Options
Removal of Home Search Assistent
Like a million other people (it seems) I too have this dreaded Home Search Assistent on my computer. I found this website through a Yahoo search, and it's already been a huge help. So far, I have followed the instructions provided to a tee, such as downloading and updating Ad Aware and Spybot Search and Destroy. I have run both of these programs, and they have helped an awful lot with cleaning up my computer. I already notice it being much faster. However, this Home Search Assistent persists. My next step was to download and run Hijack this. Listed below is the log file that I have saved. I'm hoping someone can please help me get rid of this thing, so I can enjoy the internet again. Any help you can give is much appreciated, and I thank you for your time.
jakey79
Logfile of HijackThis v1.98.2
Scan saved at 11:26:08 PM, on 11/4/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\t?skmgr.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\mickey32.dll:yuqvd
C:\WINNT\sdkdd.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {201C2FBF-3759-3A0D-344E-15772DA97FF5} - C:\WINNT\winhs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKLM\..\Run: [sdkdd.exe] C:\WINNT\sdkdd.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [yuqvd] C:\WINNT\mickey32.dll:yuqvd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Oobgkbhv] C:\WINNT\System32\t?skmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
jakey79
Logfile of HijackThis v1.98.2
Scan saved at 11:26:08 PM, on 11/4/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\t?skmgr.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\mickey32.dll:yuqvd
C:\WINNT\sdkdd.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {201C2FBF-3759-3A0D-344E-15772DA97FF5} - C:\WINNT\winhs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKLM\..\Run: [sdkdd.exe] C:\WINNT\sdkdd.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [yuqvd] C:\WINNT\mickey32.dll:yuqvd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Oobgkbhv] C:\WINNT\System32\t?skmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
0
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptzzr.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {201C2FBF-3759-3A0D-344E-15772DA97FF5} - C:\WINNT\winhs.dll
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [sdkdd.exe] C:\WINNT\sdkdd.exe
O4 - HKLM\..\RunOnce: [yuqvd] C:\WINNT\mickey32.dll:yuqvd
Fix those entries then find and delete teh following files:
C:\WINNT\system32\ptzzr.dll
C:\WINNT\winhs.dll
C:\Program Files\KaZaA\
c:\program files\180solutions\
C:\WINNT\sdkdd.exe
C:\WINNT\mickey32.dll:yuqvd
C:\WINNT\System32\t?skmgr.exe
C:\WINNT\System32\rsvp.exe
Then pull the plug on your computer, and post a new log.
__________________________________
Logfile of HijackThis v1.98.2
Scan saved at 4:58:58 PM, on 11/6/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\t?skmgr.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D264DCF3-9347-4D52-6344-B1DFCDF8D2AA} - C:\WINNT\iedl32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [atlmt32.exe] C:\WINNT\atlmt32.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Oobgkbhv] C:\WINNT\System32\t?skmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iwnet.dll/sp.html#26512
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {D264DCF3-9347-4D52-6344-B1DFCDF8D2AA} - C:\WINNT\iedl32.dll
O4 - HKLM\..\Run: [atlmt32.exe] C:\WINNT\atlmt32.exe
O4 - HKCU\..\Run: [Oobgkbhv] C:\WINNT\System32\t?skmgr.exe
Fix those entries then find and delete teh following files:
C:\WINNT\system32\iwnet.dll
C:\WINNT\iedl32.dll
C:\WINNT\atlmt32.exe
C:\WINNT\System32\t?skmgr.exe
Then pull the plug on your computer and post a new log.
Also, please do not reboot until I say it is ok.
C:\\WINNT\System32\t?skmgr.exe
Also, I can no longer use the find files or folders option from the search tab on the start menu, I can no longer drag files on my desktop, and I can't view the web like I could before (i.e. hotmail doesn't show up at all, menus and graphics that I could see before no longer appear)
Anyway, below is my most recent log, and I will not reboot my computer until you say so. I apologize for that.
