Enjoywebsurf has taken over!

Unknown · June 2005

Can someone please help me? Enjoywebsurf has taken over my internet explorer. Whenever I start up the internet I get a search page that I don't want, and I can't get rid of it. I've run ad-aware and spybot, unhid hidden files; everything listed in the turotial. Which files do I get rid of?

Below is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:23:19 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\d3rt32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\sysij.exe
C:\WINDOWS\System32\HjwLt61.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HjwLt61.exe
C:\WINDOWS\system32\d3hk32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Paige\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2121F517-8EB0-C7D8-66ED-2DA4574066BE} - C:\WINDOWS\mscs32.dll
O2 - BHO: Class - {5621E906-B1E9-D233-3F0C-620103BD60FC} - C:\WINDOWS\winyk.dll
O2 - BHO: Class - {8D02DCC5-CA50-28BE-8B1E-0DA145A1D540} - C:\WINDOWS\iewb32.dll
O2 - BHO: Class - {A1448DC6-7406-B068-210E-D3F294FB1FA8} - C:\WINDOWS\ipnw.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E37D7B9F-E063-C448-8764-8831CD286CD2} - C:\WINDOWS\iegp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [fkH] C:\documents and settings\jane\local settings\temp\fkH.exe
O4 - HKLM\..\Run: [Aq] C:\documents and settings\jane\local settings\temp\Aq.exe
O4 - HKLM\..\Run: [UXxrK] C:\documents and settings\jane\local settings\temp\UXxrK.exe
O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\System32\ADVAPI32.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\LsxI52.exe
O4 - HKLM\..\Run: [7MmXwl] C:\documents and settings\jane\local settings\temp\7MmXwl.exe
O4 - HKLM\..\Run: [U30e] C:\documents and settings\jane\local settings\temp\U30e.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [2EX8F7K2JTGJNT] C:\WINDOWS\System32\Myb2ZeGd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [d3hk32.exe] C:\WINDOWS\system32\d3hk32.exe
O4 - HKLM\..\RunOnce: [d3rt32.exe] C:\WINDOWS\d3rt32.exe
O4 - HKLM\..\RunOnce: [sysij.exe] C:\WINDOWS\system32\sysij.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_834/sdcregie.cab
O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/builds/mypoints/mypt800_301.cab
O16 - DPF: {4B6E165B-1085-4550-A4E4-7C6D874AD96B} - http://www.topmoxie.com/external/builds/mypoints/mypt800.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09a94e5ad64274764d01/netzip/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3rt32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Buckeye_Sam · June 2005

Sorry for the delay in getting to your post. It's been a busy week. You have several infections. We'll take on the worst first, and then deal with the rest.

You have an HSA infection. The filenames on this type of infection can change each time you reboot your computer or use Internet Explorer. With that in mind, some of these filenames may be different. But the pattern is the same and you may be able to determine the correct files to remove. The sooner you perform this fix, the higher it's chances for success.

Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.
Please print out these instructions.

Step 1
Download CWShredder but don't run it yet.

Step 2
Download AboutBuster
Unzip it to your desktop but don't run it yet.

Step 3
Download Ad-aware SE 1.06
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.

Step 5
Make sure that you can VIEW ALL HIDDEN FILES.

Step 6
Reboot your computer into SAFE MODE

Step 7
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fcnyx.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2121F517-8EB0-C7D8-66ED-2DA4574066BE} - C:\WINDOWS\mscs32.dll
O2 - BHO: Class - {5621E906-B1E9-D233-3F0C-620103BD60FC} - C:\WINDOWS\winyk.dll
O2 - BHO: Class - {8D02DCC5-CA50-28BE-8B1E-0DA145A1D540} - C:\WINDOWS\iewb32.dll
O2 - BHO: Class - {A1448DC6-7406-B068-210E-D3F294FB1FA8} - C:\WINDOWS\ipnw.dll
O2 - BHO: Class - {E37D7B9F-E063-C448-8764-8831CD286CD2} - C:\WINDOWS\iegp.dll
O4 - HKLM\..\Run: [d3hk32.exe] C:\WINDOWS\system32\d3hk32.exe
O4 - HKLM\..\RunOnce: [d3rt32.exe] C:\WINDOWS\d3rt32.exe
O4 - HKLM\..\RunOnce: [sysij.exe] C:\WINDOWS\system32\sysij.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3rt32.exe" /s (file missing)

Step 8
Now run CWShredder, making sure to click "Fix".

