Dos screen virus (idiot needs help ^^:)
I'm afraid i've been running my comp for about two years straight and only been able to do negligable antivirus and spyware stuff (untill recently i been under the pretenses that most of the freeware programs out there were glitched, turned out recently that i actually was running several art programs that aren't nixed out on their list of things to ingore and thats why the removal programs usually tried to eat them.) Anyway >> yeah kidna stupid of me but i;m currently tryign to set thigns up so i;m more protected ^_^: and my mother pointed me to this site when i ended up finally getting hit by a rather annoying and possibly(?) severe virus recently. The symptoms so far are a black dos like window popping up about six at a time and running a bunch of stuff in the windows and also seem to be immune to the four spyware removal programs and such on the site that were mentioned (adaware, spybot, etc). Anyway i seen what great jobs and advice the people on the forums have been able to give so was hoping that perhaps someone from this site could help. i'd be pretty grateful ^^.
Here's the log after several attempts at removing, believe theres another visible virus running too thats doing internet redirects though it might be linked to the main one >> (believe its the home search virus but not entireyl sure, tried the program designed to destroy it but it still keeps popping back up). I also appolgize for any other virus data you have to wade thorugh or weird program file names from my art programs >>'''
Logfile of HijackThis v1.99.0
Scan saved at 10:12:26 PM, on 2/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\VPCMPRTL3.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\syntor.exe
C:\WINDOWS\SPs-sySP.exe
C:\WINDOWS\syPE64nt.exe
C:\WINDOWS\system32\oror.exe
C:\WINDOWS\system32\PE32SP64PE.exe
C:\WINDOWS\system32\32hhor.exe
C:\WINDOWS\system32\64s-64ornt.exe
C:\WINDOWS\system32\nt64ntPEs-.exe
C:\WINDOWS\system32\SPSPms.exe
C:\WINDOWS\system32\SPntntPEor.exe
C:\WINDOWS\s-s-3264ms.exe
C:\WINDOWS\system32\s-hh.exe
C:\WINDOWS\system32\wuclient.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\virus gear\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [8D3265EB] C:\WINDOWS\system32\VPCMPRTL3.exe
O4 - HKLM\..\Run: [8C09ADF6] C:\WINDOWS\system32\TIFMSATT.exe
O4 - HKLM\..\Run: [EE0C4A5E] C:\WINDOWS\system32\DMIPURP.exe
O4 - HKLM\..\Run: [A4211C76] C:\WINDOWS\system32\LDCAP3srv.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msmshhms64] C:\WINDOWS\msmshhms64.exe
O4 - HKCU\..\Run: [64s-] C:\WINDOWS\system32\64s-.exe
O4 - HKCU\..\Run: [mshhms] C:\WINDOWS\mshhms.exe
O4 - HKCU\..\Run: [spywareguardplus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [msms] C:\WINDOWS\msms.exe
O4 - HKCU\..\Run: [64SPs-] C:\WINDOWS\system32\64SPs-.exe
O4 - HKCU\..\Run: [SPnt32] C:\WINDOWS\SPnt32.exe
O4 - HKCU\..\Run: [mshhsyms] C:\WINDOWS\system32\mshhsyms.exe
O4 - HKCU\..\Run: [PEhhPE] C:\WINDOWS\system32\PEhhPE.exe
O4 - HKCU\..\Run: [msPEmsor] C:\WINDOWS\system32\msPEmsor.exe
O4 - HKCU\..\Run: [32nt64] C:\WINDOWS\system32\32nt64.exe
