help with removeing home search assistant
ive tried to remove it several times with spybot and ad-aware. i was not successful so i searched for "home search assistant" and stumbled across this website. i downloaded the home search assistant removal guide program and i was not able to get rid of it so i came to these forums. i saw many people posting logs from "hijackthis" so i found the program and downloaded and ran it i have a huge log. if you want me to post it i will if someone is willing to help me.
PLEASE help me get rid of home search assistant.
it also dissabled me from AIM, i can not Instant message people useing AIM.
please reply with help and what i should do to get rid of this.
thanks
PLEASE help me get rid of home search assistant.
it also dissabled me from AIM, i can not Instant message people useing AIM.
please reply with help and what i should do to get rid of this.
thanks
0
Comments
Logfile of HijackThis v1.98.2
Scan saved at 8:34:43 PM, on 11/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msmb.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\mfcsz32.exe
C:\WINDOWS\System32\dbjrslc.exe
C:\WINDOWS\Fonts\exppc.exe
C:\WINDOWS\assembly\temp\basmain.exe
C:\WINDOWS\assembly\temp\faxurl.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\repair\pccr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\System32\MgzxCD.exe
C:\WINDOWS\System32\Ere6A.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\3dsmax7\3dsmax.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\AdskCleanup.0001
C:\DOCUME~1\Nick\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.282\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eookw.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eookw.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {72AA7708-1476-67AE-5708-6CAEC456C02F} - C:\WINDOWS\system32\apivx32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MhoL9W3.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\Jvy1Wb1a.exe
O4 - HKLM\..\Run: [mfcsz32.exe] C:\WINDOWS\mfcsz32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [*accab] C:\WINDOWS\Tasks\accab.exe
O4 - HKLM\..\Run: [*cmdlib] C:\WINDOWS\Drivers\cmdlib.exe
O4 - HKLM\..\Run: [*logdb] C:\WINDOWS\Config\logdb.exe
O4 - HKLM\..\Run: [*runms] C:\WINDOWS\Help\mui\040e\runms.exe
O4 - HKLM\..\Run: [*nutftp] C:\WINDOWS\Microsoft.NET\nutftp.exe
O4 - HKLM\..\Run: [*mfcvss] C:\WINDOWS\AppPatch\mfcvss.exe
O4 - HKLM\..\Run: [*infocmd] C:\WINDOWS\Web\infocmd.exe
O4 - HKLM\..\Run: [*unap] C:\WINDOWS\system\unap.exe
O4 - HKLM\..\Run: [*oledb] C:\WINDOWS\Fonts\oledb.exe
O4 - HKLM\..\Run: [*diskinfo] C:\WINDOWS\Drivers\diskinfo.exe
O4 - HKLM\..\Run: [*svcweb] C:\WINDOWS\system32\1028\svcweb.exe
O4 - HKLM\..\Run: [*dvdcr] C:\WINDOWS\inf\dvdcr.exe
O4 - HKLM\..\Run: [*pcw] C:\WINDOWS\Tasks\pcw.exe
O4 - HKLM\..\Run: [*wdvd] C:\WINDOWS\repair\wdvd.exe
O4 - HKLM\..\Run: [*dllbin] C:\WINDOWS\Registration\dllbin.exe
O4 - HKLM\..\Run: [*sutil] C:\WINDOWS\addins\sutil.exe
O4 - HKLM\..\Run: [*tapiac] C:\WINDOWS\security\Database\tapiac.exe
O4 - HKLM\..\Run: [*catdll] C:\WINDOWS\ServicePackFiles\catdll.exe
O4 - HKLM\..\Run: [*eulaxml] C:\WINDOWS\system\eulaxml.exe
O4 - HKLM\..\Run: [nnmmyjw] C:\WINDOWS\System32\dbjrslc.exe
O4 - HKLM\..\Run: [*mfcsrv] C:\WINDOWS\Fonts\mfcsrv.exe
O4 - HKLM\..\Run: [*nuts] C:\WINDOWS\system32\MUI\nuts.exe
O4 - HKLM\..\Run: [*netodbc] C:\WINDOWS\ServicePackFiles\netodbc.exe
O4 - HKLM\..\Run: [*vgaexp] C:\WINDOWS\Config\vgaexp.exe
O4 - HKLM\..\Run: [*msbak] C:\WINDOWS\system32\INETSRV\msbak.exe
O4 - HKLM\..\Run: [*binvga] C:\WINDOWS\Fonts\binvga.exe
O4 - HKLM\..\Run: [*santi] C:\WINDOWS\Drivers\santi.exe
O4 - HKLM\..\Run: [*inetms] C:\WINDOWS\msagent\CHARS\inetms.exe
O4 - HKLM\..\Run: [*msvcfont] C:\WINDOWS\Web\msvcfont.exe
O4 - HKLM\..\Run: [*cabras] C:\WINDOWS\ServicePackFiles\cabras.exe
O4 - HKLM\..\RunOnce: [*cmdlib] C:\WINDOWS\Drivers\cmdlib.exe rerun
O4 - HKLM\..\RunOnce: [*accab] C:\WINDOWS\Tasks\accab.exe rerun
O4 - HKLM\..\RunOnce: [msmb.exe] C:\WINDOWS\system32\msmb.exe
O4 - HKLM\..\RunOnce: [nxqvs] C:\WINDOWS\svcpack.log:nxqvs
O4 - HKLM\..\RunOnce: [*oledb] C:\WINDOWS\Fonts\oledb.exe rerun
O4 - HKLM\..\RunOnce: [*mfcvss] C:\WINDOWS\AppPatch\mfcvss.exe rerun
O4 - HKLM\..\RunOnce: [*netodbc] C:\WINDOWS\ServicePackFiles\netodbc.exe rerun
O4 - HKLM\..\RunOnce: [*binvga] C:\WINDOWS\Fonts\binvga.exe rerun
O4 - HKLM\..\RunOnce: [*santi] C:\WINDOWS\Drivers\santi.exe rerun
O4 - HKLM\..\RunOnce: [*vgaexp] C:\WINDOWS\Config\vgaexp.exe rerun
O4 - HKLM\..\RunOnce: [*inetms] C:\WINDOWS\msagent\CHARS\inetms.exe rerun
O4 - HKLM\..\RunOnce: [*msvcfont] C:\WINDOWS\Web\msvcfont.exe rerun
O4 - HKLM\..\RunOnce: [*logdb] C:\WINDOWS\Config\logdb.exe rerun
O4 - HKLM\..\RunOnce: [*sutil] C:\WINDOWS\addins\sutil.exe rerun
O4 - HKLM\..\RunOnce: [*nutftp] C:\WINDOWS\Microsoft.NET\nutftp.exe rerun
O4 - HKLM\..\RunOnce: [*cabras] C:\WINDOWS\ServicePackFiles\cabras.exe rerun
O4 - HKLM\..\RunOnce: [*eulaxml] C:\WINDOWS\system\eulaxml.exe rerun
O4 - HKLM\..\RunOnce: [*pcw] C:\WINDOWS\Tasks\pcw.exe rerun
O4 - HKLM\..\RunOnce: [*dllbin] C:\WINDOWS\Registration\dllbin.exe rerun
O4 - HKLM\..\RunOnce: [*mfcsrv] C:\WINDOWS\Fonts\mfcsrv.exe rerun
O4 - HKLM\..\RunOnce: [*svcweb] C:\WINDOWS\system32\1028\svcweb.exe rerun
O4 - HKLM\..\RunOnce: [*runms] C:\WINDOWS\Help\mui\040e\runms.exe rerun
O4 - HKLM\..\RunOnce: [*diskinfo] C:\WINDOWS\Drivers\diskinfo.exe rerun
O4 - HKLM\..\RunOnce: [*catdll] C:\WINDOWS\ServicePackFiles\catdll.exe rerun