Step 9
Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\d3rt32.exe
C:\WINDOWS\mscs32.dll
C:\WINDOWS\winyk.dll
C:\WINDOWS\iewb32.dll
C:\WINDOWS\ipnw.dll
C:\WINDOWS\iegp.dll
C:\WINDOWS\d3rt32.exe
C:\WINDOWS\system32\d3hk32.exe
C:\WINDOWS\system32\sysij.exe

Step 10
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

Step 11
Run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.

Mento · June 2005

Thank you so much for your help. I did what you said, although it seems when I ran hijackthis, the names of the files changed, so I'm not sure if I got them all. Below are my new Hijackthis and aboutbuster logs.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 12:14:08 PM, on 6/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\LhoK8W3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\LhoK8W3.exe
C:\Documents and Settings\Paige\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [fkH] C:\documents and settings\jane\local settings\temp\fkH.exe
O4 - HKLM\..\Run: [Aq] C:\documents and settings\jane\local settings\temp\Aq.exe
O4 - HKLM\..\Run: [UXxrK] C:\documents and settings\jane\local settings\temp\UXxrK.exe
O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\System32\ADVAPI32.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\LsxI52.exe
O4 - HKLM\..\Run: [7MmXwl] C:\documents and settings\jane\local settings\temp\7MmXwl.exe
O4 - HKLM\..\Run: [U30e] C:\documents and settings\jane\local settings\temp\U30e.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [2EX8F7K2JTGJNT] C:\WINDOWS\System32\Dpk5Y.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm

(file missing) (HKCU)
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/

registration/3_0_0_834/sdcregie.cab
O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/builds/mypoints/mypt800_301.cab
O16 - DPF: {4B6E165B-1085-4550-A4E4-7C6D874AD96B} - http://www.topmoxie.com/external/builds/mypoints/mypt800.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09a94e5ad64274764d01/netzip/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.

cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc

.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

aboutbuster:

AboutBuster 5.0 reference file 28
Scan started on [6/11/2005] at [11:39:44 AM]

