Options
Errorplace is driving me crazy!
I have been trying to rid my PC of errorpalce .com for days. I have run many spyware programs with no luck.
My Hijack this log follows:
Logfile of HijackThis v1.97.7
Scan saved at 12:08:48 PM, on 11/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\mmups.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\prrtect.exe
C:\WINDOWS\system32\prrtect.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {BD1D26FD-D997-4F40-BC29-0BCF0C0CF718} - C:\WINDOWS\dixtu.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cheryl Dohn\Local Settings\Temp\BZ.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: (no name) - {952EC978-4920-4F18-8237-91D69B54C580} - (no file)
O3 - Toolbar: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [lmhhv] C:\WINDOWS\reqtlhb.exe
O4 - HKLM\..\Run: [hwc] C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dfaeqfv] C:\WINDOWS\tardie.exe
O4 - HKLM\..\Run: [yexfazw] C:\WINDOWS\pjxo.exe
O4 - HKLM\..\Run: [pqurjy] C:\WINDOWS\jhlcrnnua.exe
O4 - HKLM\..\Run: [dsctss] C:\WINDOWS\ovnwi.exe
O4 - HKLM\..\Run: [zcbiqwto] C:\WINDOWS\wiqms.exe
O4 - HKLM\..\Run: [jjiuz] C:\WINDOWS\lbdbug.exe
O4 - HKLM\..\Run: [szlddfkn] C:\WINDOWS\mowwcvwv.exe
O4 - HKLM\..\Run: [qeypuh] C:\WINDOWS\pndyn.exe
O4 - HKLM\..\Run: [qxfgngj] C:\WINDOWS\suktd.exe
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [takst] C:\WINDOWS\yzeo.exe
O4 - HKLM\..\Run: [wohvc] C:\WINDOWS\lvso.exe
O4 - HKLM\..\Run: [ubuofneho] C:\WINDOWS\ssvaplp.exe
O4 - HKLM\..\Run: [vlxh] C:\WINDOWS\kgmdcon.exe
O4 - HKLM\..\Run: [eihkoqfl] C:\WINDOWS\miiluv.exe
O4 - HKLM\..\Run: [fhhml] C:\WINDOWS\qqztyeiw.exe
O4 - HKLM\..\Run: [brpbywv] C:\WINDOWS\caossqs.exe
O4 - HKLM\..\Run: [upygbiocj] C:\WINDOWS\wqbdwa.exe
O4 - HKLM\..\Run: [oonp] C:\WINDOWS\fmtlpuuo.exe
O4 - HKLM\..\Run: [XPL46Qn3] C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
O4 - HKLM\..\Run: [vqmzqtvg] C:\WINDOWS\ryteeoqm.exe
O4 - HKLM\..\Run: [jobcjaj] C:\WINDOWS\yhen.exe
O4 - HKLM\..\Run: [gijah] C:\WINDOWS\yzfjih.exe
O4 - HKLM\..\Run: [vmelbn] C:\WINDOWS\wuafr.exe
O4 - HKLM\..\Run: [drjccgk] C:\WINDOWS\xbwhmv.exe
O4 - HKLM\..\Run: [fqghncgt] C:\WINDOWS\padfqvf.exe
O4 - HKLM\..\Run: [wgdkvj] C:\WINDOWS\kksp.exe
O4 - HKLM\..\Run: [ooolcqed] C:\WINDOWS\flvfhrfi.exe
O4 - HKLM\..\Run: [zlwob] C:\WINDOWS\fyuvy.exe
O4 - HKLM\..\Run: [dbwcs] C:\WINDOWS\esvvu.exe
O4 - HKLM\..\Run: [vanl] C:\WINDOWS\jytkbfx.exe
O4 - HKLM\..\Run: [dpmobpfh] C:\WINDOWS\qmtgtqi.exe
O4 - HKLM\..\Run: [sjwb] C:\WINDOWS\cwjgn.exe
O4 - HKLM\..\Run: [tnslou] C:\WINDOWS\xdpo.exe
O4 - HKLM\..\Run: [pujg] C:\WINDOWS\gqlvj.exe
O4 - HKLM\..\Run: [keznphrn] C:\WINDOWS\mdqjie.exe
O4 - HKLM\..\Run: [qpdos] C:\WINDOWS\fgedwzeoo.exe
O4 - HKLM\..\Run: [xlbkxuiz] C:\WINDOWS\mhoktkr.exe
O4 - HKLM\..\Run: [qvfx] C:\WINDOWS\cyvrrfp.exe
O4 - HKLM\..\Run: [ruiqab] C:\WINDOWS\bdjckad.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [prrtect] C:\WINDOWS\system32\prrtect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Anquiro Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Anquiro Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
Can You Help ?
