Options

A new log full of problems pleaz help

Unknown
edited May 2005 in Spyware & Virus Removal
Hi this is my first post. I joined this site because I dont know where to start cleaning up this mess. Here is a Hijack Log... plz help.

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\KERNELS32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\VXH8JKDQ2.EXE
C:\WINDOWS\SYSTEM\VXH8JKDQ7.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\WINDOWS\SYSTEM\SERVICES\{927EDC66-24AC-4E18-809A-83764978308E}\SVCHOST.EXE
C:\WINDOWS\IAN.EXE
C:\WINDOWS\SYSTEM\DDS.EXE
C:\WINDOWS\SYSTEM\OPJ.EXE
C:\WINDOWS\BRV.EXE
C:\WINDOWS\SYSTEM\KET.EXE
C:\WINDOWS\SYSTEM\SVCHOST.EXE
C:\WINDOWS\SYSTEM\LMJ.EXE
C:\WINDOWS\SYSTEM\QLN.EXE
C:\WINDOWS\SYSTEM\SAI.EXE
C:\WINDOWS\MNQ.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\OJV.EXE
C:\WINDOWS\SYSTEM\VGRFIPKA.EXE
C:\WINDOWS\LSQ.EXE
C:\WINDOWS\SYSTEM\CIH.EXE
C:\WINDOWS\JTE.EXE
C:\WINDOWS\SYSTEM\VSU.EXE
C:\WINDOWS\DPS.EXE
C:\WINDOWS\SYSTEM\GQO.EXE
C:\WINDOWS\PDD.EXE
C:\WINDOWS\SYSTEM\ORA.EXE
C:\WINDOWS\TVM.EXE
C:\WINDOWS\JMC.EXE
C:\WINDOWS\SYSTEM\DND.EXE
C:\WINDOWS\HPH.EXE
C:\WINDOWS\SYSTEM\HPHIPM07.EXE
C:\WINDOWS\TMI.EXE
C:\WINDOWS\SYSTEM\EIK.EXE
C:\WINDOWS\SYSTEM\OKB.EXE
C:\WINDOWS\JHE.EXE
C:\WINDOWS\CVS.EXE
C:\WINDOWS\PHU.EXE
C:\WINDOWS\SUM.EXE
C:\WINDOWS\KJI.EXE
C:\WINDOWS\SYSTEM\QOV.EXE
C:\WINDOWS\GDO.EXE
C:\WINDOWS\IHK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\ERL.EXE
C:\WINDOWS\IAN.EXE
C:\WINDOWS\SYSTEM\HPHID407.EXE
C:\WINDOWS\SYSTEM\DDS.EXE
C:\WINDOWS\SYSTEM\OPJ.EXE
C:\WINDOWS\BRV.EXE
C:\WINDOWS\SYSTEM\KET.EXE
C:\WINDOWS\SYSTEM\LMJ.EXE
C:\WINDOWS\SYSTEM\QLN.EXE
C:\WINDOWS\SYSTEM\SAI.EXE
C:\WINDOWS\MNQ.EXE
C:\WINDOWS\OJV.EXE
C:\WINDOWS\LSQ.EXE
C:\WINDOWS\SYSTEM\CIH.EXE
C:\WINDOWS\JTE.EXE
C:\WINDOWS\SYSTEM\VSU.EXE
C:\WINDOWS\DPS.EXE
C:\WINDOWS\SYSTEM\GQO.EXE
C:\WINDOWS\PDD.EXE
C:\WINDOWS\SYSTEM\ORA.EXE
C:\WINDOWS\TVM.EXE
C:\WINDOWS\JMC.EXE
C:\WINDOWS\SYSTEM\DND.EXE
C:\WINDOWS\HPH.EXE
C:\WINDOWS\TMI.EXE
C:\WINDOWS\SYSTEM\EIK.EXE
C:\WINDOWS\SYSTEM\OKB.EXE
C:\WINDOWS\JHE.EXE
C:\WINDOWS\CVS.EXE
C:\WINDOWS\PHU.EXE
C:\WINDOWS\SUM.EXE
C:\WINDOWS\KJI.EXE
C:\WINDOWS\SYSTEM\QOV.EXE
C:\WINDOWS\GDO.EXE
C:\WINDOWS\IHK.EXE
C:\WINDOWS\SYSTEM\ERL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\VXGAME3.EXE
C:\RECYCLED\SVCHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PACKAGER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WEBSITEVIEWER\16314420TEMP.EXE
C:\PROGRAM FILES\WEBSITEVIEWER\126373.DLR
C:\PROGRAM FILES\WEBSITEVIEWER\126373.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myclick2search.com/search/ie.html%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 208.7.144.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
localhost;<local>
F1 - win.ini: run=smmcdsaxŽnLáÙG hpfsched