O4 - HKLM\..\RunOnce: [*wdvd] C:\WINDOWS\repair\wdvd.exe rerun
O4 - HKLM\..\RunOnce: [*dvdcr] C:\WINDOWS\inf\dvdcr.exe rerun
O4 - HKLM\..\RunOnce: [*infocmd] C:\WINDOWS\Web\infocmd.exe rerun
O4 - HKLM\..\RunOnce: [*nuts] C:\WINDOWS\system32\MUI\nuts.exe rerun
O4 - HKLM\..\RunOnce: [*tapiac] C:\WINDOWS\security\Database\tapiac.exe rerun
O4 - HKLM\..\RunOnce: [*unap] C:\WINDOWS\system\unap.exe rerun
O4 - HKLM\..\RunOnce: [*msbak] C:\WINDOWS\system32\INETSRV\msbak.exe rerun
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\repair\pccr.exe ren time:1100403844
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {49DEC3C0-C71A-11D4-BA38-000102621B9B} - http://www.cursorskins.com/lib/cursorskins1/MouseMagicCS.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4308/mcfscan.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\Jvy1Wb1a.exe
O4 - HKLM\..\Run: [mfcsz32.exe] C:\WINDOWS\mfcsz32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [*accab] C:\WINDOWS\Tasks\accab.exe
O4 - HKLM\..\Run: [*cmdlib] C:\WINDOWS\Drivers\cmdlib.exe
O4 - HKLM\..\Run: [*logdb] C:\WINDOWS\Config\logdb.exe
O4 - HKLM\..\Run: [*runms] C:\WINDOWS\Help\mui\040e\runms.exe
O4 - HKLM\..\Run: [*nutftp] C:\WINDOWS\Microsoft.NET\nutftp.exe
O4 - HKLM\..\Run: [*mfcvss] C:\WINDOWS\AppPatch\mfcvss.exe
O4 - HKLM\..\Run: [*infocmd] C:\WINDOWS\Web\infocmd.exe
O4 - HKLM\..\Run: [*unap] C:\WINDOWS\system\unap.exe
O4 - HKLM\..\Run: [*oledb] C:\WINDOWS\Fonts\oledb.exe
O4 - HKLM\..\Run: [*diskinfo] C:\WINDOWS\Drivers\diskinfo.exe
O4 - HKLM\..\Run: [*svcweb] C:\WINDOWS\system32\1028\svcweb.exe
O4 - HKLM\..\Run: [*dvdcr] C:\WINDOWS\inf\dvdcr.exe
O4 - HKLM\..\Run: [*pcw] C:\WINDOWS\Tasks\pcw.exe
O4 - HKLM\..\Run: [*wdvd] C:\WINDOWS\repair\wdvd.exe
O4 - HKLM\..\Run: [*dllbin] C:\WINDOWS\Registration\dllbin.exe
O4 - HKLM\..\Run: [*sutil] C:\WINDOWS\addins\sutil.exe
O4 - HKLM\..\Run: [*tapiac] C:\WINDOWS\security\Database\tapiac.exe
O4 - HKLM\..\Run: [*catdll] C:\WINDOWS\ServicePackFiles\catdll.exe
O4 - HKLM\..\Run: [*eulaxml] C:\WINDOWS\system\eulaxml.exe
O4 - HKLM\..\Run: [nnmmyjw] C:\WINDOWS\System32\dbjrslc.exe
O4 - HKLM\..\Run: [*mfcsrv] C:\WINDOWS\Fonts\mfcsrv.exe
O4 - HKLM\..\Run: [*nuts] C:\WINDOWS\system32\MUI\nuts.exe
O4 - HKLM\..\Run: [*netodbc] C:\WINDOWS\ServicePackFiles\netodbc.exe
O4 - HKLM\..\Run: [*vgaexp] C:\WINDOWS\Config\vgaexp.exe
O4 - HKLM\..\Run: [*msbak] C:\WINDOWS\system32\INETSRV\msbak.exe
O4 - HKLM\..\Run: [*binvga] C:\WINDOWS\Fonts\binvga.exe
O4 - HKLM\..\Run: [*santi] C:\WINDOWS\Drivers\santi.exe
O4 - HKLM\..\Run: [*inetms] C:\WINDOWS\msagent\CHARS\inetms.exe
O4 - HKLM\..\Run: [*msvcfont] C:\WINDOWS\Web\msvcfont.exe
O4 - HKLM\..\Run: [*cabras] C:\WINDOWS\ServicePackFiles\cabras.exe
