Please help me. Here's a Hijack log.

Discussion in 'adware, spyware & hijack cleaning' started by corcorps, Jun 13, 2004.

Thread Status:
Not open for further replies.
  1. corcorps

    corcorps Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    8
    Logfile of HijackThis v1.97.7
    Scan saved at 11:49:59 AM, on 6/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\cawcls.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
    C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe
    C:\WINDOWS\dhbrwsr.exe
    C:\WINDOWS\ajiefliq.exe
    C:\Program Files\webHancer\Programs\whAgent.exe
    C:\Program Files\webHancer\Programs\whSurvey.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\PROGRA~1\WHENUS~1\Search.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\YAHOOMSG.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Documents and Settings\Dan the man\Application Data\eber.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dan the man\Desktop\HIJACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startium.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.6
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.windowenhancer.com/nph-search.cgi?affid=sesbar1&look=sbar1_srchbtn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.6
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.6
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.northwestern.edu"); (c:\nunet\netscape\Users\dhs380\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://webemail.it.northwestern.edu/"); (C:\Documents and Settings\Dan the man\Application Data\Mozilla\Profiles\default\bh7e271h.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan the man\Application Data\Mozilla\Profiles\default\bh7e271h.slt\prefs.js)
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v9\scbar.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
    O2 - BHO: (no name) - {03626ADF-C346-4789-BFE8-1321FDEF0AC4} - C:\WINDOWS\System32\ipsmsnnap.dll
    O2 - BHO: (no name) - {04FB308F-890D-490A-AF3B-4FE27689204D} - C:\WINDOWS\System32\ir41_qac.dll
    O2 - BHO: (no name) - {08487019-7F62-4782-B29C-6E464799C7B4} - C:\WINDOWS\System32\igffxpph.dll
    O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll
    O2 - BHO: (no name) - {0B6CC71E-1DFB-463C-857B-27184D7C1C28} - C:\WINDOWS\System32\kkbdal.dll
    O2 - BHO: (no name) - {0DF662A7-9EB8-46B4-B5D6-29C00538FF9F} - C:\WINDOWS\System32\epncdec.dll
    O2 - BHO: (no name) - {0E077502-14C0-4E2A-A57D-20C23539271D} - C:\WINDOWS\System32\dbnetlirb.dll
    O2 - BHO: (no name) - {0E626388-F2FA-4F86-867A-75D337E54967} - C:\WINDOWS\System32\coomsnap.dll
    O2 - BHO: (no name) - {0FDA24F7-58C1-4DFC-BEFF-7B3302386D11} - C:\WINDOWS\System32\fldrjclnr.dll
    O2 - BHO: (no name) - {11856A1C-29E7-40F2-93CC-32FD544F8575} - C:\WINDOWS\System32\hccuoin.dll
    O2 - BHO: (no name) - {13905444-250A-4623-B767-47C6202ABB83} - C:\WINDOWS\System32\ipasecsnp.dll
    O2 - BHO: (no name) - {13F9A7EF-A3A0-4109-B79C-0717017D70EE} - C:\WINDOWS\System32\iaxsacct.dll
    O2 - BHO: (no name) - {14A70038-2CCD-4B8D-98F0-2484FCEF2775} - C:\WINDOWS\System32\dsaound3d.dll
    O2 - BHO: (no name) - {1C3E0283-621D-4FCE-AADE-A480CFD196D0} - C:\WINDOWS\System32\batmteter.dll
    O2 - BHO: (no name) - {21185AE7-68E2-4F70-9B60-8E3A5CDF46FE} - C:\WINDOWS\System32\isedkcs32.dll