Thanks
My Hijack this log follows:
Logfile of HijackThis v1.97.7
Scan saved at 12:08:48 PM, on 11/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\mmups.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\prrtect.exe
C:\WINDOWS\system32\prrtect.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {BD1D26FD-D997-4F40-BC29-0BCF0C0CF718} - C:\WINDOWS\dixtu.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cheryl Dohn\Local Settings\Temp\BZ.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: (no name) - {952EC978-4920-4F18-8237-91D69B54C580} - (no file)
O3 - Toolbar: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [lmhhv] C:\WINDOWS\reqtlhb.exe
O4 - HKLM\..\Run: [hwc] C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dfaeqfv] C:\WINDOWS\tardie.exe
O4 - HKLM\..\Run: [yexfazw] C:\WINDOWS\pjxo.exe
O4 - HKLM\..\Run: [pqurjy] C:\WINDOWS\jhlcrnnua.exe
O4 - HKLM\..\Run: [dsctss] C:\WINDOWS\ovnwi.exe
O4 - HKLM\..\Run: [zcbiqwto] C:\WINDOWS\wiqms.exe
O4 - HKLM\..\Run: [jjiuz] C:\WINDOWS\lbdbug.exe
O4 - HKLM\..\Run: [szlddfkn] C:\WINDOWS\mowwcvwv.exe
O4 - HKLM\..\Run: [qeypuh] C:\WINDOWS\pndyn.exe
O4 - HKLM\..\Run: [qxfgngj] C:\WINDOWS\suktd.exe
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [takst] C:\WINDOWS\yzeo.exe
O4 - HKLM\..\Run: [wohvc] C:\WINDOWS\lvso.exe
O4 - HKLM\..\Run: [ubuofneho] C:\WINDOWS\ssvaplp.exe
O4 - HKLM\..\Run: [vlxh] C:\WINDOWS\kgmdcon.exe
O4 - HKLM\..\Run: [eihkoqfl] C:\WINDOWS\miiluv.exe
O4 - HKLM\..\Run: [fhhml] C:\WINDOWS\qqztyeiw.exe
O4 - HKLM\..\Run: [brpbywv] C:\WINDOWS\caossqs.exe
O4 - HKLM\..\Run: [upygbiocj] C:\WINDOWS\wqbdwa.exe
O4 - HKLM\..\Run: [oonp] C:\WINDOWS\fmtlpuuo.exe
O4 - HKLM\..\Run: [XPL46Qn3] C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
O4 - HKLM\..\Run: [vqmzqtvg] C:\WINDOWS\ryteeoqm.exe
O4 - HKLM\..\Run: [jobcjaj] C:\WINDOWS\yhen.exe
O4 - HKLM\..\Run: [gijah] C:\WINDOWS\yzfjih.exe
O4 - HKLM\..\Run: [vmelbn] C:\WINDOWS\wuafr.exe
O4 - HKLM\..\Run: [drjccgk] C:\WINDOWS\xbwhmv.exe
O4 - HKLM\..\Run: [fqghncgt] C:\WINDOWS\padfqvf.exe
O4 - HKLM\..\Run: [wgdkvj] C:\WINDOWS\kksp.exe
O4 - HKLM\..\Run: [ooolcqed] C:\WINDOWS\flvfhrfi.exe
O4 - HKLM\..\Run: [zlwob] C:\WINDOWS\fyuvy.exe
O4 - HKLM\..\Run: [dbwcs] C:\WINDOWS\esvvu.exe
O4 - HKLM\..\Run: [vanl] C:\WINDOWS\jytkbfx.exe
O4 - HKLM\..\Run: [dpmobpfh] C:\WINDOWS\qmtgtqi.exe
O4 - HKLM\..\Run: [sjwb] C:\WINDOWS\cwjgn.exe
O4 - HKLM\..\Run: [tnslou] C:\WINDOWS\xdpo.exe
