-072E-44cf-8957-5838F569A31D}
(no name) - C:\Program Files\Kontiki\bin\bh304181.dll (file missing) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB}
mwsBar BHO - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing) - {07B18EA1-A523-4961-B6BB-170DE4475CCA}
ohb - C:\WINDOWS\System32\winhot32.dll - {086CEFD5-A88D-4981-8915-D51F04360ED1}
(no name) - C:\WINDOWS\System32\iSearch\toolbar.dll - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
NavErrRedir Class - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - {5D60FF48-95BE-4956-B4C6-6BB168A70310}
(no name) - C:\WINDOWS\2_0_1browserhelper2.dll - {83DE62E0-5805-11D8-9B25-00E04C60FAF2}
(no name) - C:\WINDOWS\System32\bridge.dll - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[symsupportutil]
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD4A.OSD

[F1 Organizer Class]
InProcServer32 = C:\WINDOWS\System32\ATPART~1.DLL
CODEBASE = http://www.addictivetechnologies.net/DM0/cab/1w2fcksh.cab

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
CODEBASE = http://support.charter.com/sdccommon/download/tgctlcm.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WinadX.dll
CODEBASE = http://public.windupdates.com/get_f...71b0834b3328:522a1c137ec85ca995271ab95b94951b

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

[{26E8361F-BCE7-4F75-A347-98C88B418322}]
CODEBASE = http://download.websearch.com/Dnl/T_50099/QDow.cab

[Register Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HWUtils.dll
CODEBASE = http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

[ProjectPoint Document]
CODEBASE = https://folders.buzzsaw.com/!/download/ProjectPoint-BZ-EN.exe

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/262be2cadda821859305/netzip/RdxIE601.cab

[AcDcToday Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX
CODEBASE = file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab

[SurroundVideoCtrl Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSSurVid.ocx
CODEBASE = http://autos.msn.com/components/ocx/survid/MSSurVid.cab

[iiittt Class]
InProcServer32 = C:\WINDOWS\System32\winhot32.dll
CODEBASE = http://hotsearchbar.com/toolbar2/winhot32.cab

[MediaTicketsInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX
CODEBASE = http://www.mt-download.com/MediaTicketsInstaller.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[RealArcadeRdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RealArcadeRdxIE.dll
CODEBASE = http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

[ExteriorSurround Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Outside.ocx
CODEBASE = http://autos.msn.com/components/ocx/exterior/Outside.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[InstaFred Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\InstFred.ocx
CODEBASE = file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[AcPreview Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX
CODEBASE = file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx

[Secure Delivery]
CODEBASE = http://www.gamespot.com/KDX/kdx.cab

[H2hPool Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\h2hpool.ocx
CODEBASE = http://mirror.worldwinner.com//games/v45/h2hpool/h2hpool.cab

[Tukati Launcher]
InProcServer32 = C:\WINDOWS\System32\TukatiClientInstaller.dll
CODEBASE = http://www.tukati.com/software/4/1.7.20.20/tukati.cab

[WMService Class]
InProcServer32 = C:\WINDOWS\WildApp.dll
CODEBASE = http://download.overpro.com/WildApp.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 13,424 bytes
Report generated in 0.359 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Hi flyinfastcomputer.

Unfortunately, Wilders does not have hijack cleaning services anymore. This also pertains to Startup Lists, Spybot S&D and Ad-aware logs.

Info and help here,

https://www.wilderssecurity.com/showthread.php?p=222776#post222776



snowbound