    O2 - BHO: (no name) - {230B20A0-3400-46FA-9EA2-2535A4AC1EFA} - C:\WINDOWS\System32\cltl3d.dll
    O2 - BHO: (no name) - {2DA916F5-412B-40A2-81F6-318F88862E49} - C:\WINDOWS\System32\dpnnaddr.dll
    O2 - BHO: (no name) - {33103E3B-1A05-4B1A-9A07-38C129E3C1BE} - C:\WINDOWS\System32\fxsycomex.dll
    O2 - BHO: (no name) - {3453BD04-734F-4422-A696-1F08F0C9DD63} - C:\WINDOWS\System32\cmuttil.dll
    O2 - BHO: (no name) - {391C55B6-686B-4ED6-8BB4-4182683CC864} - C:\WINDOWS\System32\d3rdramp.dll
    O2 - BHO: (no name) - {39282282-9992-4415-B2B9-8CE808A87EE2} - C:\WINDOWS\System32\hpmzcon05.dll
    O2 - BHO: (no name) - {3B509432-D592-4AF9-A0C1-A82B8990FDBE} - C:\WINDOWS\System32\inwetcfg.dll
    O2 - BHO: (no name) - {40BD57D2-7B2D-43C8-8613-B516D10176BB} - C:\WINDOWS\System32\edpwsockox.dll
    O2 - BHO: (no name) - {41DBD329-48FE-451B-B06C-4830CE6D682C} - C:\WINDOWS\System32\dpwsockox.dll
    O2 - BHO: (no name) - {42F2F311-27C9-497A-AC0D-94F7361895A5} - C:\WINDOWS\System32\wgpkrsrc.dll
    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll (file missing)
    O2 - BHO: (no name) - {44AF611D-9583-47FA-A9F2-6491A87B80B2} - C:\WINDOWS\System32\davclnkt.dll
    O2 - BHO: (no name) - {4F00D0FB-A318-4289-B4C5-C6A4B7A39680} - C:\WINDOWS\System32\iologmsng.dll
    O2 - BHO: (no name) - {51A4F172-0A4F-459E-B915-5932F0ECCB24} - C:\WINDOWS\System32\incput.dll
    O2 - BHO: (no name) - {560BA1BE-B2EE-4663-9320-ED5E6160786A} - C:\WINDOWS\System32\ctll3dv2.dll
    O2 - BHO: (no name) - {609746F1-930F-409A-A612-51FCD11CC9D4} - C:\WINDOWS\System32\ir32m_32.dll
    O2 - BHO: (no name) - {69B5B98E-25DC-468F-9C68-F89ACA973095} - C:\WINDOWS\System32\gfxscom.dll
    O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
    O2 - BHO: (no name) - {6E0E219E-F026-4806-A58E-3D3077F372D3} - C:\WINDOWS\System32\d3do8.dll
    O2 - BHO: (no name) - {7AB6FCCF-9975-472D-AA7A-543EC90E9F96} - C:\WINDOWS\System32\dmdskrpes.dll
    O2 - BHO: (no name) - {7BAF2216-EBF1-46D5-B642-FED4A443A053} - C:\WINDOWS\System32\dmsevrver.dll
    O2 - BHO: (no name) - {83F6DAC4-4A26-4E2F-AF5E-AFC759D7BF71} - C:\WINDOWS\System32\hnetcfdg.dll
    O2 - BHO: (no name) - {88E265C4-ABE6-4F5E-9687-CF6D146DFF22} - C:\WINDOWS\System32\bahtt.dll
    O2 - BHO: (no name) - {8A3D65CE-995A-456F-92A3-85C04DAD114F} - C:\WINDOWS\System32\fxsycofmex.dll
    O2 - BHO: (no name) - {91B38BE6-4A4E-4E2F-8965-6873FCFEA483} - C:\WINDOWS\System32\fatmlib.dll
    O2 - BHO: (no name) - {98913E2C-6AC0-4BCC-85BE-E2F849756795} - C:\WINDOWS\System32\iccvgid.dll
    O2 - BHO: (no name) - {99C3B76A-C4FB-42DC-A61B-96FB7018CDD1} - C:\WINDOWS\System32\dmservger.dll
    O2 - BHO: (no name) - {A33A5930-1FA8-4EA9-BA3F-7E1ACDB281E7} - C:\WINDOWS\System32\thpzcoi05.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AF555EAC-1CE2-4372-A38B-A54F72D5F2A9} - C:\WINDOWS\System32\ialmrpem.dll
    O2 - BHO: (no name) - {B0B95FC0-8683-4D6C-880D-71DA3673EB46} - C:\WINDOWS\System32\javracypt.dll
    O2 - BHO: (no name) - {B4506D26-221C-4D46-8812-F1E22E770831} - C:\WINDOWS\System32\authjz.dll
    O2 - BHO: (no name) - {B5D7AE4C-19E3-4C39-A180-3FDBD8B42E78} - C:\WINDOWS\System32\bibdispl.dll
    O2 - BHO: (no name) - {BAB57F4D-49A5-4B3A-8971-DF9CD15F7E95} - C:\WINDOWS\System32\heticons.dll
    O2 - BHO: (no name) - {BC621699-2B46-4A78-AA02-4DE30C097F72} - C:\WINDOWS\System32\coompobj.dll