O4 - HKLM\..\RunOnce: [*cmdlib] C:\WINDOWS\Drivers\cmdlib.exe rerun
O4 - HKLM\..\RunOnce: [*accab] C:\WINDOWS\Tasks\accab.exe rerun
O4 - HKLM\..\RunOnce: [msmb.exe] C:\WINDOWS\system32\msmb.exe
O4 - HKLM\..\RunOnce: [nxqvs] C:\WINDOWS\svcpack.log:nxqvs
O4 - HKLM\..\RunOnce: [*oledb] C:\WINDOWS\Fonts\oledb.exe rerun
O4 - HKLM\..\RunOnce: [*mfcvss] C:\WINDOWS\AppPatch\mfcvss.exe rerun
O4 - HKLM\..\RunOnce: [*netodbc] C:\WINDOWS\ServicePackFiles\netodbc.exe rerun
O4 - HKLM\..\RunOnce: [*binvga] C:\WINDOWS\Fonts\binvga.exe rerun
O4 - HKLM\..\RunOnce: [*santi] C:\WINDOWS\Drivers\santi.exe rerun
O4 - HKLM\..\RunOnce: [*vgaexp] C:\WINDOWS\Config\vgaexp.exe rerun
O4 - HKLM\..\RunOnce: [*inetms] C:\WINDOWS\msagent\CHARS\inetms.exe rerun
O4 - HKLM\..\RunOnce: [*msvcfont] C:\WINDOWS\Web\msvcfont.exe rerun
O4 - HKLM\..\RunOnce: [*logdb] C:\WINDOWS\Config\logdb.exe rerun
O4 - HKLM\..\RunOnce: [*sutil] C:\WINDOWS\addins\sutil.exe rerun
O4 - HKLM\..\RunOnce: [*nutftp] C:\WINDOWS\Microsoft.NET\nutftp.exe rerun
O4 - HKLM\..\RunOnce: [*cabras] C:\WINDOWS\ServicePackFiles\cabras.exe rerun
O4 - HKLM\..\RunOnce: [*eulaxml] C:\WINDOWS\system\eulaxml.exe rerun
O4 - HKLM\..\RunOnce: [*pcw] C:\WINDOWS\Tasks\pcw.exe rerun
O4 - HKLM\..\RunOnce: [*dllbin] C:\WINDOWS\Registration\dllbin.exe rerun
O4 - HKLM\..\RunOnce: [*mfcsrv] C:\WINDOWS\Fonts\mfcsrv.exe rerun
O4 - HKLM\..\RunOnce: [*svcweb] C:\WINDOWS\system32\1028\svcweb.exe rerun
O4 - HKLM\..\RunOnce: [*runms] C:\WINDOWS\Help\mui\040e\runms.exe rerun
O4 - HKLM\..\RunOnce: [*diskinfo] C:\WINDOWS\Drivers\diskinfo.exe rerun
O4 - HKLM\..\RunOnce: [*catdll] C:\WINDOWS\ServicePackFiles\catdll.exe rerun
O4 - HKLM\..\RunOnce: [*wdvd] C:\WINDOWS\repair\wdvd.exe rerun
O4 - HKLM\..\RunOnce: [*dvdcr] C:\WINDOWS\inf\dvdcr.exe rerun
O4 - HKLM\..\RunOnce: [*infocmd] C:\WINDOWS\Web\infocmd.exe rerun
O4 - HKLM\..\RunOnce: [*nuts] C:\WINDOWS\system32\MUI\nuts.exe rerun
O4 - HKLM\..\RunOnce: [*tapiac] C:\WINDOWS\security\Database\tapiac.exe rerun
O4 - HKLM\..\RunOnce: [*unap] C:\WINDOWS\system\unap.exe rerun
O4 - HKLM\..\RunOnce: [*msbak] C:\WINDOWS\system32\INETSRV\msbak.exe rerun
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\repair\pccr.exe ren time:1100403844
Fix those entries then find and delete the files listed above, reboot and post a new log.
After this, do not reboot normally or use Internet Explorer (use Mozilla or Firefox instead) until I say your log is okay.
how do you want me to reboot?
and i dont have firefox or mozilla (i dont think)
thanks for your help so far
want me to post the new log?
and then you want me to search and find the problems you listed and delete them?
sry if this is repetitive its just i dont want to delete something that i need
now what? do you want me to post my new log?