Logfile of HijackThis v1.98.2
Scan saved at 6:29:06 PM, on 11/11/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\setuperr.log:ginei
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\mspy.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4D6D252B-C0DA-460F-AC12-D770C6D7EA1B} - C:\WINNT\ieab.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mspy.exe] C:\WINNT\mspy.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O4 - HKLM\..\Run: [mspy.exe] C:\WINNT\mspy.exe
Fix those entries then find and delete teh following files:
C:\WINNT\ieab.dll
C:\WINNT\mspy.exe
C:\WINNT\setuperr.log:ginei
Then pull the plug and post a new log.
ogfile of HijackThis v1.98.2
Scan saved at 1:39:47 PM, on 11/12/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\netou.exe
C:\WINNT\system32\d3is32.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\vzqdm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\vzqdm.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B7F01D0-ADED-EA3C-EAF6-EDA8D1DF6CE9} - C:\WINNT\sysbi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E8FB5ADC-1A8F-92CD-F1A0-C2D9D6E088D4} - C:\WINNT\system32\ieli32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKLM\..\Run: [netou.exe] C:\WINNT\system32\netou.exe
O4 - HKLM\..\RunOnce: [d3is32.exe] C:\WINNT\system32\d3is32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\vzqdm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\vzqdm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\vzqdm.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B7F01D0-ADED-EA3C-EAF6-EDA8D1DF6CE9} - C:\WINNT\sysbi.dll
O2 - BHO: (no name) - {E8FB5ADC-1A8F-92CD-F1A0-C2D9D6E088D4} - C:\WINNT\system32\ieli32.dll
O4 - HKLM\..\Run: [netou.exe] C:\WINNT\system32\netou.exe
O4 - HKLM\..\RunOnce: [d3is32.exe] C:\WINNT\system32\d3is32.exe
Fix those entries then find and delete the following files:
C:\WINNT\vzqdm.dll
C:\WINNT\sysbi.dll
C:\WINNT\system32\ieli32.dll
C:\WINNT\system32\netou.exe
C:\WINNT\system32\d3is32.exe
Then pull the plug and post a new log.
Logfile of HijackThis v1.98.2
Scan saved at 6:03:09 PM, on 11/23/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\netuu32.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {DB317464-3C16-AC5B-5DD4-83C394CD0035} - C:\WINNT\system32\crzu32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [netou.exe] C:\WINNT\system32\netou.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\iczwi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {DB317464-3C16-AC5B-5DD4-83C394CD0035} - C:\WINNT\system32\crzu32.dll
O4 - HKLM\..\Run: [netou.exe] C:\WINNT\system32\netou.exe
fix those entries then find and delete the following files:
C:\WINNT\system32\iczwi.dll
C:\WINNT\system32\crzu32.dll
C:\WINNT\system32\netou.exe
C:\WINNT\netuu32.exe
Then pull the plug and post a new log.
Logfile of HijackThis v1.98.2
Scan saved at 5:24:40 PM, on 11/24/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\netuu32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rppvk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rppvk.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {238EB9D6-5ABA-AB6D-0498-D30C267C244E} - C:\WINNT\msey.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce229ae44e63801/netzip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rppvk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rppvk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rppvk.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {238EB9D6-5ABA-AB6D-0498-D30C267C244E} - C:\WINNT\msey.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c25ce...ip/RdxIE601.cab
Fix those entries then find and delete the following files:
C:\WINNT\rppvk.dll
C:\WINNT\msey.dll
C:\WINNT\netuu32.exe
Then pull the plug and post a new log.
Here's the latest log
Logfile of HijackThis v1.98.2
Scan saved at 5:20:29 PM, on 11/29/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\netuu32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\jvesg.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E5F5675B-A50D-0B47-8035-DD57214B30CB} - C:\WINNT\system32\appxc.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\mediacheck\autoapwfull\autoinstall\aw51fullautoinstall\awarewebplayer\download\smart\cab\awswaxf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx