Options
HJT log, review please
I'm having the typical about home page and my AIM crashing (which I use frequently) I have ran AdAware
Logfile of HijackThis v1.98.2
Scan saved at 11:49:57 PM, on 11/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Q819696Uninst.log:ftyvj
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\AkCTRES9.exe
C:\WINDOWS\system32\atlyl.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\WINDOWS\System32\typlacer.exe
C:\documents and settings\tammy\local settings\temp\G0jw0oV1.exe
C:\WINDOWS\System32\UMDMXFRM852v.exe
C:\WINDOWS\System32\dxmrtp552j.exe
C:\WINDOWS\System32\BIDISPL319g.exe
C:\WINDOWS\System32\wmerrenu931n.exe
C:\Documents and Settings\tammy\Application Data\ttuh.exe
C:\WINDOWS\System32\winupdt.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\??oolsv.exe
C:\WINDOWS\System32\NIMDMU.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\documents and settings\tammy\local settings\temp\IVvtU.exe
C:\WINDOWS\System32\Gpmb0.exe
C:\WINDOWS\System32\Gpmb0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {744061E1-7286-652B-66C7-7738E9296851} - C:\WINDOWS\nttl32.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eEcn4] C:\documents and settings\tammy\local settings\temp\eEcn4.exe
O4 - HKLM\..\Run: [Aqua.exe] C:\WINDOWS\System32\Aqua.exe
O4 - HKLM\..\Run: [lite.exe] C:\WINDOWS\System32\lite.exe
O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [pULbqou] C:\documents and settings\tammy\local settings\temp\pULbqou.exe
O4 - HKLM\..\Run: [IoFLtrq] C:\documents and settings\tammy\local settings\temp\IoFLtrq.exe
O4 - HKLM\..\Run: [tVIV] C:\documents and settings\tammy\local settings\temp\tVIV.exe
O4 - HKLM\..\Run: [149e79f181cf] C:\WINDOWS\System32\AkCTRES9.exe
O4 - HKLM\..\Run: [javaqi32.exe] C:\WINDOWS\system32\javaqi32.exe
O4 - HKLM\..\Run: [VJ6Mft] C:\documents and settings\tammy\local settings\temp\VJ6Mft.exe
O4 - HKLM\..\Run: [addbj32.exe] C:\WINDOWS\system32\addbj32.exe
O4 - HKLM\..\Run: [CU2] C:\documents and settings\tammy\local settings\temp\CU2.exe
O4 - HKLM\..\Run: [4VUW] C:\documents and settings\tammy\local settings\temp\4VUW.exe
O4 - HKLM\..\Run: [winej32.exe] C:\WINDOWS\system32\winej32.exe
O4 - HKLM\..\Run: [hU] C:\documents and settings\tammy\local settings\temp\hU.exe
O4 - HKLM\..\Run: [WxfC] C:\documents and settings\tammy\local settings\temp\WxfC.exe
O4 - HKLM\..\Run: [crfi.exe] C:\WINDOWS\system32\crfi.exe
O4 - HKLM\..\Run: [ntuq32.exe] C:\WINDOWS\system32\ntuq32.exe
O4 - HKLM\..\Run: [ZoBIGz9v] C:\documents and settings\tammy\local settings\temp\ZoBIGz9v.exe
O4 - HKLM\..\Run: [tETzvIY] C:\documents and settings\tammy\local settings\temp\tETzvIY.exe
O4 - HKLM\..\Run: [d3fe.exe] C:\WINDOWS\system32\d3fe.exe
O4 - HKLM\..\Run: [dDHc] C:\documents and settings\tammy\local settings\temp\dDHc.exe
O4 - HKLM\..\Run: [javawe32.exe] C:\WINDOWS\system32\javawe32.exe
O4 - HKLM\..\Run: [addiw32.exe] C:\WINDOWS\system32\addiw32.exe
O4 - HKLM\..\Run: [uJ] C:\documents and settings\tammy\local settings\temp\uJ.exe
O4 - HKLM\..\Run: [frxSE] C:\documents and settings\tammy\local settings\temp\frxSE.exe
O4 - HKLM\..\Run: [ieqx.exe] C:\WINDOWS\system32\ieqx.exe
O4 - HKLM\..\Run: [atlyl.exe] C:\WINDOWS\system32\atlyl.exe
O4 - HKLM\..\Run: [d3ce.exe] C:\WINDOWS\system32\d3ce.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [2NJe] C:\documents and settings\tammy\local settings\temp\2NJe.exe
O4 - HKLM\..\Run: [sXD] C:\documents and settings\tammy\local settings\temp\sXD.exe
O4 - HKLM\..\Run: [crvc.exe] C:\WINDOWS\system32\crvc.exe
O4 - HKLM\..\Run: [G8] C:\documents and settings\tammy\local settings\temp\G8.exe
O4 - HKLM\..\Run: [OP] C:\documents and settings\tammy\local settings\temp\OP.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [kcczqc] C:\WINDOWS\System32\kcczqc.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [CKBl] C:\documents and settings\tammy\local settings\temp\CKBl.exe
O4 - HKLM\..\Run: [fc] C:\documents and settings\tammy\local settings\temp\fc.exe
O4 - HKLM\..\Run: [w7EQ37g] typlacer.exe
O4 - HKLM\..\Run: [ntif.exe] C:\WINDOWS\system32\ntif.exe
O4 - HKLM\..\Run: [Ye] C:\documents and settings\tammy\local settings\temp\Ye.exe
O4 - HKLM\..\Run: [k] C:\documents and settings\tammy\local settings\temp\k.exe
O4 - HKLM\..\Run: [ipxt.exe] C:\WINDOWS\system32\ipxt.exe
O4 - HKLM\..\Run: [95a] c:\documents and settings\tammy\local settings\temp\95a.exe
O4 - HKLM\..\Run: [6anEp5pf] c:\documents and settings\tammy\local settings\temp\6anEp5pf.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [G0jw0oV1] C:\documents and settings\tammy\local settings\temp\G0jw0oV1.exe
O4 - HKLM\..\Run: [NIMDMU] C:\WINDOWS\System32\NIMDMU.exe
O4 - HKLM\..\Run: [IVvtU] c:\documents and settings\tammy\local settings\temp\IVvtU.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\DgeT1.exe
O4 - HKLM\..\RunServices: [WindowsUpdatev4] C:\WINDOWS\Downloaded Program Files\svchost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [UMDMXFRM852v.exe] "C:\WINDOWS\System32\UMDMXFRM852v.exe"
O4 - HKCU\..\Run: [dxmrtp552j.exe] "C:\WINDOWS\System32\dxmrtp552j.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\tammy\Application Data\ttuh.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Fmtpgf] C:\WINDOWS\System32\??oolsv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\TWAIN_32\ScanWiz5\SDII.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {18F9FC8F-E625-45A7-BDD1-19A250B03CA4} - (no file) (HKCU)
O9 - Extra button: (no name) - {1FACD8FA-C43A-4C38-94E5-61A76115907E} - (no file) (HKCU)
O9 - Extra button: (no name) - {225182D1-1427-4F3A-BD0D-73315195C046} - (no file) (HKCU)
O9 - Extra button: (no name) - {2F3652D0-1942-40B0-A88C-8315AC780D63} - (no file) (HKCU)
O9 - Extra button: (no name) - {35E9F326-98C9-4DE6-B6BB-0238528B0F33} - (no file) (HKCU)
O9 - Extra button: (no name) - {455A390C-D89B-412D-A7A5-F6A37A74DB88} - (no file) (HKCU)
O9 - Extra button: (no name) - {4674F733-95A1-475D-BC6B-68760977C433} - (no file) (HKCU)
O9 - Extra button: (no name) - {4D5B152D-437A-47EA-B22E-7A3D0CAC7BEA} - (no file) (HKCU)
O9 - Extra button: (no name) - {65DA1652-924B-4407-A8D7-3432251BE186} - (no file) (HKCU)
O9 - Extra button: (no name) - {6F6183FB-B017-4426-84DD-0A753D1A3FF5} - (no file) (HKCU)
O9 - Extra button: (no name) - {7AAC57E0-16AB-4784-86DC-572DEDBF1677} - (no file) (HKCU)