O4 - HKCU\..\Run: [6432nt] C:\WINDOWS\6432nt.exe
O4 - HKCU\..\Run: [PEPESPhh] C:\WINDOWS\system32\PEPESPhh.exe
O4 - HKCU\..\Run: [sySPhhs-32] C:\WINDOWS\sySPhhs-32.exe
O4 - HKCU\..\Run: [3232] C:\WINDOWS\system32\3232.exe
O4 - HKCU\..\Run: [SPsy32or] C:\WINDOWS\system32\SPsy32or.exe
O4 - HKCU\..\Run: [32SPorntnt] C:\WINDOWS\system32\32SPorntnt.exe
O4 - HKCU\..\Run: [32ntmsnt] C:\WINDOWS\32ntmsnt.exe
O4 - HKCU\..\Run: [SP64] C:\WINDOWS\system32\SP64.exe
O4 - HKCU\..\Run: [nts-64PEnt] C:\WINDOWS\system32\nts-64PEnt.exe
O4 - HKCU\..\Run: [32ms] C:\WINDOWS\32ms.exe
O4 - HKCU\..\Run: [326464] C:\WINDOWS\326464.exe
O4 - HKCU\..\Run: [PE64msSP] C:\WINDOWS\system32\PE64msSP.exe
O4 - HKCU\..\Run: [64PE] C:\WINDOWS\64PE.exe
O4 - HKCU\..\Run: [32SPnt] C:\WINDOWS\32SPnt.exe
O4 - HKCU\..\Run: [PEor] C:\WINDOWS\PEor.exe
O4 - HKCU\..\Run: [ms64sysy32] C:\WINDOWS\system32\ms64sysy32.exe
O4 - HKCU\..\Run: [ors-hh] C:\WINDOWS\system32\ors-hh.exe
O4 - HKCU\..\Run: [PEs-32syhh] C:\WINDOWS\system32\PEs-32syhh.exe
O4 - HKCU\..\Run: [ntors-orPE] C:\WINDOWS\system32\ntors-orPE.exe
O4 - HKCU\..\Run: [syntor] C:\WINDOWS\syntor.exe
O4 - HKCU\..\Run: [SPs-sySP] C:\WINDOWS\SPs-sySP.exe
O4 - HKCU\..\Run: [hhhhs-] C:\WINDOWS\system32\hhhhs-.exe
O4 - HKCU\..\Run: [SPms32oror] C:\WINDOWS\SPms32oror.exe
O4 - HKCU\..\Run: [hh64nt] C:\WINDOWS\system32\hh64nt.exe
O4 - HKCU\..\Run: [syPE64nt] C:\WINDOWS\syPE64nt.exe
O4 - HKCU\..\Run: [oror] C:\WINDOWS\system32\oror.exe
O4 - HKCU\..\Run: [PE32SP64PE] C:\WINDOWS\system32\PE32SP64PE.exe
O4 - HKCU\..\Run: [32ororsy] C:\WINDOWS\32ororsy.exe
O4 - HKCU\..\Run: [SPsy] C:\WINDOWS\system32\SPsy.exe
O4 - HKCU\..\Run: [32hhor] C:\WINDOWS\system32\32hhor.exe
O4 - HKCU\..\Run: [64s-64ornt] C:\WINDOWS\system32\64s-64ornt.exe
O4 - HKCU\..\Run: [or32SPSP] C:\WINDOWS\or32SPSP.exe
O4 - HKCU\..\Run: [s-32orsy64] C:\WINDOWS\system32\s-32orsy64.exe
O4 - HKCU\..\Run: [nt64ntPEs-] C:\WINDOWS\system32\nt64ntPEs-.exe
O4 - HKCU\..\Run: [SPSPms] C:\WINDOWS\system32\SPSPms.exe
O4 - HKCU\..\Run: [orsy] C:\WINDOWS\system32\orsy.exe
O4 - HKCU\..\Run: [SPntntPEor] C:\WINDOWS\system32\SPntntPEor.exe
O4 - HKCU\..\Run: [s-s-3264ms] C:\WINDOWS\s-s-3264ms.exe
O4 - HKCU\..\Run: [nthhs-SPPE] C:\WINDOWS\nthhs-SPPE.exe
O4 - HKCU\..\Run: [s-hh] C:\WINDOWS\system32\s-hh.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [8D3265EB] C:\WINDOWS\system32\VPCMPRTL3.exe
O4 - HKCU\..\Run: [8C09ADF6] C:\WINDOWS\system32\TIFMSATT.exe
O4 - HKCU\..\Run: [EE0C4A5E] C:\WINDOWS\system32\DMIPURP.exe
O4 - HKCU\..\Run: [A4211C76] C:\WINDOWS\system32\LDCAP3srv.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cdpydrv - Unknown - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client - Unknown - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
P.S. I;m still trying to work out the rest of the home search removal method listed in the above posts, but worried the dos program is going to do something if i don;t fix it ^^: hopefully i;m just being paranoid, but why i posted this before i completed the homesearcher removal attempt which i intend to try and finish tomorrow.