Removed Stream! C:\WINDOWS\American Idol - Carrie.scr:czwhtp
Removed Stream! C:\WINDOWS\American Idol Carrie.scr:jbpqcg
Removed Stream! C:\WINDOWS\ashxo.txt:alwptb
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:mbzspc
Removed Stream! C:\WINDOWS\byljx.dat:eobuak
Removed Stream! C:\WINDOWS\byljx.dat:fcsxjm
Removed Stream! C:\WINDOWS\clock.avi:qmwgah
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:xswnib
Removed Stream! C:\WINDOWS\Control.Dmi:ithtld
Removed Stream! C:\WINDOWS\dasetup.log:atzyfn
Removed Stream! C:\WINDOWS\dclbw.dat:uosdqe
Removed Stream! C:\WINDOWS\DESKTOP.INI:sjqcaq
Removed Stream! C:\WINDOWS\DESKTOP.INI:suslhy
Removed Stream! C:\WINDOWS\dfoze.txt:mpcjso
Removed Stream! C:\WINDOWS\DHCPUPG.LOG:wmooke
Removed Stream! C:\WINDOWS\DJSmile.ini:lkjidb
Removed Stream! C:\WINDOWS\DMI.ini:meazli
Removed Stream! C:\WINDOWS\DMI.ini:pfytmg
Removed Stream! C:\WINDOWS\DMI.ini:yauxqq
Removed Stream! C:\WINDOWS\efywb.dat:nrumzb
Removed Stream! C:\WINDOWS\efywb.dat:zzefcb
Removed Stream! C:\WINDOWS\entpack.ini:wdmazn
Removed Stream! C:\WINDOWS\EReg077.dat:xyljhv
Removed Stream! C:\WINDOWS\explorer.scf:sfaqnr
Removed Stream! C:\WINDOWS\explorer.scf:shkmib
Removed Stream! C:\WINDOWS\eyceb.txt:xsxxwv
Removed Stream! C:\WINDOWS\FaxSetup.log:lrhgql
Removed Stream! C:\WINDOWS\FaxSetup.log:qzvpcf
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:khurde
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:qtqkqy
Removed Stream! C:\WINDOWS\FUJIGOLF.DAT:hspcgh
Removed Stream! C:\WINDOWS\gchsf.dat:dhdike
Removed Stream! C:\WINDOWS\gkxjm.txt:whwoeo
Removed Stream! C:\WINDOWS\Greenstone.bmp:athhik
Removed Stream! C:\WINDOWS\Greenstone.bmp:cdkitd
Removed Stream! C:\WINDOWS\hlare.log:ntkrmg
Removed Stream! C:\WINDOWS\hpoins01.dat:sadfmc
Removed Stream! C:\WINDOWS\IE4 Error Log.txt:gudegj
Removed Stream! C:\WINDOWS\IE4 Error Log.txt:nentpq
Removed Stream! C:\WINDOWS\IE4 Error Log.txt:suaucu
Removed Stream! C:\WINDOWS\IIS6.LOG:lawsom
Removed Stream! C:\WINDOWS\imsins.BAK:gxggra
Removed Stream! C:\WINDOWS\imsins.BAK:zaxbov
Removed Stream! C:\WINDOWS\imsins.log:dvlzxe
Removed Stream! C:\WINDOWS\Instlog.lyt:vboyiw
Removed Stream! C:\WINDOWS\jautoexp.dat:agdyoc
Removed Stream! C:\WINDOWS\ka.ini:pjecxq
Removed Stream! C:\WINDOWS\KB821557.log:auasfw
Removed Stream! C:\WINDOWS\KB823182.log:cbitci
Removed Stream! C:\WINDOWS\KB823182.log:kuljdg
Removed Stream! C:\WINDOWS\KB824141.log:gdsiej
Removed Stream! C:\WINDOWS\KB828035.log:olqnrg
Removed Stream! C:\WINDOWS\KB828741.log:ndmeyd
Removed Stream! C:\WINDOWS\KB833987.log:uwouzb
Removed Stream! C:\WINDOWS\KB835732.log:bliwmu
Removed Stream! C:\WINDOWS\KB835732.log:tdaswv
Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:nxgzud
Removed Stream! C:\WINDOWS\KB839645.log:lesgqy
Removed Stream! C:\WINDOWS\KB839645.log:umabge
Removed Stream! C:\WINDOWS\KB840374.log:ywpxvq
Removed Stream! C:\WINDOWS\KB840987.log:mftgip
Removed Stream! C:\WINDOWS\KB840987.log:snmlhe
Removed Stream! C:\WINDOWS\KB840987.log:urcnyq
Removed Stream! C:\WINDOWS\KB841356.log:bwfbfy
Removed Stream! C:\WINDOWS\KB842773.log:egmucr
Removed Stream! C:\WINDOWS\KB842773.log:fsvtsb
Removed Stream! C:\WINDOWS\KB842773.log:knfrko
Removed Stream! C:\WINDOWS\KB842773.log:uxxghi
Removed Stream! C:\WINDOWS\KB867282-IE6SP1-20050127.163319.log:jyaprd
Removed Stream! C:\WINDOWS\KB871250.log:ecfgln
Removed Stream! C:\WINDOWS\KB873333.log:mpiubt
Removed Stream! C:\WINDOWS\KB873333.log:xkngml
Removed Stream! C:\WINDOWS\KB873376.log:bykvtn
Removed Stream! C:\WINDOWS\KB885250.log:fqazdv
Removed Stream! C:\WINDOWS\KB885250.log:plylon
Removed Stream! C:\WINDOWS\KB888113.log:pdqyhi
Removed Stream! C:\WINDOWS\KB890047.log:zwbebk
Removed Stream! C:\WINDOWS\mpcjs.dat:pgcdck
Removed Stream! C:\WINDOWS\muyvk.txt:qbtezh
Removed Stream! C:\WINDOWS\nckcb.dat:ivcyht
Removed Stream! C:\WINDOWS\ntbtlog.txt:jcmjcs
Removed Stream! C:\WINDOWS\ntdtcsetup.log:xsvglf
Removed Stream! C:\WINDOWS\n_dkkssb.txt:bcxpwu
Removed Stream! C:\WINDOWS\n_eeweys.log:lyywgq
Removed Stream! C:\WINDOWS\n_fiutrd.log:eyjbab
Removed Stream! C:\WINDOWS\n_opftfh.dat:vxmzqz
Removed Stream! C:\WINDOWS\n_tuetim.log:gzqknm
Removed Stream! C:\WINDOWS\n_vyprdx.log:udpcye
Removed Stream! C:\WINDOWS\n_wqmjxc.dat:qaixhx
