Options
Hijack This
I have x-lime and am trying to get rid of it. Here is my log file from Hijack This. Any help would be greatly appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 8:04:32 AM, on 10/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\PatchLink\Update Agent\GravitixService.exe
F:\Program Files\Symantec AntiVirus\SavRoam.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\Anvshell.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\system32\wljruv.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
F:\WINDOWS\System32\WISPTIS.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\JSokacich\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - F:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - F:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anvshell] F:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "F:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BullsEye Network] F:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [jzitfd] F:\WINDOWS\system32\wljruv.exe
O4 - HKLM\..\Run: [conscorr] F:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Win Server Updt] F:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=12bc0279316c83e57f7224c7f7bf932b7af8f43d12511b497b7c9e115538c441be3a7110261cce156bdb84228ae501546245582a:8e80568eb307a70b2e6d49c52797e0c4
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089658593921
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38180.4973263889
O16 - DPF: {9F9D2D68-4980-4763-B769-510A30F2C7BC} (SvrWrapperCtl Control) - https://targetrewards.target.com/targetrewardsWeb/jsp/SvrWrapperCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JD.com
O17 - HKLM\Software\..\Telephony: DomainName = JD.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JD.com
Logfile of HijackThis v1.97.7
Scan saved at 8:04:32 AM, on 10/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\PatchLink\Update Agent\GravitixService.exe
F:\Program Files\Symantec AntiVirus\SavRoam.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\Anvshell.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\system32\wljruv.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
F:\WINDOWS\System32\WISPTIS.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\JSokacich\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - F:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - F:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anvshell] F:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "F:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BullsEye Network] F:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [jzitfd] F:\WINDOWS\system32\wljruv.exe
O4 - HKLM\..\Run: [conscorr] F:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Win Server Updt] F:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=12bc0279316c83e57f7224c7f7bf932b7af8f43d12511b497b7c9e115538c441be3a7110261cce156bdb84228ae501546245582a:8e80568eb307a70b2e6d49c52797e0c4
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089658593921
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38180.4973263889
O16 - DPF: {9F9D2D68-4980-4763-B769-510A30F2C7BC} (SvrWrapperCtl Control) - https://targetrewards.target.com/targetrewardsWeb/jsp/SvrWrapperCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JD.com
O17 - HKLM\Software\..\Telephony: DomainName = JD.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JD.com
0
Comments
Logfile of HijackThis v1.97.7
Scan saved at 8:51:36 AM, on 10/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\PatchLink\Update Agent\GravitixService.exe
F:\Program Files\Symantec AntiVirus\SavRoam.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\Anvshell.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\WINDOWS\system32\wljruv.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\JSokacich\My Documents\HijackThis.exe
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - F:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - F:\WINDOWS\systb.dll (file missing)
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [Anvshell] F:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jzitfd] F:\WINDOWS\system32\wljruv.exe
O4 - HKLM\..\Run: [Win Server Updt] F:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=12bc0279316c83e57f7224c7f7bf932b7af8f43d12511b497b7c9e115538c441be3a7110261cce156bdb84228ae501546245582a:8e80568eb307a70b2e6d49c52797e0c4
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089658593921
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38180.4973263889
O16 - DPF: {9F9D2D68-4980-4763-B769-510A30F2C7BC} (SvrWrapperCtl Control) - https://targetrewards.target.com/targetrewardsWeb/jsp/SvrWrapperCtl.cab
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - F:\WINDOWS\systb.dll (file missing)
O4 - HKLM\..\Run: [jzitfd] F:\WINDOWS\system32\wljruv.exe
O4 - HKLM\..\Run: [Win Server Updt] F:\WINDOWS\wupdt.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...e6d49c52797e0c4
Fix those entries then find and delete the files listed above, reboot and post a new log.