    O2 - BHO: (no name) - {BD5AD6A5-F819-4FAC-853A-2469A6F417A5} - C:\WINDOWS\System32\eos.dll
    O2 - BHO: (no name) - {BD5F84C4-7BB4-4CCF-A073-6D6E76740B8E} - C:\WINDOWS\System32\dmcuonfig.dll
    O2 - BHO: (no name) - {C6C1BA5B-C757-4B00-8504-722254FFB860} - C:\WINDOWS\System32\ceewmdm.dll
    O2 - BHO: (no name) - {C81B3643-6A8E-47E9-BAEF-9C4E96D9A501} - C:\WINDOWS\System32\fxsxfp32.dll
    O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: (no name) - {CA5354A1-1506-4EB0-9DB0-6F1E2FF2CD19} - C:\WINDOWS\System32\dsrdmoprp.dll
    O2 - BHO: (no name) - {CDB8AA1D-8054-4E77-BDD1-36659CCF46DD} - C:\WINDOWS\System32\endcapi.dll
    O2 - BHO: (no name) - {CF280F92-91AD-4CB3-A3F8-9B1CE7949D62} - C:\WINDOWS\System32\iasysdo.dll
    O2 - BHO: (no name) - {D51068F4-B0E4-4029-BD25-4BA47A58C07E} - C:\WINDOWS\System32\oimgutil.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O2 - BHO: (no name) - {DD635C7C-0D9B-490B-A4BE-E882D7BE888D} - C:\WINDOWS\System32\igbfxdev.dll
    O2 - BHO: (no name) - {E1668235-5EDE-4097-B26F-A55332235702} - C:\WINDOWS\System32\dmrime.dll
    O2 - BHO: (no name) - {E246E831-410A-4EDE-811A-556DB61A059F} - C:\WINDOWS\System32\iqmagehlp.dll
    O2 - BHO: (no name) - {E28AB278-8B91-4B57-97D7-1583A5DA263F} - C:\WINDOWS\System32\igfxreqs.dll
    O2 - BHO: (no name) - {E79AF795-162A-41EE-80E1-B4C8650F7FA0} - C:\WINDOWS\System32\xinetcomm.dll
    O2 - BHO: (no name) - {F12B83DD-21DE-4143-9825-6D5AA332AB70} - C:\WINDOWS\System32\bhrowselc.dll
    O2 - BHO: (no name) - {F1D9B9B7-63A3-46C2-AEA3-4FF1F039FAFF} - C:\WINDOWS\System32\crtedll.dll
    O2 - BHO: (no name) - {F975CB33-DF66-4AE7-B397-496B5FB4065B} - C:\WINDOWS\System32\cmpcrops.dll
    O2 - BHO: (no name) - {FEB41922-1254-4BC0-9501-B6A743032B06} - C:\WINDOWS\System32\inetrves.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)
    O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [cawcls.exe] C:\WINDOWS\System32\cawcls.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
    O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
    O4 - HKLM\..\Run: [Swapper] C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe /m
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
    O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v9\scbar.exe" /H
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
    O4 - HKLM\..\Run: [xepsizih] C:\WINDOWS\ajiefliq.exe
    O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [CYvujfo] C:\documents and settings\owner\local settings\temp\CYvujfo.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer
    O4 - HKLM\..\Run: [Yahoo Messenger] YAHOOMSG.EXE
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Dan the man\Application Data\eber.exe
    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [Yahoo Messenger] YAHOOMSG.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
    O9 - Extra button: AdBlock (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: AdBlock Configuration (HKLM)
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .wma: C:\nunet\netscape\program\PLUGINS\npdsplay.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthsmakamai/systemsoappro.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) - http://adblock.linkz.com/APHelper.dll
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
     