Removed Stream! C:\WINDOWS\n_zauwqn.log:ityzhr
Removed Stream! C:\WINDOWS\n_zcsktz.dat:mneotd
Removed Stream! C:\WINDOWS\OCGEN.LOG:auqekc
Removed Stream! C:\WINDOWS\OCMSN.LOG:dogbfu
Removed Stream! C:\WINDOWS\ODBC.INI:egpunf
Removed Stream! C:\WINDOWS\OEWABLog.txt:snbkee
Removed Stream! C:\WINDOWS\okzen.log:oghzpq
Removed Stream! C:\WINDOWS\olqnr.dat:gqrubh
Removed Stream! C:\WINDOWS\OpPrintServer.INI:lmaygf
Removed Stream! C:\WINDOWS\OpPrintServer.INI:lnuxgp
Removed Stream! C:\WINDOWS\orun32.ini:aidsn
Removed Stream! C:\WINDOWS\orun32.isu:yiczvs
Removed Stream! C:\WINDOWS\pi2000.ini:ensdih
Removed Stream! C:\WINDOWS\pi2000.ini:jlvsor
Removed Stream! C:\WINDOWS\PowerReg.dat:pgwowc
Removed Stream! C:\WINDOWS\PowerReg.dat:umzlkl
Removed Stream! C:\WINDOWS\PowerReg.dat:xnsaut
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:gvcukk
Removed Stream! C:\WINDOWS\progman.ini:nnrqeo
Removed Stream! C:\WINDOWS\pvbgg.txt:pkoizd
Removed Stream! C:\WINDOWS\Q329115.log:rxfegf
Removed Stream! C:\WINDOWS\Q329170.log:irjgrt
Removed Stream! C:\WINDOWS\Q329390.log:icdzsa
Removed Stream! C:\WINDOWS\Q329390.log:jngkib
Removed Stream! C:\WINDOWS\Q329834.log:asbltv
Removed Stream! C:\WINDOWS\Q329834.log:hsbbaf
Removed Stream! C:\WINDOWS\Q329834.log:kxxkah
Removed Stream! C:\WINDOWS\Q810577.log:ltmzog
Removed Stream! C:\WINDOWS\Q811493.log:ldojon
Removed Stream! C:\WINDOWS\Q811493.log:uojvev
Removed Stream! C:\WINDOWS\Q811630.log:dncmsk
Removed Stream! C:\WINDOWS\Q811630.log:jteuxs
Removed Stream! C:\WINDOWS\Q814033.log:dteeqq
Removed Stream! C:\WINDOWS\Q815021.log:dezxix
Removed Stream! C:\WINDOWS\Q815021.log:npciyy
Removed Stream! C:\WINDOWS\Q817606.log:cuwzzc
Removed Stream! C:\WINDOWS\Q828026.log:jwgpoh
Removed Stream! C:\WINDOWS\rrbef.txt:tdzlpw
Removed Stream! C:\WINDOWS\rrm46.dat:ntcpqh
Removed Stream! C:\WINDOWS\rrm46.dat:vuhiku
Removed Stream! C:\WINDOWS\rvfqc.dat:mybnmf
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:nwasrb
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:okhmjk
Removed Stream! C:\WINDOWS\SchedLgU.Txt:ezutgp
Removed Stream! C:\WINDOWS\sepsd.bin:dcuryj
Removed Stream! C:\WINDOWS\sepsd.bin:fwtylm
Removed Stream! C:\WINDOWS\sessmgr.setup.log:linorh
Removed Stream! C:\WINDOWS\setupact.log:toorfl
Removed Stream! C:\WINDOWS\setupapi.old:cygrxe
Removed Stream! C:\WINDOWS\setupapi.old:tiogjd
Removed Stream! C:\WINDOWS\setuperr.log:gbmyno
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:qsabvj
Removed Stream! C:\WINDOWS\smscfg.ini:zceepr
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:hkbrjp
Removed Stream! C:\WINDOWS\svcpack.log:ittgpt
Removed Stream! C:\WINDOWS\System.ini:bulurd
Removed Stream! C:\WINDOWS\ulxku.log:kdkxsv
Removed Stream! C:\WINDOWS\updspapi.log:tmwzmg
Removed Stream! C:\WINDOWS\UPGRADE.TXT:jckodp
Removed Stream! C:\WINDOWS\UPGRADE.TXT:rnvbei
Removed Stream! C:\WINDOWS\VeggieMysteryIsland.ini:knnhgt
Removed Stream! C:\WINDOWS\vminst.log:nfgnjs
Removed Stream! C:\WINDOWS\VTruck1.ini:uoymav
Removed Stream! C:\WINDOWS\WIASERVC.LOG:mhqrcf
Removed Stream! C:\WINDOWS\WindowsUpdate.log:llmbsh
Removed Stream! C:\WINDOWS\WINNT.BMP:fwcdpa
Removed Stream! C:\WINDOWS\wmsetup.log:vmxmou
Removed Stream! C:\WINDOWS\WMSysPrx.prx:qynvln
Removed Stream! C:\WINDOWS\wsdu.log:ofizie
Removed Stream! C:\WINDOWS\xaieo.dat:jqybfx
Removed Stream! C:\WINDOWS\yfvsm.log:jluvxm
Removed Stream! C:\WINDOWS\Zapotec.bmp:nrahen
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:igracv
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:pfzvil
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:qimtap
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:xegpga
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:afctwb
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:bnjggg
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:bxucoc
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:cdgujc
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:cwgtpe
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:cyovis
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:dfsopq
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:djwllq
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:dxhyad
Removed Stream! C:\WINDOWS\{4217090E-48A0-4A43-8BE3-09C41B05316F}.dat:eiyafe