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E033EB3C-B87C-A38A-91EC-993432056782} - C:\WINDOWS\SYSTEM\CRLO.DLL (file missing)
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\DREXINIT.DLL
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\RTNEG3.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\SYSTEM\RSYNCMON.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SDKEB.EXE] C:\WINDOWS\SYSTEM\SDKEB.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{927EDC66-24AC-4E18-809A-83764978308E}\SVCHOST.EXE
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Aul] C:\WINDOWS\Ian.exe
O4 - HKLM\..\Run: [Tbr] C:\WINDOWS\SYSTEM\Dds.exe
O4 - HKLM\..\Run: [Plp] C:\WINDOWS\SYSTEM\Opj.exe
O4 - HKLM\..\Run: [Tvk] C:\WINDOWS\Brv.exe
O4 - HKLM\..\Run: [Nbn] C:\WINDOWS\SYSTEM\Ket.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\Run: [Ord] C:\WINDOWS\SYSTEM\Lmj.exe
O4 - HKLM\..\Run: [Vkm] C:\WINDOWS\SYSTEM\Qln.exe
O4 - HKLM\..\Run: [Jpt] C:\WINDOWS\SYSTEM\Sai.exe
O4 - HKLM\..\Run: [Daa] C:\WINDOWS\Mnq.exe
O4 - HKLM\..\Run: [Hov] C:\WINDOWS\Ojv.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\Run: [vgrfipka] c:\windows\system\vgrfipka.exe
O4 - HKLM\..\Run: [Njj] C:\WINDOWS\Lsq.exe
O4 - HKLM\..\Run: [Qak] C:\WINDOWS\SYSTEM\Cih.exe
O4 - HKLM\..\Run: [Hvq] C:\WINDOWS\Jte.exe
O4 - HKLM\..\Run: [Rsp] C:\WINDOWS\SYSTEM\Vsu.exe
O4 - HKLM\..\Run: [Bta] C:\WINDOWS\Dps.exe
O4 - HKLM\..\Run: [Eak] C:\WINDOWS\SYSTEM\Gqo.exe
O4 - HKLM\..\Run: [Nbu] C:\WINDOWS\Pdd.exe
O4 - HKLM\..\Run: [Hpl] C:\WINDOWS\SYSTEM\Ora.exe
O4 - HKLM\..\Run: [Mqr] C:\WINDOWS\Tvm.exe
O4 - HKLM\..\Run: [Fud] C:\WINDOWS\Jmc.exe
O4 - HKLM\..\Run: [Lhq] C:\WINDOWS\SYSTEM\Dnd.exe
O4 - HKLM\..\Run: [Tdf] C:\WINDOWS\Hph.exe
O4 - HKLM\..\Run: [Pul] C:\WINDOWS\Tmi.exe
O4 - HKLM\..\Run: [Vcd] C:\WINDOWS\SYSTEM\Eik.exe
O4 - HKLM\..\Run: [Nfn] C:\WINDOWS\SYSTEM\Okb.exe
O4 - HKLM\..\Run: [Kbn] C:\WINDOWS\Jhe.exe
O4 - HKLM\..\Run: [Uvr] C:\WINDOWS\Cvs.exe
O4 - HKLM\..\Run: [Uif] C:\WINDOWS\Phu.exe
O4 - HKLM\..\Run: [Nfp] C:\WINDOWS\Sum.exe
O4 - HKLM\..\Run: [Rah] C:\WINDOWS\Kji.exe
O4 - HKLM\..\Run: [Pbs] C:\WINDOWS\SYSTEM\Qov.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Gdo.exe
O4 - HKLM\..\Run: [Vst] C:\WINDOWS\Ihk.exe
O4 - HKLM\..\Run: [Pug] C:\WINDOWS\SYSTEM\Erl.exe
O4 - HKLM\..\Run: [Rfs] C:\WINDOWS\SYSTEM\Kjo.exe
O4 - HKLM\..\Run: [Sni] C:\WINDOWS\SYSTEM\Svj.exe
O4 - HKLM\..\Run: [Hsc] C:\WINDOWS\SYSTEM\Ksf.exe
O4 - HKLM\..\Run: [Pmk] C:\WINDOWS\Prc.exe
O4 - HKLM\..\Run: [Lop] C:\WINDOWS\SYSTEM\Tob.exe
O4 - HKLM\..\Run: [Kqq] C:\WINDOWS\SYSTEM\Ian.exe
O4 - HKLM\..\Run: [Omv] C:\WINDOWS\SYSTEM\Esb.exe
O4 - HKLM\..\Run: [Dho] C:\WINDOWS\SYSTEM\Hnv.exe
O4 - HKLM\..\Run: [Cmh] C:\WINDOWS\SYSTEM\Prm.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MFCUF32.EXE] C:\WINDOWS\SYSTEM\MFCUF32.EXE /s
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WINUR32.EXE] C:\WINDOWS\WINUR32.EXE /s