  2. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    You have an extreme amount of problems. :'( This will take a couple of passes.

    Download LSP Fix Here-> http://www.cexx.org/lspfix.htm Save it to your desktop for use at the end.

    The first thing you need to do is go through add/remove programs and uninstall the items that you did not install yourself. The ones I see that may be there are:
    EAnthology or EAccleration. Get all of that including Stop Sign
    Webhancer
    Viewpoint
    Lycos
    ClearSearch
    TV Media
    MyWebSearch
    SpyHunter
    LimeWire or LimeShop or both.
    WhenUSearch or WhenUFind
    System Soap

    Boot to safe mode: Instructions here.

    Then Close all windows and have hijackthis fix the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.windowenhancer.com/np...stmpl1&sstring=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startium.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.windowenhancer.com/np...stmpl1&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.6
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.windowenhancer.com/np...k=sbar1_srchbtn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.windowenhancer.com/np...stmpl1&sstring=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.6
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.windowenhancer.com/np...stmpl1&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.windowenhancer.com/np...stmpl1&sstring=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.windowenhancer.com/np...stmpl1&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.6
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v9\scbar.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
    O2 - BHO: (no name) - {03626ADF-C346-4789-BFE8-1321FDEF0AC4} - C:\WINDOWS\System32\ipsmsnnap.dll
    O2 - BHO: (no name) - {04FB308F-890D-490A-AF3B-4FE27689204D} - C:\WINDOWS\System32\ir41_qac.dll
    O2 - BHO: (no name) - {08487019-7F62-4782-B29C-6E464799C7B4} - C:\WINDOWS\System32\igffxpph.dll
    O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll
    O2 - BHO: (no name) - {0B6CC71E-1DFB-463C-857B-27184D7C1C28} - C:\WINDOWS\System32\kkbdal.dll
    O2 - BHO: (no name) - {0DF662A7-9EB8-46B4-B5D6-29C00538FF9F} - C:\WINDOWS\System32\epncdec.dll
    O2 - BHO: (no name) - {0E077502-14C0-4E2A-A57D-20C23539271D} - C:\WINDOWS\System32\dbnetlirb.dll
    O2 - BHO: (no name) - {0E626388-F2FA-4F86-867A-75D337E54967} - C:\WINDOWS\System32\coomsnap.dll
    O2 - BHO: (no name) - {0FDA24F7-58C1-4DFC-BEFF-7B3302386D11} - C:\WINDOWS\System32\fldrjclnr.dll
    O2 - BHO: (no name) - {11856A1C-29E7-40F2-93CC-32FD544F8575} - C:\WINDOWS\System32\hccuoin.dll
    O2 - BHO: (no name) - {13905444-250A-4623-B767-47C6202ABB83} - C:\WINDOWS\System32\ipasecsnp.dll
    O2 - BHO: (no name) - {13F9A7EF-A3A0-4109-B79C-0717017D70EE} - C:\WINDOWS\System32\iaxsacct.dll
    O2 - BHO: (no name) - {14A70038-2CCD-4B8D-98F0-2484FCEF2775} - C:\WINDOWS\System32\dsaound3d.dll
    O2 - BHO: (no name) - {1C3E0283-621D-4FCE-AADE-A480CFD196D0} - C:\WINDOWS\System32\batmteter.dll
    O2 - BHO: (no name) - {21185AE7-68E2-4F70-9B60-8E3A5CDF46FE} - C:\WINDOWS\System32\isedkcs32.dll
    O2 - BHO: (no name) - {230B20A0-3400-46FA-9EA2-2535A4AC1EFA} - C:\WINDOWS\System32\cltl3d.dll
    O2 - BHO: (no name) - {2DA916F5-412B-40A2-81F6-318F88862E49} - C:\WINDOWS\System32\dpnnaddr.dll
    O2 - BHO: (no name) - {33103E3B-1A05-4B1A-9A07-38C129E3C1BE} - C:\WINDOWS\System32\fxsycomex.dll
    O2 - BHO: (no name) - {3453BD04-734F-4422-A696-1F08F0C9DD63} - C:\WINDOWS\System32\cmuttil.dll
    O2 - BHO: (no name) - {391C55B6-686B-4ED6-8BB4-4182683CC864} - C:\WINDOWS\System32\d3rdramp.dll
    O2 - BHO: (no name) - {39282282-9992-4415-B2B9-8CE808A87EE2} - C:\WINDOWS\System32\hpmzcon05.dll
    O2 - BHO: (no name) - {3B509432-D592-4AF9-A0C1-A82B8990FDBE} - C:\WINDOWS\System32\inwetcfg.dll
    O2 - BHO: (no name) - {40BD57D2-7B2D-43C8-8613-B516D10176BB} - C:\WINDOWS\System32\edpwsockox.dll
    O2 - BHO: (no name) - {41DBD329-48FE-451B-B06C-4830CE6D682C} - C:\WINDOWS\System32\dpwsockox.dll
    O2 - BHO: (no name) - {42F2F311-27C9-497A-AC0D-94F7361895A5} - C:\WINDOWS\System32\wgpkrsrc.dll