Removed File! : C:\Windows\dclbw.dat
Removed File! : C:\Windows\dgcrp.dat
Removed File! : C:\Windows\dsrml.dll
Removed File! : C:\Windows\fcnyx.dll
Removed File! : C:\Windows\gchsf.dat
Removed File! : C:\Windows\gmcgc.dat
Removed File! : C:\Windows\jrrfq.dll
Removed File! : C:\Windows\kefbp.dll
Removed File! : C:\Windows\kfyps.dll
Removed File! : C:\Windows\khtql.dat
Removed File! : C:\Windows\kzoel.dat
Removed File! : C:\Windows\lbxij.dat
Removed File! : C:\Windows\lhdzy.dat
Removed File! : C:\Windows\lkoka.dll
Removed File! : C:\Windows\mnmwv.dll
Removed File! : C:\Windows\mpcjs.dat
Removed File! : C:\Windows\mpgfv.dll
Removed File! : C:\Windows\nrqeo.dll
Removed File! : C:\Windows\olqnr.dat
Removed File! : C:\Windows\pfsor.dat
Removed File! : C:\Windows\qjyhj.dat
Removed File! : C:\Windows\qwrrh.dll
Removed File! : C:\Windows\rvfqc.dat
Removed File! : C:\Windows\scqmk.dat
Removed File! : C:\Windows\squjr.dat
Removed File! : C:\Windows\svvyn.dat
Removed File! : C:\Windows\tbjhg.dat
Removed File! : C:\Windows\tbmfn.dll
Removed File! : C:\Windows\tuved.dat
Removed File! : C:\Windows\tvpbe.dat
Removed File! : C:\Windows\wequb.dll
Removed File! : C:\Windows\witus.dat
Removed File! : C:\Windows\wmcpj.dll
Removed File! : C:\Windows\wqhpv.dat
Removed File! : C:\Windows\wybvh.dat
Removed File! : C:\Windows\xaieo.dat
Removed File! : C:\Windows\xqvdy.dat
Removed File! : C:\Windows\xxsqk.dll
Removed File! : C:\Windows\xyswe.dat
Removed File! : C:\Windows\yipul.dat
Removed File! : C:\Windows\ynycl.dat
Removed File! : C:\Windows\yodej.dll
Removed File! : C:\Windows\ysuup.dat
Removed File! : C:\Windows\yxnmg.dll
Removed File! : C:\Windows\yzjsg.dll
Removed File! : C:\Windows\zejhw.dat
Removed File! : C:\Windows\zfiml.dll
Removed File! : C:\Windows\System32\aeneu.dll
Removed File! : C:\Windows\System32\agkdu.dat
Removed File! : C:\Windows\System32\awfxr.dat
Removed File! : C:\Windows\System32\bnisi.dll
Removed File! : C:\Windows\System32\cchim.dll
Removed File! : C:\Windows\System32\ctexb.dat
Removed File! : C:\Windows\System32\dekpq.dll
Removed File! : C:\Windows\System32\efkwe.dat
Removed File! : C:\Windows\System32\ehbhy.dat
Removed File! : C:\Windows\System32\eskct.dat
Removed File! : C:\Windows\System32\fivdy.dat
Removed File! : C:\Windows\System32\fnqgj.dat
Removed File! : C:\Windows\System32\gtvhu.dll
Removed File! : C:\Windows\System32\hrpdf.dll
Removed File! : C:\Windows\System32\ievfr.dll
Removed File! : C:\Windows\System32\ifztz.dll
Removed File! : C:\Windows\System32\iglpn.dat
Removed File! : C:\Windows\System32\ipjyd.dat
Removed File! : C:\Windows\System32\itckt.dll
Removed File! : C:\Windows\System32\kjmpf.dll
Removed File! : C:\Windows\System32\kjrfy.dll
Removed File! : C:\Windows\System32\ljidm.dat
Removed File! : C:\Windows\System32\lvmag.dat
Removed File! : C:\Windows\System32\mkths.dat
Removed File! : C:\Windows\System32\nybyi.dat
Removed File! : C:\Windows\System32\otcxg.dat
Removed File! : C:\Windows\System32\pcuqs.dll
Removed File! : C:\Windows\System32\qbpij.dat
Removed File! : C:\Windows\System32\qpbqy.dat
Removed File! : C:\Windows\System32\rjbuf.dat
Removed File! : C:\Windows\System32\rvhfc.dat
Removed File! : C:\Windows\System32\thzns.dll
Removed File! : C:\Windows\System32\trepr.dat
Removed File! : C:\Windows\System32\uxfmz.dll
Removed File! : C:\Windows\System32\wknjg.dat
Removed File! : C:\Windows\System32\wqpyn.dll
Removed File! : C:\Windows\System32\xeawz.dat
Removed File! : C:\Windows\System32\xeowg.dat
Removed File! : C:\Windows\System32\zajhl.dat