O4 - HKLM\..\Run: [pujg] C:\WINDOWS\gqlvj.exe
O4 - HKLM\..\Run: [keznphrn] C:\WINDOWS\mdqjie.exe
O4 - HKLM\..\Run: [qpdos] C:\WINDOWS\fgedwzeoo.exe
O4 - HKLM\..\Run: [xlbkxuiz] C:\WINDOWS\mhoktkr.exe
O4 - HKLM\..\Run: [qvfx] C:\WINDOWS\cyvrrfp.exe
O4 - HKLM\..\Run: [ruiqab] C:\WINDOWS\bdjckad.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [prrtect] C:\WINDOWS\system32\prrtect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Anquiro Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Anquiro Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
Can You Help ?
Thanks
0
Comments
Logfile of HijackThis v1.98.2
Scan saved at 12:45:47 PM, on 11/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\mmups.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\prrtect.exe
C:\WINDOWS\system32\prrtect.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\msmoney.exe
C:\Program Files\HijackThis.exe
C:\DOCUME~1\CHERYL~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {BD1D26FD-D997-4F40-BC29-0BCF0C0CF718} - C:\WINDOWS\dixtu.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cheryl Dohn\Local Settings\Temp\BZ.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: (no name) - {952EC978-4920-4F18-8237-91D69B54C580} - (no file)
O3 - Toolbar: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [lmhhv] C:\WINDOWS\reqtlhb.exe
O4 - HKLM\..\Run: [hwc] C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dfaeqfv] C:\WINDOWS\tardie.exe
O4 - HKLM\..\Run: [yexfazw] C:\WINDOWS\pjxo.exe
O4 - HKLM\..\Run: [pqurjy] C:\WINDOWS\jhlcrnnua.exe
O4 - HKLM\..\Run: [dsctss] C:\WINDOWS\ovnwi.exe
O4 - HKLM\..\Run: [zcbiqwto] C:\WINDOWS\wiqms.exe
O4 - HKLM\..\Run: [jjiuz] C:\WINDOWS\lbdbug.exe
O4 - HKLM\..\Run: [szlddfkn] C:\WINDOWS\mowwcvwv.exe
O4 - HKLM\..\Run: [qeypuh] C:\WINDOWS\pndyn.exe
O4 - HKLM\..\Run: [qxfgngj] C:\WINDOWS\suktd.exe
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [takst] C:\WINDOWS\yzeo.exe
O4 - HKLM\..\Run: [wohvc] C:\WINDOWS\lvso.exe
O4 - HKLM\..\Run: [ubuofneho] C:\WINDOWS\ssvaplp.exe
O4 - HKLM\..\Run: [vlxh] C:\WINDOWS\kgmdcon.exe
O4 - HKLM\..\Run: [eihkoqfl] C:\WINDOWS\miiluv.exe
O4 - HKLM\..\Run: [fhhml] C:\WINDOWS\qqztyeiw.exe
O4 - HKLM\..\Run: [brpbywv] C:\WINDOWS\caossqs.exe
O4 - HKLM\..\Run: [upygbiocj] C:\WINDOWS\wqbdwa.exe
O4 - HKLM\..\Run: [oonp] C:\WINDOWS\fmtlpuuo.exe
O4 - HKLM\..\Run: [XPL46Qn3] C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