O9 - Extra button: (no name) - {8217ACAD-174E-4674-8342-73DF57F8C4ED} - (no file) (HKCU)
O9 - Extra button: (no name) - {878B9CC9-6D11-44A6-AA7B-AAFD0C629902} - (no file) (HKCU)
O9 - Extra button: (no name) - {8E94248B-FE4C-4863-8A7D-399A5D2C07F1} - (no file) (HKCU)
O9 - Extra button: (no name) - {A7BA448D-80B6-49F7-A40D-180F7A2AAB78} - (no file) (HKCU)
O9 - Extra button: (no name) - {AEC4EC39-79F2-44E5-B35A-25CC892932E0} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O9 - Extra button: (no name) - {F947E203-87F2-4679-87AF-0237F1CB62D4} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gsxiwktp.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/2117540df95926b8c901/netzip/RdxIE.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www105.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/147f4c7047e2f0e19701/netzip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://www.zango.com/GetZango/Download/zangoinstaller.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEE53CD-BF89-4A35-A2AD-AAF74FB4AB71}: NameServer = 208.63.109.9,208.62.221.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BEE53CD-BF89-4A35-A2AD-AAF74FB4AB71}: NameServer = 208.63.109.9,208.62.221.61
Logfile of HijackThis v1.98.2
Scan saved at 11:49:57 PM, on 11/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Q819696Uninst.log:ftyvj
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\AkCTRES9.exe
C:\WINDOWS\system32\atlyl.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\WINDOWS\System32\typlacer.exe
C:\documents and settings\tammy\local settings\temp\G0jw0oV1.exe
C:\WINDOWS\System32\UMDMXFRM852v.exe
C:\WINDOWS\System32\dxmrtp552j.exe
C:\WINDOWS\System32\BIDISPL319g.exe
C:\WINDOWS\System32\wmerrenu931n.exe
C:\Documents and Settings\tammy\Application Data\ttuh.exe
C:\WINDOWS\System32\winupdt.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\??oolsv.exe
C:\WINDOWS\System32\NIMDMU.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\documents and settings\tammy\local settings\temp\IVvtU.exe
C:\WINDOWS\System32\Gpmb0.exe
C:\WINDOWS\System32\Gpmb0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ssxnt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {744061E1-7286-652B-66C7-7738E9296851} - C:\WINDOWS\nttl32.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eEcn4] C:\documents and settings\tammy\local settings\temp\eEcn4.exe
O4 - HKLM\..\Run: [Aqua.exe] C:\WINDOWS\System32\Aqua.exe
O4 - HKLM\..\Run: [lite.exe] C:\WINDOWS\System32\lite.exe
O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [pULbqou] C:\documents and settings\tammy\local settings\temp\pULbqou.exe
O4 - HKLM\..\Run: [IoFLtrq] C:\documents and settings\tammy\local settings\temp\IoFLtrq.exe
O4 - HKLM\..\Run: [tVIV] C:\documents and settings\tammy\local settings\temp\tVIV.exe
O4 - HKLM\..\Run: [149e79f181cf] C:\WINDOWS\System32\AkCTRES9.exe
O4 - HKLM\..\Run: [javaqi32.exe] C:\WINDOWS\system32\javaqi32.exe
O4 - HKLM\..\Run: [VJ6Mft] C:\documents and settings\tammy\local settings\temp\VJ6Mft.exe
O4 - HKLM\..\Run: [addbj32.exe] C:\WINDOWS\system32\addbj32.exe
O4 - HKLM\..\Run: [CU2] C:\documents and settings\tammy\local settings\temp\CU2.exe