Scan was COMPLETED SUCCESSFULLY at 11:41:21 AM

Buckeye_Sam · June 2005

Good job! It looks like the HSA is gone. Now let's get the rest of it.

Please download and install Cleanup 4.0, but don't run it yet.
http://cleanup.stevengould.org/

===============================================

Download Newuninst.exe
http://www.thatcomputerguy.us/downloads/newuninst.exe

Double click on 'Newuninst.exe' and press *Uninstall*. Let it run and when the progress bar says *complete* you can then press *close*. You must be online to have this work and do not block any attempts for the program to connect to internet if your firewall requests access. It will just run and then close.

==============================================

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [fkH] C:\documents and settings\jane\local settings\temp\fkH.exe
O4 - HKLM\..\Run: [Aq] C:\documents and settings\jane\local settings\temp\Aq.exe
O4 - HKLM\..\Run: [UXxrK] C:\documents and settings\jane\local settings\temp\UXxrK.exe
O4 - HKLM\..\Run: [e4c886eda7bf] C:\WINDOWS\System32\ADVAPI32.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\LsxI52.exe
O4 - HKLM\..\Run: [7MmXwl] C:\documents and settings\jane\local settings\temp\7MmXwl.exe
O4 - HKLM\..\Run: [U30e] C:\documents and settings\jane\local settings\temp\U30e.exe
O4 - HKLM\..\Run: [2EX8F7K2JTGJNT] C:\WINDOWS\System32\Dpk5Y.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09a94e5...ip/RdxIE601.cab

Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\System32\Dpk5Y.exe
C:\WINDOWS\System32\LsxI52.exe
C:\WINDOWS\System32\ADVAPI32.exe
C:\Program Files\MyPoints_PointAlert

Run CleanUp that you downloaded and installed earlier. This will clean out your temp files.

Reboot your computer to go back to normal mode and post a new log.

Mento · June 2005

Okie dokie. I did what you said, however, when I tried to delete the app advapi32.exe, it said "access is denied, make sure the disk is not copyrighted, etc." I didn't have anything except my computer running, and I was also in safe mode. Other than that, no other hang-ups. Here's the newest HJTlog. Again, thank you so much for your help.

Logfile of HijackThis v1.99.1
Scan saved at 2:28:30 PM, on 6/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Documents and Settings\Paige\Desktop\HijackThis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_834/sdcregie.cab
O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/builds/mypoints/mypt800_301.cab
O16 - DPF: {4B6E165B-1085-4550-A4E4-7C6D874AD96B} - http://www.topmoxie.com/external/builds/mypoints/mypt800.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Buckeye_Sam · June 2005

I recommend uninstalling Spyware Cleaner. It is a rogue program.

http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Did you decide to keep this program?

O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"

Check this link for more info on this program.
http://castlecops.com/s2375-MyPointsPointAlert.html

Fix these lines with Hijackthis:

O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/bu...mypt800_301.cab
O16 - DPF: {4B6E165B-1085-4550-A4E4-7C6D874AD96B} - http://www.topmoxie.com/external/bu...nts/mypt800.cab

Please run at least two of these online scans.
Make sure they are set to clean automatically:

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.

Reboot and post a new hijackthis log and the info from your virus scans.

Enjoywebsurf has taken over!

Comments