Options
Home Search & Shopping Wizard Help Please
Ran Ad-Aware and Spybot but problem still exists. Would appreciate any advice. Thank You.
By the way...Great Forum!
User Name: jomidi
Logfile of HijackThis v1.99.1
Scan saved at 8:54:53 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MSREMO~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\mssi.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\jomidi\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\system32\msmr32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32
\fdjej.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32
\fdjej.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\tdphk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32
\fdjej.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {83241F15-A38D-4603-9874-0E32E3A2D544} - C:\WINDOWS\ntrl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\ipsf32.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program
Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -
osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe
c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [sdkwc.exe] C:\WINDOWS\system32\sdkwc.exe
O4 - HKLM\..\RunOnce: [apibc32.exe] C:\WINDOWS\system32\apibc32.exe
O4 - HKLM\..\RunOnce: [javaxk32.exe] C:\WINDOWS\system32\javaxk32.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\system32\netkq32.exe
O4 - HKLM\..\RunOnce: [d3vc.exe] C:\WINDOWS\d3vc.exe
O4 - HKLM\..\RunOnce: [addxn32.exe] C:\WINDOWS\addxn32.exe
O4 - HKLM\..\RunOnce: [crah.exe] C:\WINDOWS\system32\crah.exe
O4 - HKLM\..\RunOnce: [apihg32.exe] C:\WINDOWS\apihg32.exe
O4 - HKLM\..\RunOnce: [appzk.exe] C:\WINDOWS\system32\appzk.exe
O4 - HKLM\..\RunOnce: [sdkhl.exe] C:\WINDOWS\sdkhl.exe
O4 - HKLM\..\RunOnce: [iplh32.exe] C:\WINDOWS\iplh32.exe
O4 - HKLM\..\RunOnce: [apihq32.exe] C:\WINDOWS\system32\apihq32.exe
O4 - HKLM\..\RunOnce: [ieyi32.exe] C:\WINDOWS\system32\ieyi32.exe
O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\system32\winip32.exe
O4 - HKLM\..\RunOnce: [sysud.exe] C:\WINDOWS\sysud.exe
O4 - HKLM\..\RunOnce: [d3uk32.exe] C:\WINDOWS\system32\d3uk32.exe
O4 - HKLM\..\RunOnce: [msmr32.exe] C:\WINDOWS\system32\msmr32.exe
O4 - HKLM\..\RunOnce: [ntrl.exe] C:\WINDOWS\ntrl.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program
Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF:
START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?
s=consumerfav&c=1c02&lc=0409
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) -
https://portal.morganstanley.com/llclient/portalna/winxp/AXXPEE.dll,DanaInfo=hqinvpn3,SSL,CT
=java+
O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE} (CHSInstaller Class) -
http://www.compaq.com/athome/support/PCHInstallTrust01.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
http://entimg.msn.com/client/msnmusax3028.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -
http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E00243EB-5B0B-4092-B2B9-8B3F239E5713}: Domain =
ms.com
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program
Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard -
C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook
Utilities\HPWirelessMgr.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\MSREMO~1
\NetCfgSv.EXE
By the way...Great Forum!
User Name: jomidi
Logfile of HijackThis v1.99.1
Scan saved at 8:54:53 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MSREMO~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\mssi.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\jomidi\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\system32\msmr32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32
\fdjej.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32
\fdjej.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\tdphk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32
\fdjej.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {83241F15-A38D-4603-9874-0E32E3A2D544} - C:\WINDOWS\ntrl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\ipsf32.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program
Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -
osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe
c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [sdkwc.exe] C:\WINDOWS\system32\sdkwc.exe
O4 - HKLM\..\RunOnce: [apibc32.exe] C:\WINDOWS\system32\apibc32.exe
O4 - HKLM\..\RunOnce: [javaxk32.exe] C:\WINDOWS\system32\javaxk32.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\system32\netkq32.exe
O4 - HKLM\..\RunOnce: [d3vc.exe] C:\WINDOWS\d3vc.exe
O4 - HKLM\..\RunOnce: [addxn32.exe] C:\WINDOWS\addxn32.exe
O4 - HKLM\..\RunOnce: [crah.exe] C:\WINDOWS\system32\crah.exe
O4 - HKLM\..\RunOnce: [apihg32.exe] C:\WINDOWS\apihg32.exe
O4 - HKLM\..\RunOnce: [appzk.exe] C:\WINDOWS\system32\appzk.exe
O4 - HKLM\..\RunOnce: [sdkhl.exe] C:\WINDOWS\sdkhl.exe
O4 - HKLM\..\RunOnce: [iplh32.exe] C:\WINDOWS\iplh32.exe
O4 - HKLM\..\RunOnce: [apihq32.exe] C:\WINDOWS\system32\apihq32.exe
O4 - HKLM\..\RunOnce: [ieyi32.exe] C:\WINDOWS\system32\ieyi32.exe
O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\system32\winip32.exe
O4 - HKLM\..\RunOnce: [sysud.exe] C:\WINDOWS\sysud.exe
O4 - HKLM\..\RunOnce: [d3uk32.exe] C:\WINDOWS\system32\d3uk32.exe
O4 - HKLM\..\RunOnce: [msmr32.exe] C:\WINDOWS\system32\msmr32.exe
O4 - HKLM\..\RunOnce: [ntrl.exe] C:\WINDOWS\ntrl.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program
Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF:
START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?
