Options
Please Help!!!!
Hi!
Finally found a forum that can help me!!! I have been battling with this crap forever!! I ran Adaware, Spybot, Sweeper, plus below HiJackThis, everything except HiJackThis took out items and delete, but doesn't work. there seem to be a spyware in Rundll32.exe as it's always at 67-100%... I don't know how to use HiJackThis, would you computer experts please take a look and help me???!! also, does anybody knows what hgvBe.exe or hgv?e.exe is? it's in my register... please help bleow!!
Logfile of HijackThis v1.98.2
Scan saved at 10:22:38 PM, on 9/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\SIERRA\Counter-Strike\1.6\Steam.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeremy\Desktop\Jeremy.EXE
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Jeremy\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\regedit.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50099
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mail.yahoo.com/?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.nfl.com"); (C:\Documents and Settings\Jeremy\Application Data\Mozilla\Profiles\default\4iy6bhiv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jeremy\Application Data\Mozilla\Profiles\default\4iy6bhiv.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 51.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 51.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Jeremy\WebInstall.exe /R
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysExplr] C:\SthVCDNT\SysExplr.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [crkmzfx] C:\WINDOWS\System32\yrkdzw.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\npatchw32.dll,_mainRD
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winnrz32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] C:\SIERRA\Counter-Strike\1.6\Steam.exe -silent
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\popupblocker\Pop-Up Stopper Free Edition\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PopupBlock] C:\Program Files\planetscott.ca\PopupBlock\PopupBlock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: v2cab - http://15792.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=30f1c668c834f8af9cb263fb5b74c6f98af721c28149e44ac3ffacace4ac126171b6c07c8ce2a968cc36afd54212a72ae45b561ccd1f0b1f0b14f9bb93ddd5:061a5725d1c04e478de72640af5cb44d
O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/activex/HanGamePlugin18.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093615798390
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugsmusic.co.kr/BugsOggPlay_4.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl298.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
Finally found a forum that can help me!!! I have been battling with this crap forever!! I ran Adaware, Spybot, Sweeper, plus below HiJackThis, everything except HiJackThis took out items and delete, but doesn't work. there seem to be a spyware in Rundll32.exe as it's always at 67-100%... I don't know how to use HiJackThis, would you computer experts please take a look and help me???!! also, does anybody knows what hgvBe.exe or hgv?e.exe is? it's in my register... please help bleow!!
Logfile of HijackThis v1.98.2
Scan saved at 10:22:38 PM, on 9/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\SIERRA\Counter-Strike\1.6\Steam.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeremy\Desktop\Jeremy.EXE
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Jeremy\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\regedit.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50099
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mail.yahoo.com/?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.nfl.com"); (C:\Documents and Settings\Jeremy\Application Data\Mozilla\Profiles\default\4iy6bhiv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jeremy\Application Data\Mozilla\Profiles\default\4iy6bhiv.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 51.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 51.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Jeremy\WebInstall.exe /R
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysExplr] C:\SthVCDNT\SysExplr.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [crkmzfx] C:\WINDOWS\System32\yrkdzw.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\npatchw32.dll,_mainRD
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winnrz32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] C:\SIERRA\Counter-Strike\1.6\Steam.exe -silent
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\popupblocker\Pop-Up Stopper Free Edition\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PopupBlock] C:\Program Files\planetscott.ca\PopupBlock\PopupBlock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: v2cab - http://15792.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=30f1c668c834f8af9cb263fb5b74c6f98af721c28149e44ac3ffacace4ac126171b6c07c8ce2a968cc36afd54212a72ae45b561ccd1f0b1f0b14f9bb93ddd5:061a5725d1c04e478de72640af5cb44d
O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/activex/HanGamePlugin18.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093615798390
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugsmusic.co.kr/BugsOggPlay_4.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl298.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
0
Comments
Welcome to short-media. We will help you get rid of all the spyware.
Have HJT fix the following:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50099
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mail.yahoo.com/?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jeremy\Application Data\Mozilla\Profiles\default\4iy6bhiv.slt\prefs.j s)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 51.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 51.dll
O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Jeremy\WebInstall.exe /R
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysExplr] C:\SthVCDNT\SysExplr.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [crkmzfx] C:\WINDOWS\System32\yrkdzw.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\npatchw32.dll,_mainRD
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winnrz32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\popupblocker\Pop-Up Stopper Free Edition\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [PopupBlock] C:\Program Files\planetscott.ca\PopupBlock\PopupBlock.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O16 - DPF: v2cab - http://15792.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...72 640af5cb44d
O16 - DPF: {2F745B25-915B-45A4-A80E-5F0CE37709B1} (HanGamePlugin18 Class) - http://down.hangame.com/dist/active...amePlugin18.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugsmusic.co.kr/BugsOggPlay_4.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl298.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
After you remove those, PULL THE PLUG on your computer - do not shut it down properly!
Turn it back on and post a new log.