O4 - HKLM\..\Run: [vqmzqtvg] C:\WINDOWS\ryteeoqm.exe
O4 - HKLM\..\Run: [jobcjaj] C:\WINDOWS\yhen.exe
O4 - HKLM\..\Run: [gijah] C:\WINDOWS\yzfjih.exe
O4 - HKLM\..\Run: [vmelbn] C:\WINDOWS\wuafr.exe
O4 - HKLM\..\Run: [drjccgk] C:\WINDOWS\xbwhmv.exe
O4 - HKLM\..\Run: [fqghncgt] C:\WINDOWS\padfqvf.exe
O4 - HKLM\..\Run: [wgdkvj] C:\WINDOWS\kksp.exe
O4 - HKLM\..\Run: [ooolcqed] C:\WINDOWS\flvfhrfi.exe
O4 - HKLM\..\Run: [zlwob] C:\WINDOWS\fyuvy.exe
O4 - HKLM\..\Run: [dbwcs] C:\WINDOWS\esvvu.exe
O4 - HKLM\..\Run: [vanl] C:\WINDOWS\jytkbfx.exe
O4 - HKLM\..\Run: [dpmobpfh] C:\WINDOWS\qmtgtqi.exe
O4 - HKLM\..\Run: [sjwb] C:\WINDOWS\cwjgn.exe
O4 - HKLM\..\Run: [tnslou] C:\WINDOWS\xdpo.exe
O4 - HKLM\..\Run: [pujg] C:\WINDOWS\gqlvj.exe
O4 - HKLM\..\Run: [keznphrn] C:\WINDOWS\mdqjie.exe
O4 - HKLM\..\Run: [qpdos] C:\WINDOWS\fgedwzeoo.exe
O4 - HKLM\..\Run: [xlbkxuiz] C:\WINDOWS\mhoktkr.exe
O4 - HKLM\..\Run: [qvfx] C:\WINDOWS\cyvrrfp.exe
O4 - HKLM\..\Run: [ruiqab] C:\WINDOWS\bdjckad.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [prrtect] C:\WINDOWS\system32\prrtect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O9 - Extra 'Tools' menuitem: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O2 - BHO: jimmyhelp.CBrowserHelper - {BD1D26FD-D997-4F40-BC29-0BCF0C0CF718} - C:\WINDOWS\dixtu.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cheryl Dohn\Local Settings\Temp\BZ.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {952EC978-4920-4F18-8237-91D69B54C580} - (no file)
O3 - Toolbar: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O4 - HKLM\..\Run: [lmhhv] C:\WINDOWS\reqtlhb.exe
O4 - HKLM\..\Run: [hwc] C:\documents and settings\amanda dohn\local settings\temp\hwc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dfaeqfv] C:\WINDOWS\tardie.exe
O4 - HKLM\..\Run: [yexfazw] C:\WINDOWS\pjxo.exe
O4 - HKLM\..\Run: [pqurjy] C:\WINDOWS\jhlcrnnua.exe
O4 - HKLM\..\Run: [dsctss] C:\WINDOWS\ovnwi.exe
O4 - HKLM\..\Run: [zcbiqwto] C:\WINDOWS\wiqms.exe
O4 - HKLM\..\Run: [jjiuz] C:\WINDOWS\lbdbug.exe
O4 - HKLM\..\Run: [szlddfkn] C:\WINDOWS\mowwcvwv.exe
O4 - HKLM\..\Run: [qeypuh] C:\WINDOWS\pndyn.exe
O4 - HKLM\..\Run: [qxfgngj] C:\WINDOWS\suktd.exe
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [takst] C:\WINDOWS\yzeo.exe
O4 - HKLM\..\Run: [wohvc] C:\WINDOWS\lvso.exe
O4 - HKLM\..\Run: [ubuofneho] C:\WINDOWS\ssvaplp.exe
O4 - HKLM\..\Run: [vlxh] C:\WINDOWS\kgmdcon.exe