Logfile of HijackThis v1.98.2
Scan saved at 8:29:12 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\PatchLink\Update Agent\GravitixService.exe
F:\Program Files\Symantec AntiVirus\SavRoam.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\Anvshell.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Documents and Settings\JSokacich\Desktop\HijackThis.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\WINDOWS\system32\userinit.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\Program Files\Internet Explorer\iexplore.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anvshell] F:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089658593921
O16 - DPF: {9F9D2D68-4980-4763-B769-510A30F2C7BC} (SvrWrapperCtl Control) - https://targetrewards.target.com/targetrewardsWeb/jsp/SvrWrapperCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JD.com
O17 - HKLM\Software\..\Telephony: DomainName = JD.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JD.com
Logfile of HijackThis v1.98.0
Scan saved at 3:03:51 PM, on 10/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
N:\Misapps\Utilities\Spyware Removal\Hijack This (for Browser HiJacks)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: SearchHook Class - {0F9C37FC-72C6-4D7C-887E-21FB58DA7A41} - C:\Program Files\EE\SEF.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll (file missing)
O2 - BHO: SDWin32 Class - {17CE1286-BCE6-4E85-8B70-79E3AC934886} - C:\WINDOWS\System32\txkpv.dll
O2 - BHO: (no name) - {3CF6325C-B513-4E93-8A23-64557CFA796C} - C:\WINDOWS\System32\nuaqgura.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7936042B-857B-438F-9A37-2C8F70DE2C34} - C:\WINDOWS\System32\jfontext.dll (file missing)
O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll (file missing)
O2 - BHO: Redirect Class - {9516919A-9D32-4B17-BD14-2CE488599F65} - C:\Program Files\EE\EEF.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\jim\Local Settings\Temp\wVWH.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: (no name) - {4FFD9030-9ED3-415C-80D4-E2BC5B52ECF6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Szep85lm.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [txkpvc] C:\WINDOWS\System32\txkpvc.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [hsatyam] C:\WINDOWS\System32\hsatyam.exe
O4 - HKLM\..\Run: [ybcfch] C:\WINDOWS\ybcfch.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [ofmvrst] C:\WINDOWS\System32\cyygwbsp.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\PROGRA~1\WHENUS~1\whse.exe
O4 - HKLM\..\Run: [p34P3qW] dxt42deu.exe
O4 - HKLM\..\Run: [eclogons] C:\WINDOWS\System32\eclogons.exe
O4 - HKLM\..\Run: [OM+C] C:\WINDOWS\System32\OM+C.exe
O4 - HKLM\..\Run: [eh0H4Y] c:\documents and settings\jim\local settings\temp\eh0H4Y.exe
O4 - HKLM\..\Run: [fd4867813c33] C:\WINDOWS\System32\clbcatex.exe
O4 - HKLM\..\Run: [yExO] c:\documents and settings\jim\local settings\temp\yExO.exe
O4 - HKLM\..\Run: [845d29093a71] C:\WINDOWS\System32\atl10817.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\jim\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [setupdll] C:\WINDOWS\System32\setupdll.exe
O4 - HKCU\..\Run: [Y0vFRka6S] pdhwoa.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKCU\..\Run: [Bqjr] C:\WINDOWS\System32\??plorer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: Turbo Download - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.i-lookup.com/toolbar2/windec32.cab
Remove these, reboot, and post new log:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: SearchHook Class - {0F9C37FC-72C6-4D7C-887E-21FB58DA7A41} - C:\Program Files\EE\SEF.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll (file missing)
O2 - BHO: SDWin32 Class - {17CE1286-BCE6-4E85-8B70-79E3AC934886} - C:\WINDOWS\System32\txkpv.dll
O2 - BHO: (no name) - {3CF6325C-B513-4E93-8A23-64557CFA796C} - C:\WINDOWS\System32\nuaqgura.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7936042B-857B-438F-9A37-2C8F70DE2C34} - C:\WINDOWS\System32\jfontext.dll (file missing)
O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll (file missing)
O2 - BHO: Redirect Class - {9516919A-9D32-4B17-BD14-2CE488599F65} - C:\Program Files\EE\EEF.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\jim\Local Settings\Temp\wVWH.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: (no name) - {4FFD9030-9ED3-415C-80D4-E2BC5B52ECF6} - (no file)
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Szep85lm.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [txkpvc] C:\WINDOWS\System32\txkpvc.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [hsatyam] C:\WINDOWS\System32\hsatyam.exe
O4 - HKLM\..\Run: [ybcfch] C:\WINDOWS\ybcfch.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e"
O4 - HKLM\..\Run: [ofmvrst] C:\WINDOWS\System32\cyygwbsp.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\PROGRA~1\WHENUS~1\whse.exe
O4 - HKLM\..\Run: [p34P3qW] dxt42deu.exe
O4 - HKLM\..\Run: [eclogons] C:\WINDOWS\System32\eclogons.exe
O4 - HKLM\..\Run: [OM+C] C:\WINDOWS\System32\OM+C.exe
O4 - HKLM\..\Run: [eh0H4Y] c:\documents and settings\jim\local settings\temp\eh0H4Y.exe
O4 - HKLM\..\Run: [fd4867813c33] C:\WINDOWS\System32\clbcatex.exe
O4 - HKLM\..\Run: [yExO] c:\documents and settings\jim\local settings\temp\yExO.exe
O4 - HKLM\..\Run: [845d29093a71] C:\WINDOWS\System32\atl10817.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\jim\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [Y0vFRka6S] pdhwoa.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKCU\..\Run: [Bqjr] C:\WINDOWS\System32\??plorer.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: Turbo Download - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.i-lookup.com/toolbar2/windec32.cab