    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll (file missing)
    O2 - BHO: (no name) - {44AF611D-9583-47FA-A9F2-6491A87B80B2} - C:\WINDOWS\System32\davclnkt.dll
    O2 - BHO: (no name) - {4F00D0FB-A318-4289-B4C5-C6A4B7A39680} - C:\WINDOWS\System32\iologmsng.dll
    O2 - BHO: (no name) - {51A4F172-0A4F-459E-B915-5932F0ECCB24} - C:\WINDOWS\System32\incput.dll
    O2 - BHO: (no name) - {560BA1BE-B2EE-4663-9320-ED5E6160786A} - C:\WINDOWS\System32\ctll3dv2.dll
    O2 - BHO: (no name) - {609746F1-930F-409A-A612-51FCD11CC9D4} - C:\WINDOWS\System32\ir32m_32.dll
    O2 - BHO: (no name) - {69B5B98E-25DC-468F-9C68-F89ACA973095} - C:\WINDOWS\System32\gfxscom.dll
    O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
    O2 - BHO: (no name) - {6E0E219E-F026-4806-A58E-3D3077F372D3} - C:\WINDOWS\System32\d3do8.dll
    O2 - BHO: (no name) - {7AB6FCCF-9975-472D-AA7A-543EC90E9F96} - C:\WINDOWS\System32\dmdskrpes.dll
    O2 - BHO: (no name) - {7BAF2216-EBF1-46D5-B642-FED4A443A053} - C:\WINDOWS\System32\dmsevrver.dll
    O2 - BHO: (no name) - {83F6DAC4-4A26-4E2F-AF5E-AFC759D7BF71} - C:\WINDOWS\System32\hnetcfdg.dll
    O2 - BHO: (no name) - {88E265C4-ABE6-4F5E-9687-CF6D146DFF22} - C:\WINDOWS\System32\bahtt.dll
    O2 - BHO: (no name) - {8A3D65CE-995A-456F-92A3-85C04DAD114F} - C:\WINDOWS\System32\fxsycofmex.dll
    O2 - BHO: (no name) - {91B38BE6-4A4E-4E2F-8965-6873FCFEA483} - C:\WINDOWS\System32\fatmlib.dll
    O2 - BHO: (no name) - {98913E2C-6AC0-4BCC-85BE-E2F849756795} - C:\WINDOWS\System32\iccvgid.dll
    O2 - BHO: (no name) - {99C3B76A-C4FB-42DC-A61B-96FB7018CDD1} - C:\WINDOWS\System32\dmservger.dll
    O2 - BHO: (no name) - {A33A5930-1FA8-4EA9-BA3F-7E1ACDB281E7} - C:\WINDOWS\System32\thpzcoi05.dll
    O2 - BHO: (no name) - {AF555EAC-1CE2-4372-A38B-A54F72D5F2A9} - C:\WINDOWS\System32\ialmrpem.dll
    O2 - BHO: (no name) - {B0B95FC0-8683-4D6C-880D-71DA3673EB46} - C:\WINDOWS\System32\javracypt.dll
    O2 - BHO: (no name) - {B4506D26-221C-4D46-8812-F1E22E770831} - C:\WINDOWS\System32\authjz.dll
    O2 - BHO: (no name) - {B5D7AE4C-19E3-4C39-A180-3FDBD8B42E78} - C:\WINDOWS\System32\bibdispl.dll
    O2 - BHO: (no name) - {BAB57F4D-49A5-4B3A-8971-DF9CD15F7E95} - C:\WINDOWS\System32\heticons.dll
    O2 - BHO: (no name) - {BC621699-2B46-4A78-AA02-4DE30C097F72} - C:\WINDOWS\System32\coompobj.dll
    O2 - BHO: (no name) - {BD5AD6A5-F819-4FAC-853A-2469A6F417A5} - C:\WINDOWS\System32\eos.dll
    O2 - BHO: (no name) - {BD5F84C4-7BB4-4CCF-A073-6D6E76740B8E} - C:\WINDOWS\System32\dmcuonfig.dll
    O2 - BHO: (no name) - {C6C1BA5B-C757-4B00-8504-722254FFB860} - C:\WINDOWS\System32\ceewmdm.dll
    O2 - BHO: (no name) - {C81B3643-6A8E-47E9-BAEF-9C4E96D9A501} - C:\WINDOWS\System32\fxsxfp32.dll
    O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: (no name) - {CA5354A1-1506-4EB0-9DB0-6F1E2FF2CD19} - C:\WINDOWS\System32\dsrdmoprp.dll
    O2 - BHO: (no name) - {CDB8AA1D-8054-4E77-BDD1-36659CCF46DD} - C:\WINDOWS\System32\endcapi.dll
    O2 - BHO: (no name) - {CF280F92-91AD-4CB3-A3F8-9B1CE7949D62} - C:\WINDOWS\System32\iasysdo.dll
    O2 - BHO: (no name) - {D51068F4-B0E4-4029-BD25-4BA47A58C07E} - C:\WINDOWS\System32\oimgutil.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O2 - BHO: (no name) - {DD635C7C-0D9B-490B-A4BE-E882D7BE888D} - C:\WINDOWS\System32\igbfxdev.dll
    O2 - BHO: (no name) - {E1668235-5EDE-4097-B26F-A55332235702} - C:\WINDOWS\System32\dmrime.dll
    O2 - BHO: (no name) - {E246E831-410A-4EDE-811A-556DB61A059F} - C:\WINDOWS\System32\iqmagehlp.dll
    O2 - BHO: (no name) - {E28AB278-8B91-4B57-97D7-1583A5DA263F} - C:\WINDOWS\System32\igfxreqs.dll
    O2 - BHO: (no name) - {E79AF795-162A-41EE-80E1-B4C8650F7FA0} - C:\WINDOWS\System32\xinetcomm.dll
    O2 - BHO: (no name) - {F12B83DD-21DE-4143-9825-6D5AA332AB70} - C:\WINDOWS\System32\bhrowselc.dll
    O2 - BHO: (no name) - {F1D9B9B7-63A3-46C2-AEA3-4FF1F039FAFF} - C:\WINDOWS\System32\crtedll.dll
    O2 - BHO: (no name) - {F975CB33-DF66-4AE7-B397-496B5FB4065B} - C:\WINDOWS\System32\cmpcrops.dll
    O2 - BHO: (no name) - {FEB41922-1254-4BC0-9501-B6A743032B06} - C:\WINDOWS\System32\inetrves.dll