O4 - HKLM\..\Run: [eihkoqfl] C:\WINDOWS\miiluv.exe
O4 - HKLM\..\Run: [fhhml] C:\WINDOWS\qqztyeiw.exe
O4 - HKLM\..\Run: [brpbywv] C:\WINDOWS\caossqs.exe
O4 - HKLM\..\Run: [upygbiocj] C:\WINDOWS\wqbdwa.exe
O4 - HKLM\..\Run: [oonp] C:\WINDOWS\fmtlpuuo.exe
O4 - HKLM\..\Run: [XPL46Qn3] C:\documents and settings\cheryl dohn\local settings\temp\XPL46Qn3.exe
O4 - HKLM\..\Run: [vqmzqtvg] C:\WINDOWS\ryteeoqm.exe
O4 - HKLM\..\Run: [jobcjaj] C:\WINDOWS\yhen.exe
O4 - HKLM\..\Run: [gijah] C:\WINDOWS\yzfjih.exe
O4 - HKLM\..\Run: [vmelbn] C:\WINDOWS\wuafr.exe
O4 - HKLM\..\Run: [drjccgk] C:\WINDOWS\xbwhmv.exe
O4 - HKLM\..\Run: [fqghncgt] C:\WINDOWS\padfqvf.exe
O4 - HKLM\..\Run: [wgdkvj] C:\WINDOWS\kksp.exe
O4 - HKLM\..\Run: [ooolcqed] C:\WINDOWS\flvfhrfi.exe
O4 - HKLM\..\Run: [zlwob] C:\WINDOWS\fyuvy.exe
O4 - HKLM\..\Run: [dbwcs] C:\WINDOWS\esvvu.exe
O4 - HKLM\..\Run: [vanl] C:\WINDOWS\jytkbfx.exe
O4 - HKLM\..\Run: [dpmobpfh] C:\WINDOWS\qmtgtqi.exe
O4 - HKLM\..\Run: [sjwb] C:\WINDOWS\cwjgn.exe
O4 - HKLM\..\Run: [tnslou] C:\WINDOWS\xdpo.exe
O4 - HKLM\..\Run: [pujg] C:\WINDOWS\gqlvj.exe
O4 - HKLM\..\Run: [keznphrn] C:\WINDOWS\mdqjie.exe
O4 - HKLM\..\Run: [qpdos] C:\WINDOWS\fgedwzeoo.exe
O4 - HKLM\..\Run: [xlbkxuiz] C:\WINDOWS\mhoktkr.exe
O4 - HKLM\..\Run: [qvfx] C:\WINDOWS\cyvrrfp.exe
O4 - HKLM\..\Run: [ruiqab] C:\WINDOWS\bdjckad.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O9 - Extra button: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
O9 - Extra 'Tools' menuitem: Anquiro Toolbar - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - C:\Program Files\aniquro\anquiro.dll (file missing)
Fix those entries then find and delete the files listed above, reboot and post a new log.
I made the suggested corrections and it seems to have worked!
New HijackThis log as follows:
Logfile of HijackThis v1.98.2
Scan saved at 7:51:07 PM, on 11/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\prrtect.exe
C:\WINDOWS\system32\prrtect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\CHERYL~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [prrtect] C:\WINDOWS\system32\prrtect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{045E9D44-075F-4116-AACD-08703D042501}: NameServer = 192.168.0.1,4.2.2.2
O4 - HKCU\..\Run: [prrtect] C:\WINDOWS\system32\prrtect.exe
FIx that entry then find and delete prrtect.exe, boot back into normal mode and post a new log.