Here's the log after several attempts at removing, believe theres another visible virus running too thats doing internet redirects though it might be linked to the main one >> (believe its the home search virus but not entireyl sure, tried the program designed to destroy it but it still keeps popping back up). I also appolgize for any other virus data you have to wade thorugh or weird program file names from my art programs >>'''
Logfile of HijackThis v1.99.0
Scan saved at 10:12:26 PM, on 2/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\VPCMPRTL3.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\syntor.exe
C:\WINDOWS\SPs-sySP.exe
C:\WINDOWS\syPE64nt.exe
C:\WINDOWS\system32\oror.exe
C:\WINDOWS\system32\PE32SP64PE.exe
C:\WINDOWS\system32\32hhor.exe
C:\WINDOWS\system32\64s-64ornt.exe
C:\WINDOWS\system32\nt64ntPEs-.exe
C:\WINDOWS\system32\SPSPms.exe
C:\WINDOWS\system32\SPntntPEor.exe
C:\WINDOWS\s-s-3264ms.exe
C:\WINDOWS\system32\s-hh.exe
C:\WINDOWS\system32\wuclient.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\virus gear\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [8D3265EB] C:\WINDOWS\system32\VPCMPRTL3.exe
O4 - HKLM\..\Run: [8C09ADF6] C:\WINDOWS\system32\TIFMSATT.exe
O4 - HKLM\..\Run: [EE0C4A5E] C:\WINDOWS\system32\DMIPURP.exe
O4 - HKLM\..\Run: [A4211C76] C:\WINDOWS\system32\LDCAP3srv.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msmshhms64] C:\WINDOWS\msmshhms64.exe
O4 - HKCU\..\Run: [64s-] C:\WINDOWS\system32\64s-.exe
O4 - HKCU\..\Run: [mshhms] C:\WINDOWS\mshhms.exe
O4 - HKCU\..\Run: [spywareguardplus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [msms] C:\WINDOWS\msms.exe
O4 - HKCU\..\Run: [64SPs-] C:\WINDOWS\system32\64SPs-.exe
O4 - HKCU\..\Run: [SPnt32] C:\WINDOWS\SPnt32.exe
O4 - HKCU\..\Run: [mshhsyms] C:\WINDOWS\system32\mshhsyms.exe
O4 - HKCU\..\Run: [PEhhPE] C:\WINDOWS\system32\PEhhPE.exe
O4 - HKCU\..\Run: [msPEmsor] C:\WINDOWS\system32\msPEmsor.exe
O4 - HKCU\..\Run: [32nt64] C:\WINDOWS\system32\32nt64.exe
O4 - HKCU\..\Run: [6432nt] C:\WINDOWS\6432nt.exe
O4 - HKCU\..\Run: [PEPESPhh] C:\WINDOWS\system32\PEPESPhh.exe
O4 - HKCU\..\Run: [sySPhhs-32] C:\WINDOWS\sySPhhs-32.exe
O4 - HKCU\..\Run: [3232] C:\WINDOWS\system32\3232.exe
O4 - HKCU\..\Run: [SPsy32or] C:\WINDOWS\system32\SPsy32or.exe
O4 - HKCU\..\Run: [32SPorntnt] C:\WINDOWS\system32\32SPorntnt.exe
O4 - HKCU\..\Run: [32ntmsnt] C:\WINDOWS\32ntmsnt.exe
O4 - HKCU\..\Run: [SP64] C:\WINDOWS\system32\SP64.exe
O4 - HKCU\..\Run: [nts-64PEnt] C:\WINDOWS\system32\nts-64PEnt.exe
O4 - HKCU\..\Run: [32ms] C:\WINDOWS\32ms.exe
O4 - HKCU\..\Run: [326464] C:\WINDOWS\326464.exe
O4 - HKCU\..\Run: [PE64msSP] C:\WINDOWS\system32\PE64msSP.exe
O4 - HKCU\..\Run: [64PE] C:\WINDOWS\64PE.exe
O4 - HKCU\..\Run: [32SPnt] C:\WINDOWS\32SPnt.exe
O4 - HKCU\..\Run: [PEor] C:\WINDOWS\PEor.exe