O4 - HKLM\..\RunServices: [JAVAXO.EXE] C:\WINDOWS\SYSTEM\JAVAXO.EXE /s
O4 - HKLM\..\RunServices: [IESI.EXE] C:\WINDOWS\SYSTEM\IESI.EXE /s
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [ATLAG.EXE] C:\WINDOWS\ATLAG.EXE /s
O4 - HKLM\..\RunServices: [IEVV.EXE] C:\WINDOWS\SYSTEM\IEVV.EXE /s
O4 - HKLM\..\RunServices: [IPKT.EXE] C:\WINDOWS\IPKT.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Aul] C:\WINDOWS\Ian.exe
O4 - HKCU\..\Run: [Tbr] C:\WINDOWS\SYSTEM\Dds.exe
O4 - HKCU\..\Run: [Plp] C:\WINDOWS\SYSTEM\Opj.exe
O4 - HKCU\..\Run: [Tvk] C:\WINDOWS\Brv.exe
O4 - HKCU\..\Run: [Nbn] C:\WINDOWS\SYSTEM\Ket.exe
O4 - HKCU\..\Run: [Ord] C:\WINDOWS\SYSTEM\Lmj.exe
O4 - HKCU\..\Run: [Vkm] C:\WINDOWS\SYSTEM\Qln.exe
O4 - HKCU\..\Run: [Jpt] C:\WINDOWS\SYSTEM\Sai.exe
O4 - HKCU\..\Run: [Daa] C:\WINDOWS\Mnq.exe
O4 - HKCU\..\Run: [Hov] C:\WINDOWS\Ojv.exe
O4 - HKCU\..\Run: [Njj] C:\WINDOWS\Lsq.exe
O4 - HKCU\..\Run: [Qak] C:\WINDOWS\SYSTEM\Cih.exe
O4 - HKCU\..\Run: [Hvq] C:\WINDOWS\Jte.exe
O4 - HKCU\..\Run: [Rsp] C:\WINDOWS\SYSTEM\Vsu.exe
O4 - HKCU\..\Run: [Bta] C:\WINDOWS\Dps.exe
O4 - HKCU\..\Run: [Eak] C:\WINDOWS\SYSTEM\Gqo.exe
O4 - HKCU\..\Run: [Nbu] C:\WINDOWS\Pdd.exe
O4 - HKCU\..\Run: [Hpl] C:\WINDOWS\SYSTEM\Ora.exe
O4 - HKCU\..\Run: [Mqr] C:\WINDOWS\Tvm.exe
O4 - HKCU\..\Run: [Fud] C:\WINDOWS\Jmc.exe
O4 - HKCU\..\Run: [Lhq] C:\WINDOWS\SYSTEM\Dnd.exe
O4 - HKCU\..\Run: [Tdf] C:\WINDOWS\Hph.exe
O4 - HKCU\..\Run: [Pul] C:\WINDOWS\Tmi.exe
O4 - HKCU\..\Run: [Vcd] C:\WINDOWS\SYSTEM\Eik.exe
O4 - HKCU\..\Run: [Nfn] C:\WINDOWS\SYSTEM\Okb.exe
O4 - HKCU\..\Run: [Kbn] C:\WINDOWS\Jhe.exe
O4 - HKCU\..\Run: [Uvr] C:\WINDOWS\Cvs.exe
O4 - HKCU\..\Run: [Uif] C:\WINDOWS\Phu.exe
O4 - HKCU\..\Run: [Nfp] C:\WINDOWS\Sum.exe
O4 - HKCU\..\Run: [Rah] C:\WINDOWS\Kji.exe
O4 - HKCU\..\Run: [Pbs] C:\WINDOWS\SYSTEM\Qov.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Gdo.exe
O4 - HKCU\..\Run: [Vst] C:\WINDOWS\Ihk.exe
O4 - HKCU\..\Run: [Pug] C:\WINDOWS\SYSTEM\Erl.exe
O4 - HKCU\..\Run: [Rfs] C:\WINDOWS\SYSTEM\Kjo.exe
O4 - HKCU\..\Run: [Sni] C:\WINDOWS\SYSTEM\Svj.exe
O4 - HKCU\..\Run: [Hsc] C:\WINDOWS\SYSTEM\Ksf.exe
O4 - HKCU\..\Run: [Pmk] C:\WINDOWS\Prc.exe
O4 - HKCU\..\Run: [Lop] C:\WINDOWS\SYSTEM\Tob.exe
O4 - HKCU\..\Run: [Kqq] C:\WINDOWS\SYSTEM\Ian.exe
O4 - HKCU\..\Run: [Omv] C:\WINDOWS\SYSTEM\Esb.exe
O4 - HKCU\..\Run: [Dho] C:\WINDOWS\SYSTEM\Hnv.exe
O4 - HKCU\..\Run: [Cmh] C:\WINDOWS\SYSTEM\Prm.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {7549B6EF-8ED4-47E0-8523-A7F75D1ECDA7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7549B6EF-8ED4-47E0-8523-A7F75D1ECDA7} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v0015/www.contentwatch.com/audit/ContentAuditControl.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pcps.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 208.7.144.1