O4 - HKLM\..\Run: [4VUW] C:\documents and settings\tammy\local settings\temp\4VUW.exe
O4 - HKLM\..\Run: [winej32.exe] C:\WINDOWS\system32\winej32.exe
O4 - HKLM\..\Run: [hU] C:\documents and settings\tammy\local settings\temp\hU.exe
O4 - HKLM\..\Run: [WxfC] C:\documents and settings\tammy\local settings\temp\WxfC.exe
O4 - HKLM\..\Run: [crfi.exe] C:\WINDOWS\system32\crfi.exe
O4 - HKLM\..\Run: [ntuq32.exe] C:\WINDOWS\system32\ntuq32.exe
O4 - HKLM\..\Run: [ZoBIGz9v] C:\documents and settings\tammy\local settings\temp\ZoBIGz9v.exe
O4 - HKLM\..\Run: [tETzvIY] C:\documents and settings\tammy\local settings\temp\tETzvIY.exe
O4 - HKLM\..\Run: [d3fe.exe] C:\WINDOWS\system32\d3fe.exe
O4 - HKLM\..\Run: [dDHc] C:\documents and settings\tammy\local settings\temp\dDHc.exe
O4 - HKLM\..\Run: [javawe32.exe] C:\WINDOWS\system32\javawe32.exe
O4 - HKLM\..\Run: [addiw32.exe] C:\WINDOWS\system32\addiw32.exe
O4 - HKLM\..\Run: [uJ] C:\documents and settings\tammy\local settings\temp\uJ.exe
O4 - HKLM\..\Run: [frxSE] C:\documents and settings\tammy\local settings\temp\frxSE.exe
O4 - HKLM\..\Run: [ieqx.exe] C:\WINDOWS\system32\ieqx.exe
O4 - HKLM\..\Run: [atlyl.exe] C:\WINDOWS\system32\atlyl.exe
O4 - HKLM\..\Run: [d3ce.exe] C:\WINDOWS\system32\d3ce.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [2NJe] C:\documents and settings\tammy\local settings\temp\2NJe.exe
O4 - HKLM\..\Run: [sXD] C:\documents and settings\tammy\local settings\temp\sXD.exe
O4 - HKLM\..\Run: [crvc.exe] C:\WINDOWS\system32\crvc.exe
O4 - HKLM\..\Run: [G8] C:\documents and settings\tammy\local settings\temp\G8.exe
O4 - HKLM\..\Run: [OP] C:\documents and settings\tammy\local settings\temp\OP.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [kcczqc] C:\WINDOWS\System32\kcczqc.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [CKBl] C:\documents and settings\tammy\local settings\temp\CKBl.exe
O4 - HKLM\..\Run: [fc] C:\documents and settings\tammy\local settings\temp\fc.exe
O4 - HKLM\..\Run: [w7EQ37g] typlacer.exe
O4 - HKLM\..\Run: [ntif.exe] C:\WINDOWS\system32\ntif.exe
O4 - HKLM\..\Run: [Ye] C:\documents and settings\tammy\local settings\temp\Ye.exe
O4 - HKLM\..\Run: [k] C:\documents and settings\tammy\local settings\temp\k.exe
O4 - HKLM\..\Run: [ipxt.exe] C:\WINDOWS\system32\ipxt.exe
O4 - HKLM\..\Run: [95a] c:\documents and settings\tammy\local settings\temp\95a.exe
O4 - HKLM\..\Run: [6anEp5pf] c:\documents and settings\tammy\local settings\temp\6anEp5pf.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [G0jw0oV1] C:\documents and settings\tammy\local settings\temp\G0jw0oV1.exe
O4 - HKLM\..\Run: [NIMDMU] C:\WINDOWS\System32\NIMDMU.exe
O4 - HKLM\..\Run: [IVvtU] c:\documents and settings\tammy\local settings\temp\IVvtU.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\DgeT1.exe
O4 - HKLM\..\RunServices: [WindowsUpdatev4] C:\WINDOWS\Downloaded Program Files\svchost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [UMDMXFRM852v.exe] "C:\WINDOWS\System32\UMDMXFRM852v.exe"