thanks for your help so far
edit: o yeah when i saw the "filename" rerun i assumed it was the same file as the ones above it
Logfile of HijackThis v1.98.2
Scan saved at 8:44:07 PM, on 11/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msmb.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\apizw32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Lnpf7L.exe
C:\WINDOWS\System32\Lnpf7L.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eookw.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eookw.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {72AA7708-1476-67AE-5708-6CAEC456C02F} - C:\WINDOWS\system32\apivx32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MhoL9W3.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\Jvy1Wb1a.exe
O4 - HKLM\..\Run: [apizw32.exe] C:\WINDOWS\apizw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {49DEC3C0-C71A-11D4-BA38-000102621B9B} - http://www.cursorskins.com/lib/cursorskins1/MouseMagicCS.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4308/mcfscan.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eookw.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eookw.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eookw.dll/sp.html#31693
O2 - BHO: (no name) - {72AA7708-1476-67AE-5708-6CAEC456C02F} - C:\WINDOWS\system32\apivx32.dll
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MhoL9W3.exe
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\Jvy1Wb1a.exe
O4 - HKLM\..\Run: [apizw32.exe] C:\WINDOWS\apizw32.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
Fix those entries then find and delete the following files:
C:\WINDOWS\eookw.dll
C:\WINDOWS\system32\apivx32.dll
C:\WINDOWS\System32\MhoL9W3.exe
C:\WINDOWS\System32\Jvy1Wb1a.exe
C:\WINDOWS\apizw32.exe
C:\Program Files\Web_Rebates\
C:\WINDOWS\System32\maxspeed.exe
C:\WINDOWS\System32\Lnpf7L.exe
C:\WINDOWS\system32\msmb.exe
Then pull the plug and post a new log.
C:\WINDOWS\eookw.dll
C:\WINDOWS\system32\apivx32.dll
C:\WINDOWS\System32\MhoL9W3.exe
C:\WINDOWS\System32\Jvy1Wb1a.exe
C:\WINDOWS\apizw32.exe
C:\WINDOWS\System32\Lnpf7L.exe
C:\WINDOWS\system32\msmb.exe
ok here is the new log
Logfile of HijackThis v1.98.2
Scan saved at 9:23:59 PM, on 11/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msmb.exe
C:\WINDOWS\System32\MgzxCD.exe
C:\WINDOWS\System32\MgzxCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\apizw32.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D53BE37F-3A2E-270B-1A0A-66FD4B4BEE2F} - C:\WINDOWS\syseu32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\HotEkc.exe
O4 - HKLM\..\Run: [apizw32.exe] C:\WINDOWS\apizw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {49DEC3C0-C71A-11D4-BA38-000102621B9B} - http://www.cursorskins.com/lib/cursorskins1/MouseMagicCS.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4308/mcfscan.cab
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\HotEkc.exe
O4 - HKLM\..\Run: [apizw32.exe] C:\WINDOWS\apizw32.exe
Fix those entries then find and delete the following files:
C:\WINDOWS\syseu32.dll
C:\WINDOWS\System32\HotEkc.exe
C:\WINDOWS\apizw32.exe
C:\WINDOWS\System32\MgzxCD.exe
C:\WINDOWS\system32\msmb.exe
Then pull the plug and post a new log.
C:\WINDOWS\syseu32.dll
i couldnt find these files
C:\WINDOWS\System32\HotEkc.exe
C:\WINDOWS\System32\MgzxCD.exe
C:\WINDOWS\system32\msmb.exe
anyway i will pulled the plug and here is my new log
Logfile of HijackThis v1.98.2
Scan saved at 5:59:41 PM, on 11/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msmb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\apizw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Lnpf7L.exe
C:\WINDOWS\System32\Dsu6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.532\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\imgam.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imgam.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\imgam.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\imgam.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imgam.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\imgam.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\imgam.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {6BA6773B-A8AF-70D0-7147-7C6CE7CCFF4C} - C:\WINDOWS\system32\sysyn32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\HotEkc.exe
O4 - HKLM\..\Run: [apizw32.exe] C:\WINDOWS\apizw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {49DEC3C0-C71A-11D4-BA38-000102621B9B} - http://www.cursorskins.com/lib/cursorskins1/MouseMagicCS.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4308/mcfscan.cab
thanks for your help so far
here is new log
Logfile of HijackThis v1.98.2
Scan saved at 7:10:26 PM, on 11/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msmb.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\apizw32.exe
C:\PROGRA~1\VBouncer\VirtualBouncer.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Mml180.exe
C:\WINDOWS\System32\Lnpf7L.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\szlgv.dll/sp.html#31693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B770CE58-9D47-3956-346F-9E4E08B3366B} - C:\WINDOWS\system32\ntet.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [4ZPCLRM5WSBQX6] C:\WINDOWS\System32\Bsbj0i6.exe
O4 - HKLM\..\Run: [apizw32.exe] C:\WINDOWS\apizw32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {49DEC3C0-C71A-11D4-BA38-000102621B9B} - http://www.cursorskins.com/lib/cursorskins1/MouseMagicCS.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4308/mcfscan.cab