Any help would be appreciated. thanks.

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    You cut off the top(header) of the log. I need to know that information before I can post a fix for you.
  • botpos
    edited May 2005
    Sorry here is a new log... i did a little work since the first one. Thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:26:33 AM, on 3/8/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPHA1MON.EXE
    C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
    C:\WINDOWS\SYSTEM\SERVICES\{927EDC66-24AC-4E18-809A-83764978308E}\SVCHOST.EXE
    C:\WINDOWS\SYSTEM\SVCHOST.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\KKK.EXE
    C:\WINDOWS\VJS.EXE
    C:\WINDOWS\SYSTEM\FGO.EXE
    C:\WINDOWS\SYSTEM\BOB.EXE
    C:\WINDOWS\SYSTEM\HMM.EXE
    C:\WINDOWS\SYSTEM\SPM.EXE
    C:\WINDOWS\SYSTEM\UDI.EXE
    C:\WINDOWS\VCD.EXE
    C:\WINDOWS\SYSTEM\KKK.EXE
    C:\WINDOWS\VJS.EXE
    C:\WINDOWS\SYSTEM\FGO.EXE
    C:\WINDOWS\SYSTEM\HPHIPM07.EXE
    C:\WINDOWS\SYSTEM\BOB.EXE
    C:\WINDOWS\SYSTEM\HMM.EXE
    C:\WINDOWS\SYSTEM\SPM.EXE
    C:\WINDOWS\SYSTEM\HPHID407.EXE
    C:\WINDOWS\SYSTEM\UDI.EXE
    C:\WINDOWS\VCD.EXE
    C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    F1 - win.ini: run=smmcdsaxŽnLáÙG hpfsched
    O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {E033EB3C-B87C-A38A-91EC-993432056782} - C:\WINDOWS\SYSTEM\CRLO.DLL (file missing)
    O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\DREXINIT.DLL
    O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\RTNEG3.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{927EDC66-24AC-4E18-809A-83764978308E}\SVCHOST.EXE
    O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
    O4 - HKLM\..\Run: [Lub] C:\WINDOWS\SYSTEM\Kkk.exe
    O4 - HKLM\..\Run: [Bjf] C:\WINDOWS\Vjs.exe
    O4 - HKLM\..\Run: [Idi] C:\WINDOWS\SYSTEM\Fgo.exe
    O4 - HKLM\..\Run: [Lsf] C:\WINDOWS\SYSTEM\Bob.exe
    O4 - HKLM\..\Run: [Mlq] C:\WINDOWS\SYSTEM\Hmm.exe
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\Run: [Qph] C:\WINDOWS\SYSTEM\Spm.exe
    O4 - HKLM\..\Run: [Dgk] C:\WINDOWS\SYSTEM\Udi.exe
    O4 - HKLM\..\Run: [Ojo] C:\WINDOWS\Vcd.exe
    O4 - HKLM\..\Run: [Mpj] C:\WINDOWS\SYSTEM\Uei.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
    O4 - HKCU\..\Run: [Lub] C:\WINDOWS\SYSTEM\Kkk.exe
    O4 - HKCU\..\Run: [Bjf] C:\WINDOWS\Vjs.exe
    O4 - HKCU\..\Run: [Idi] C:\WINDOWS\SYSTEM\Fgo.exe
    O4 - HKCU\..\Run: [Lsf] C:\WINDOWS\SYSTEM\Bob.exe
    O4 - HKCU\..\Run: [Mlq] C:\WINDOWS\SYSTEM\Hmm.exe
    O4 - HKCU\..\Run: [Qph] C:\WINDOWS\SYSTEM\Spm.exe
    O4 - HKCU\..\Run: [Dgk] C:\WINDOWS\SYSTEM\Udi.exe
    O4 - HKCU\..\Run: [Ojo] C:\WINDOWS\Vcd.exe
    O4 - HKCU\..\Run: [Mpj] C:\WINDOWS\SYSTEM\Uei.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
    O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
    O9 - Extra button: Microsoft AntiSpyware helper - {7549B6EF-8ED4-47E0-8523-A7F75D1ECDA7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7549B6EF-8ED4-47E0-8523-A7F75D1ECDA7} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v0015/www.contentwatch.com/audit/ContentAuditControl.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pcps.edu
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 208.7.144.1
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    1. Download the following file and extract it to c:\spywad