    O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)
    O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll

    O4 - HKLM\..\Run: [cawcls.exe] C:\WINDOWS\System32\cawcls.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
    O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
    O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
    O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v9\scbar.exe" /H
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
    O4 - HKLM\..\Run: [xepsizih] C:\WINDOWS\ajiefliq.exe
    O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [CYvujfo] C:\documents and settings\owner\local settings\temp\CYvujfo.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Dan the man\Application Data\eber.exe
    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
    O9 - Extra button: AdBlock (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: AdBlock Configuration (HKLM)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/s...stemsoappro.cab
    O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) - http://adblock.linkz.com/APHelper.dll
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

    Below are Optional: These do not need to start up all the time. They are resource hogs!

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Yahoo Messenger] YAHOOMSG.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\RunOnce: [Yahoo Messenger] YAHOOMSG.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE


    Then while in safe mode delete the following:

    C:\Program Files\ClearSearch<-Folder
    C:\Program Files\TV Media<-Folder
    C:\Program Files\Lycos<-Folder
    C:\Program Files\scbar<-Folder
    The folder in C:\Program Files that begins with ACCELE.
    C:\Program Files\webHancer<-Folder
    C:\Program Files\MyWebSearch<-Folder
    C:\WINDOWS\dealhlpr.dll<-File
    C:\WINDOWS\System32\cawcls.exe<-File
    C:\Program Files\Common Files\Dpi<-Folder
    C:\WINDOWS\Belt.exe<-File
    The folder in C:\Program Files\Common Files that begins with EACCEL.
    C:\WINDOWS\system32\pcs<-Folder
    C:\Program Files\RVP<-Folder
    C:\Program Files\SpyHunter<-Folder
    C:\WINDOWS\DHUpdt.exe<-File
    C:\WINDOWS\dhbrwsr.exe<-File
    C:\WINDOWS\ajiefliq.exe<-File
    C:\Program Files\Viewpoint<-Folder
    C:\WINDOWS\System32\IEHost.exe<-File
    CC:\Program Files\WHENUSEARCH<-Folder
    C:\WINDOWS\System32\inetp60.dll<-File
    C:\WINDOWS\bxxs5.dll<-File
    C:\Program Files\System Soap Pro<-Folder