O4 - HKCU\..\Run: [dxmrtp552j.exe] "C:\WINDOWS\System32\dxmrtp552j.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\tammy\Application Data\ttuh.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Fmtpgf] C:\WINDOWS\System32\??oolsv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\TWAIN_32\ScanWiz5\SDII.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {18F9FC8F-E625-45A7-BDD1-19A250B03CA4} - (no file) (HKCU)
O9 - Extra button: (no name) - {1FACD8FA-C43A-4C38-94E5-61A76115907E} - (no file) (HKCU)
O9 - Extra button: (no name) - {225182D1-1427-4F3A-BD0D-73315195C046} - (no file) (HKCU)
O9 - Extra button: (no name) - {2F3652D0-1942-40B0-A88C-8315AC780D63} - (no file) (HKCU)
O9 - Extra button: (no name) - {35E9F326-98C9-4DE6-B6BB-0238528B0F33} - (no file) (HKCU)
O9 - Extra button: (no name) - {455A390C-D89B-412D-A7A5-F6A37A74DB88} - (no file) (HKCU)
O9 - Extra button: (no name) - {4674F733-95A1-475D-BC6B-68760977C433} - (no file) (HKCU)
O9 - Extra button: (no name) - {4D5B152D-437A-47EA-B22E-7A3D0CAC7BEA} - (no file) (HKCU)
O9 - Extra button: (no name) - {65DA1652-924B-4407-A8D7-3432251BE186} - (no file) (HKCU)
O9 - Extra button: (no name) - {6F6183FB-B017-4426-84DD-0A753D1A3FF5} - (no file) (HKCU)
O9 - Extra button: (no name) - {7AAC57E0-16AB-4784-86DC-572DEDBF1677} - (no file) (HKCU)
O9 - Extra button: (no name) - {8217ACAD-174E-4674-8342-73DF57F8C4ED} - (no file) (HKCU)
O9 - Extra button: (no name) - {878B9CC9-6D11-44A6-AA7B-AAFD0C629902} - (no file) (HKCU)
O9 - Extra button: (no name) - {8E94248B-FE4C-4863-8A7D-399A5D2C07F1} - (no file) (HKCU)
O9 - Extra button: (no name) - {A7BA448D-80B6-49F7-A40D-180F7A2AAB78} - (no file) (HKCU)
O9 - Extra button: (no name) - {AEC4EC39-79F2-44E5-B35A-25CC892932E0} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O9 - Extra button: (no name) - {F947E203-87F2-4679-87AF-0237F1CB62D4} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gsxiwktp.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/2117540df95926b8c901/netzip/RdxIE.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www105.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/147f4c7047e2f0e19701/netzip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://www.zango.com/GetZango/Download/zangoinstaller.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEE53CD-BF89-4A35-A2AD-AAF74FB4AB71}: NameServer = 208.63.109.9,208.62.221.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BEE53CD-BF89-4A35-A2AD-AAF74FB4AB71}: NameServer = 208.63.109.9,208.62.221.61
0
Comments
On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "calsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.
Download About:buster from http://www.downloads.subratam.org/AboutBuster.zip and unzip it to your desktop.
Run Adaware when asked. The following is what to do and how to set it up.
1. Download and install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
Click here for instructions on how to boot into safe mode.
Boot up in safe mode.
Run About:buster, click OK, Start, and OK again to start the scan. Let it scan and fix everything it finds.
Still in safe mode, do a full system scan with Adaware. When the scan is finished select *next* & place a check in the boxes to the left of what is found & click *next* again. Let it delete those entries.
Reboot your computer in normal mode. Post another hijackthis log.