      http://www.bleepingcomputer.com/files/mosaic1/98remove_spywads.zip

      Once it is downloaded, open up the c:\spywad folder and keep it open for the following steps:


    2. Open Hijackthis.

      Click on Config, and then Misc Tools.

      Press the Open process manager button and select the following process by clicking on it once:

      C:\WINDOWS\SYSTEM\KKK.EXE
      C:\WINDOWS\VJS.EXE
      C:\WINDOWS\SYSTEM\FGO.EXE
      C:\WINDOWS\SYSTEM\BOB.EXE
      C:\WINDOWS\SYSTEM\HMM.EXE
      C:\WINDOWS\SYSTEM\SPM.EXE
      C:\WINDOWS\SYSTEM\UDI.EXE
      C:\WINDOWS\VCD.EXE
      C:\WINDOWS\SYSTEM\KKK.EXE
      C:\WINDOWS\VJS.EXE
      C:\WINDOWS\SYSTEM\FGO.EXE
      C:\WINDOWS\SYSTEM\BOB.EXE
      C:\WINDOWS\SYSTEM\HMM.EXE
      C:\WINDOWS\SYSTEM\SPM.EXE
      C:\WINDOWS\SYSTEM\UDI.EXE
      C:\WINDOWS\VCD.EXE

      Then press Kill process button. After you press the button, that process should no longer appear in the list.