s=consumerfav&c=1c02&lc=0409
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) -
https://portal.morganstanley.com/llclient/portalna/winxp/AXXPEE.dll,DanaInfo=hqinvpn3,SSL,CT
=java+
O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE} (CHSInstaller Class) -
http://www.compaq.com/athome/support/PCHInstallTrust01.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
http://entimg.msn.com/client/msnmusax3028.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -
http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E00243EB-5B0B-4092-B2B9-8B3F239E5713}: Domain =
ms.com
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program
Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard -
C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook
Utilities\HPWirelessMgr.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\MSREMO~1
\NetCfgSv.EXE
0
Comments
Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.
Please print out these instructions.
Step 1
Download CWShredder but don't run it yet.
Step 2
Download AboutBuster
Unzip it to your desktop but don't run it yet.
Step 3
Download Ad-aware SE 1.06
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.
Step 5
Make sure that you can VIEW ALL HIDDEN FILES.
Step 6
Reboot your computer into SAFE MODE
Step 7
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\tdphk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\fdjej.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {83241F15-A38D-4603-9874-0E32E3A2D544} - C:\WINDOWS\ntrl.dll
O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\ipsf32.dll
O4 - HKLM\..\Run: [mssi.exe] C:\WINDOWS\mssi.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [sdkwc.exe] C:\WINDOWS\system32\sdkwc.exe
O4 - HKLM\..\RunOnce: [apibc32.exe] C:\WINDOWS\system32\apibc32.exe
O4 - HKLM\..\RunOnce: [javaxk32.exe] C:\WINDOWS\system32\javaxk32.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\system32\netkq32.exe
O4 - HKLM\..\RunOnce: [d3vc.exe] C:\WINDOWS\d3vc.exe
O4 - HKLM\..\RunOnce: [addxn32.exe] C:\WINDOWS\addxn32.exe
O4 - HKLM\..\RunOnce: [crah.exe] C:\WINDOWS\system32\crah.exe
O4 - HKLM\..\RunOnce: [apihg32.exe] C:\WINDOWS\apihg32.exe
O4 - HKLM\..\RunOnce: [appzk.exe] C:\WINDOWS\system32\appzk.exe
O4 - HKLM\..\RunOnce: [sdkhl.exe] C:\WINDOWS\sdkhl.exe
O4 - HKLM\..\RunOnce: [iplh32.exe] C:\WINDOWS\iplh32.exe
O4 - HKLM\..\RunOnce: [apihq32.exe] C:\WINDOWS\system32\apihq32.exe
O4 - HKLM\..\RunOnce: [ieyi32.exe] C:\WINDOWS\system32\ieyi32.exe
O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\system32\winip32.exe
O4 - HKLM\..\RunOnce: [sysud.exe] C:\WINDOWS\sysud.exe
O4 - HKLM\..\RunOnce: [d3uk32.exe] C:\WINDOWS\system32\d3uk32.exe
O4 - HKLM\..\RunOnce: [msmr32.exe] C:\WINDOWS\system32\msmr32.exe
O4 - HKLM\..\RunOnce: [ntrl.exe] C:\WINDOWS\ntrl.exe
Step 8
Now run CWShredder, making sure to click "Fix".
Step 9
Delete these files or directories (Do not be concerned if they do not exist)
C:\WINDOWS\system32\fdjej.dll
C:\WINDOWS\ntrl.dll
C:\WINDOWS\system32\ipsf32.dll
C:\WINDOWS\mssi.exe
C:\WINDOWS\system32\sdkwc.exe
C:\WINDOWS\system32\apibc32.exe
C:\WINDOWS\system32\javaxk32.exe
C:\WINDOWS\system32\netkq32.exe
C:\WINDOWS\d3vc.exe
C:\WINDOWS\addxn32.exe
C:\WINDOWS\system32\crah.exe
C:\WINDOWS\apihg32.exe
C:\WINDOWS\system32\appzk.exe
C:\WINDOWS\sdkhl.exe
C:\WINDOWS\iplh32.exe
C:\WINDOWS\system32\apihq32.exe
C:\WINDOWS\system32\ieyi32.exe
C:\WINDOWS\system32\winip32.exe
C:\WINDOWS\sysud.exe
C:\WINDOWS\system32\d3uk32.exe
C:\WINDOWS\system32\msmr32.exe
C:\WINDOWS\ntrl.exe
Step 10
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Step 11
Run a full scan with Adaware.
Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.