    All the following files in the C:\Windows\System32 Folder:

    ipsmsnnap.dll
    ir41_qac.dll
    igffxpph.dll
    inetp60.dll
    kkbdal.dll
    epncdec.dll
    dbnetlirb.dll
    coomsnap.dll
    fldrjclnr.dll
    hccuoin.dll
    ipasecsnp.dll
    iaxsacct.dll
    dsaound3d.dll
    batmteter.dll
    isedkcs32.dll
    cltl3d.dll
    dpnnaddr.dll
    fxsycomex.dll
    cmuttil.dll
    d3rdramp.dll
    hpmzcon05.dll
    inwetcfg.dll
    edpwsockox.dll
    dpwsockox.dll
    wgpkrsrc.dll
    msibkd.dll
    davclnkt.dll
    iologmsng.dll
    incput.dll
    ctll3dv2.dll
    ir32m_32.dll
    gfxscom.dll
    d3do8.dll
    dmdskrpes.dll
    dmsevrver.dll
    hnetcfdg.dll
    bahtt.dll
    fxsycofmex.dll
    fatmlib.dll
    iccvgid.dll
    dmservger.dll
    thpzcoi05.dll
    ialmrpem.dll
    javracypt.dll
    authjz.dll
    bibdispl.dll
    heticons.dll
    coompobj.dll
    eos.dll
    dmcuonfig.dll
    ceewmdm.dll
    fxsxfp32.dll
    dsrdmoprp.dll
    endcapi.dll
    iasysdo.dll
    oimgutil.dll
    igbfxdev.dll
    dmrime.dll
    iqmagehlp.dll
    igfxreqs.dll
    xinetcomm.dll
    bhrowselc.dll
    crtedll.dll
    cmpcrops.dll
    inetrves.dll


    Then browse to the C:\documents and settings\Dan the man\local settings\temp folder and delete all files and folders in it.
    Then browse to the C:\Windows\Temp folder and delete all files in it.
    Then in internet explore click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

    Then empty the recycle bin.

    Then reboot to normal mode.

    Then,

    Download ad-aware here -> http://fileforum.betanews.com/detail.php3?fid=965718306

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    Click the "Tweak" button.

    Open up the "Scanning Engine" section and tick "Unload recognized processes during scanning"

    Then........"Cleaning engine" and "Let windows remove files in use at next reboot" and "Automatically try to unregister objects prior to deletion"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Next" button.

    When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    Then,

    Download SPYBOT Search and Destroy here-> http://www.safer-networking.org/index.php?page=mirrors
    Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the "Check for Problems" button. When the Check is over All problems displayed in red are regarded as real threats and should be dealt with. Make sure they are all selected and click the "Fix selected problems" button.

    Then run lspfix that you downloaded at the beginning.

    It repairs possible registry damage to the Winsock Stack.
    Just run it so it reads the list of LSP modules from the Windows registry and verify that each module is present.

    Then hit "Finish" and let it automatically correct the misnumbered or missing entries

    Then Disable system restore: Instructions here.

    Reboot

    Enable system restore.

    Scan and post another hijackthis log.
     
  3. corcorps

    corcorps Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    8
    Logfile of HijackThis v1.97.7
    Scan saved at 7:20:05 PM, on 6/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Dan the man\Desktop\HIJACK\HijackThis.exe

    R3 - Default URLSearchHook is missing
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.northwestern.edu"); (c:\nunet\netscape\Users\dhs380\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://webemail.it.northwestern.edu/"); (C:\Documents and Settings\Dan the man\Application Data\Mozilla\Profiles\default\bh7e271h.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan the man\Application Data\Mozilla\Profiles\default\bh7e271h.slt\prefs.js)
    O2 - BHO: (no name) - {0A0C2249-5EC9-4AC8-9514-2B463DD2DB4A} - C:\WINDOWS\System32\dl3drm.dll
    O2 - BHO: (no name) - {14FCAC19-5585-42CF-B590-374960932EDE} - C:\WINDOWS\System32\vcliconfg.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7D41CA01-282E-471B-A241-2876C855A6A3} - C:\WINDOWS\System32\capresnpn.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {BC45ED7B-2624-410F-AE2D-56FB96C00EFB} - C:\WINDOWS\System32\adslldpc.dll
    O2 - BHO: (no name) - {C321F84C-33FF-4133-B57C-2FB4407096B1} - C:\WINDOWS\System32\fvxsext32.dll
    O2 - BHO: (no name) - {EE1C92E8-3448-4B5D-842F-63216A1199CB} - C:\WINDOWS\System32\bhorlndmm.dll
    O2 - BHO: (no name) - {F70B0382-4DBB-4711-901C-DB128CD886DC} - C:\WINDOWS\System32\dgsettup.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Swapper] C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe /m
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .wma: C:\nunet\netscape\program\PLUGINS\npdsplay.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
     