      Continue to keep the process manager open


    3. Go back to the open c:\spywad directory and double-click on the vbs file that is in the folder. After you double-click on it, it will ask for a file to type in. Type in the following, but DO NOT PRESS OK YET:

      C:\WINDOWS\SYSTEM\KKK.EXE
      C:\WINDOWS\VJS.EXE
      C:\WINDOWS\SYSTEM\FGO.EXE
      C:\WINDOWS\SYSTEM\BOB.EXE
      C:\WINDOWS\SYSTEM\HMM.EXE
      C:\WINDOWS\SYSTEM\SPM.EXE
      C:\WINDOWS\SYSTEM\UDI.EXE
      C:\WINDOWS\VCD.EXE
      C:\WINDOWS\SYSTEM\KKK.EXE
      C:\WINDOWS\VJS.EXE
      C:\WINDOWS\SYSTEM\FGO.EXE
      C:\WINDOWS\SYSTEM\BOB.EXE
      C:\WINDOWS\SYSTEM\HMM.EXE
      C:\WINDOWS\SYSTEM\SPM.EXE
      C:\WINDOWS\SYSTEM\UDI.EXE
      C:\WINDOWS\VCD.EXE


    4. Go back to the open HJT window with the process manager open and select explorer.exe and then press the Kill process button again. You will see your desktop disappear. This is normal, so do not worry.

      DO NOT SHUT THIS HIJACKTHIS WINDOW


    5. Go back to the vbs program that you typed in the path previously and press the OK button.

      When the script is finished, it will present you with a few alerts about files it is removing. When it is complete it will pop up a message box saying Done!. You can close that message box.


    6. Now go back to the open HijackThis window, still being in the process manager, and click on the Run button. Type explorer.exe into the field and press enter. Your desktop should now appear.


    7. Start HijackThis again and fix the following items:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      F1 - win.ini: run=smmcdsaxŽnLáÙG hpfsched
      O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Class - {E033EB3C-B87C-A38A-91EC-993432056782} - C:\WINDOWS\SYSTEM\CRLO.DLL (file missing)
      O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\DREXINIT.DLL
      O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\RTNEG3.DLL
      O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{927EDC66-24AC-4E18-809A-83764978308E}\SVCHOST.EXE
      O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
      O4 - HKLM\..\Run: [Lub] C:\WINDOWS\SYSTEM\Kkk.exe
      O4 - HKLM\..\Run: [Bjf] C:\WINDOWS\Vjs.exe
      O4 - HKLM\..\Run: [Idi] C:\WINDOWS\SYSTEM\Fgo.exe
      O4 - HKLM\..\Run: [Lsf] C:\WINDOWS\SYSTEM\Bob.exe
      O4 - HKLM\..\Run: [Mlq] C:\WINDOWS\SYSTEM\Hmm.exe
      O4 - HKLM\..\Run: [Qph] C:\WINDOWS\SYSTEM\Spm.exe
      O4 - HKLM\..\Run: [Dgk] C:\WINDOWS\SYSTEM\Udi.exe
      O4 - HKLM\..\Run: [Ojo] C:\WINDOWS\Vcd.exe
      O4 - HKLM\..\Run: [Mpj] C:\WINDOWS\SYSTEM\Uei.exe
      O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
      O4 - HKCU\..\Run: [Lub] C:\WINDOWS\SYSTEM\Kkk.exe
      O4 - HKCU\..\Run: [Bjf] C:\WINDOWS\Vjs.exe
      O4 - HKCU\..\Run: [Idi] C:\WINDOWS\SYSTEM\Fgo.exe
      O4 - HKCU\..\Run: [Lsf] C:\WINDOWS\SYSTEM\Bob.exe
      O4 - HKCU\..\Run: [Mlq] C:\WINDOWS\SYSTEM\Hmm.exe
      O4 - HKCU\..\Run: [Qph] C:\WINDOWS\SYSTEM\Spm.exe
      O4 - HKCU\..\Run: [Dgk] C:\WINDOWS\SYSTEM\Udi.exe
      O4 - HKCU\..\Run: [Ojo] C:\WINDOWS\Vcd.exe
      O4 - HKCU\..\Run: [Mpj] C:\WINDOWS\SYSTEM\Uei.exe




    8. Post the contents of Spywad.txt, found in the c:\spywad directory, and a new Hijackthis log and tell me if things are better.
Sign In or Register to comment.