O4 - HKCU\..\Run: [ms64sysy32] C:\WINDOWS\system32\ms64sysy32.exe
O4 - HKCU\..\Run: [ors-hh] C:\WINDOWS\system32\ors-hh.exe
O4 - HKCU\..\Run: [PEs-32syhh] C:\WINDOWS\system32\PEs-32syhh.exe
O4 - HKCU\..\Run: [ntors-orPE] C:\WINDOWS\system32\ntors-orPE.exe
O4 - HKCU\..\Run: [syntor] C:\WINDOWS\syntor.exe
O4 - HKCU\..\Run: [SPs-sySP] C:\WINDOWS\SPs-sySP.exe
O4 - HKCU\..\Run: [hhhhs-] C:\WINDOWS\system32\hhhhs-.exe
O4 - HKCU\..\Run: [SPms32oror] C:\WINDOWS\SPms32oror.exe
O4 - HKCU\..\Run: [hh64nt] C:\WINDOWS\system32\hh64nt.exe
O4 - HKCU\..\Run: [syPE64nt] C:\WINDOWS\syPE64nt.exe
O4 - HKCU\..\Run: [oror] C:\WINDOWS\system32\oror.exe
O4 - HKCU\..\Run: [PE32SP64PE] C:\WINDOWS\system32\PE32SP64PE.exe
O4 - HKCU\..\Run: [32ororsy] C:\WINDOWS\32ororsy.exe
O4 - HKCU\..\Run: [SPsy] C:\WINDOWS\system32\SPsy.exe
O4 - HKCU\..\Run: [32hhor] C:\WINDOWS\system32\32hhor.exe
O4 - HKCU\..\Run: [64s-64ornt] C:\WINDOWS\system32\64s-64ornt.exe
O4 - HKCU\..\Run: [or32SPSP] C:\WINDOWS\or32SPSP.exe
O4 - HKCU\..\Run: [s-32orsy64] C:\WINDOWS\system32\s-32orsy64.exe
O4 - HKCU\..\Run: [nt64ntPEs-] C:\WINDOWS\system32\nt64ntPEs-.exe
O4 - HKCU\..\Run: [SPSPms] C:\WINDOWS\system32\SPSPms.exe
O4 - HKCU\..\Run: [orsy] C:\WINDOWS\system32\orsy.exe
O4 - HKCU\..\Run: [SPntntPEor] C:\WINDOWS\system32\SPntntPEor.exe
O4 - HKCU\..\Run: [s-s-3264ms] C:\WINDOWS\s-s-3264ms.exe
O4 - HKCU\..\Run: [nthhs-SPPE] C:\WINDOWS\nthhs-SPPE.exe
O4 - HKCU\..\Run: [s-hh] C:\WINDOWS\system32\s-hh.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [8D3265EB] C:\WINDOWS\system32\VPCMPRTL3.exe
O4 - HKCU\..\Run: [8C09ADF6] C:\WINDOWS\system32\TIFMSATT.exe
O4 - HKCU\..\Run: [EE0C4A5E] C:\WINDOWS\system32\DMIPURP.exe
O4 - HKCU\..\Run: [A4211C76] C:\WINDOWS\system32\LDCAP3srv.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {2F2D47A9-A02C-44CC-8F60-4BEE2490A0CA} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cdpydrv - Unknown - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client - Unknown - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
P.S. I;m still trying to work out the rest of the home search removal method listed in the above posts, but worried the dos program is going to do something if i don;t fix it ^^: hopefully i;m just being paranoid, but why i posted this before i completed the homesearcher removal attempt which i intend to try and finish tomorrow.
0
This discussion has been closed.
Comments
http://www.emsisoft.com/en/software/free/
Let it remove anything that it finds.
Please run these two online scans.
Make sure they are set to clean automatically:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
If there are files that can not be removed by the scans please include that information in your next post.
Reboot and post a new hijackthis log.