  4. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    That looks much better. :) There are still a few to clean up. I assume things are running better now?

    Close all windows and have hijackthis fix the following:

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {0A0C2249-5EC9-4AC8-9514-2B463DD2DB4A} - C:\WINDOWS\System32\dl3drm.dll
    O2 - BHO: (no name) - {14FCAC19-5585-42CF-B590-374960932EDE} - C:\WINDOWS\System32\vcliconfg.dll
    O2 - BHO: (no name) - {7D41CA01-282E-471B-A241-2876C855A6A3} - C:\WINDOWS\System32\capresnpn.dll
    O2 - BHO: (no name) - {BC45ED7B-2624-410F-AE2D-56FB96C00EFB} - C:\WINDOWS\System32\adslldpc.dll
    O2 - BHO: (no name) - {C321F84C-33FF-4133-B57C-2FB4407096B1} - C:\WINDOWS\System32\fvxsext32.dll
    O2 - BHO: (no name) - {EE1C92E8-3448-4B5D-842F-63216A1199CB} - C:\WINDOWS\System32\bhorlndmm.dll
    O2 - BHO: (no name) - {F70B0382-4DBB-4711-901C-DB128CD886DC} - C:\WINDOWS\System32\dgsettup.dll

    Then while in safe mode delete the following:

    C:\WINDOWS\System32\dl3drm.dll <-File
    C:\WINDOWS\System32\vcliconfg.dll <-File
    C:\WINDOWS\System32\capresnpn.dll <-File
    C:\WINDOWS\System32\adslldpc.dll <-File
    C:\WINDOWS\System32\fvxsext32.dll <-File
    C:\WINDOWS\System32\bhorlndmm.dll <-File
    C:\WINDOWS\System32\dgsettup.dll <-File

    Reboot

    Scan and post another hijackthis log.
     
  5. corcorps

    corcorps Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    8
    Logfile of HijackThis v1.97.7
    Scan saved at 8:38:08 PM, on 6/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\YAHOOMSG.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Dan the man\Desktop\HIJACK\HijackThis.exe

    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.northwestern.edu"); (c:\nunet\netscape\Users\dhs380\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://webemail.it.northwestern.edu/"); (C:\Documents and Settings\Dan the man\Application Data\Mozilla\Profiles\default\bh7e271h.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan the man\Application Data\Mozilla\Profiles\default\bh7e271h.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Swapper] C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe /m
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Yahoo Messenger] YAHOOMSG.EXE
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\RunOnce: [Yahoo Messenger] YAHOOMSG.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .wma: C:\nunet\netscape\program\PLUGINS\npdsplay.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
     
  6. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    It is clean now. :cool:
     
  7. corcorps

    corcorps Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    8
    My AIM keeps popping up and saying: The AIM hyperlink you've clicked on may require you to be online to work. Please log in first.

    Also Int. Explorer keeps popping up to the website members.lycos.co.uk/xxx224/rolf.html
    I am then prompted to download something, to which I say no. Then there is a dialog that says that I need to download the file to access this link. I hit OK, the only button, and the download thing pops up again. It repeats.

    Thanks so much. Things are much better.
     
  8. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    I am not sure about the AIM thing. Maybe uninstall it and reinstall it.

    Try resetting your web settings in IE. Tools>Internet Options and then click the programs tab. Click the "reset web settings" button.

    Then go here and set up your IE security to be more secure.

    Then go here and download and install spywareblaster. You should consider getting the paid version which automatically updates. It is well worth the $10.00/year. You can use the free version and manually update but the autoupdate is safer because you don't have to remember to do it.
     
Thread Status:
Not open for further replies.