Options

Eric- HSA log- Needing help, please :)

Unknown
edited October 2005 in Spyware & Virus Removal
A quick question before the log- I've been using the very helpful HSA removal tutorial, but when I go to find "Services.msc" in Run, it says it can't find it or any of it's components. Any thoughts on what might be going on there?

On to the log-

Logfile of HijackThis v1.99.1
Scan saved at 3:37:20 PM, on 9/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {6F61BA9A-5EA1-7903-5454-DCA081431490} - C:\WINDOWS\D3YW32.DLL
O2 - BHO: Class - {2A7363DF-C45A-5954-477D-0C78AF4A207C} - C:\WINDOWS\ATLTK.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {6C6535B8-0E28-10F8-F18F-4A14786EF2AB} - C:\WINDOWS\WINTQ32.DLL
O2 - BHO: Class - {563DCE88-75DB-95E7-58A3-CADCD2ABD78D} - C:\WINDOWS\SYSTEM\MSJE32.DLL
O2 - BHO: Class - {194D64FC-3C15-A259-1488-97B822B61F45} - C:\WINDOWS\SYSTEM\SDKSY.DLL
O2 - BHO: Class - {455B7C3B-BCAA-9FA5-A3E8-C0A5ABC09CDF} - C:\WINDOWS\SYSTEM\D3VA32.DLL
O2 - BHO: Class - {42B7CFF8-A757-D31D-1B76-9B9401F53679} - C:\WINDOWS\NETFU.DLL
O2 - BHO: Class - {D3698457-5E93-2115-32A6-711A2255B851} - C:\WINDOWS\SYSTEM\ADDKD32.DLL
O2 - BHO: Class - {7CE655C4-4035-EAD3-AA4B-B249B2321E71} - C:\WINDOWS\SYSTEM\NETBN.DLL
O2 - BHO: Class - {B872ADF3-31FE-E674-3365-21EDB13DD5A1} - C:\WINDOWS\SYSTEM\D3NB.DLL
O2 - BHO: Class - {30CF258B-877E-D68F-75DB-04254FA4477D} - C:\WINDOWS\SYSSC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {9971458F-29E5-772B-D55C-E681993738D1} - C:\WINDOWS\ADDPP32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ADDHJ32.EXE] C:\WINDOWS\ADDHJ32.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TabletService] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [NTRZ.EXE] C:\WINDOWS\NTRZ.EXE /s
O4 - HKLM\..\RunServices: [CRJI.EXE] C:\WINDOWS\CRJI.EXE /s
O4 - HKLM\..\RunServices: [SDKGK.EXE] C:\WINDOWS\SYSTEM\SDKGK.EXE /s
O4 - HKLM\..\RunServices: [SDKQK32.EXE] C:\WINDOWS\SYSTEM\SDKQK32.EXE /s
O4 - HKLM\..\RunServices: [JAVADZ.EXE] C:\WINDOWS\SYSTEM\JAVADZ.EXE /s
O4 - HKLM\..\RunServices: [APPYK.EXE] C:\WINDOWS\APPYK.EXE /s
O4 - HKLM\..\RunServices: [ADDXP.EXE] C:\WINDOWS\SYSTEM\ADDXP.EXE /s
O4 - HKLM\..\RunServices: [ATLVT32.EXE] C:\WINDOWS\SYSTEM\ATLVT32.EXE /s
O4 - HKLM\..\RunServices: [NTMG.EXE] C:\WINDOWS\SYSTEM\NTMG.EXE /s
O4 - HKLM\..\RunServices: [ATLSJ32.EXE] C:\WINDOWS\ATLSJ32.EXE /s
O4 - HKLM\..\RunServices: [NTAY.EXE] C:\WINDOWS\NTAY.EXE /s
O4 - HKLM\..\RunServices: [NTYO.EXE] C:\WINDOWS\SYSTEM\NTYO.EXE /s
O4 - HKLM\..\RunServices: [D3ON32.EXE] C:\WINDOWS\SYSTEM\D3ON32.EXE /s
O4 - HKLM\..\RunServices: [NTKT.EXE] C:\WINDOWS\SYSTEM\NTKT.EXE /s
O4 - HKLM\..\RunServices: [NETGU32.EXE] C:\WINDOWS\NETGU32.EXE /s
O4 - HKLM\..\RunServices: [D3JT32.EXE] C:\WINDOWS\SYSTEM\D3JT32.EXE /s
O4 - HKLM\..\RunServices: [WINII.EXE] C:\WINDOWS\WINII.EXE /s
O4 - HKLM\..\RunServices: [D3MU.EXE] C:\WINDOWS\D3MU.EXE /s
O4 - HKLM\..\RunServices: [APIZI.EXE] C:\WINDOWS\APIZI.EXE /s
O4 - HKLM\..\RunServices: [MFCXG.EXE] C:\WINDOWS\MFCXG.EXE /s
O4 - HKLM\..\RunServices: [WINNY32.EXE] C:\WINDOWS\WINNY32.EXE /s
O4 - HKLM\..\RunServices: [ADDXK.EXE] C:\WINDOWS\SYSTEM\ADDXK.EXE /s
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM\Wtablet\TabUserW.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv3.view22.com/view22/app/view22rte.cab


Using the tutorial a lot of this seems obvious as to what to fix, but some of it I'm not clear on at all.

Thanks so much or your assistance on this! :)

Comments

  • Shadow2018Shadow2018 Northwest Missouri
    edited September 2005
    You will need to print these instructions for your reference as most of this Removal process must be done in safe mode where you will not have access to the internet.
    (Skip the steps if you have already performed them)

    1. Download CWShredder. Save it to your desktop and extract the files to your desktop.
    Exit CWShredder for now.

    2. Download aboutbuster. Save it to your desktop and extract the files to your desktop.
    Exit aboutbuster for now.

    3. Download Ad-Aware SE 1.06 . Save the setup file to your desktop. Run the setup file and place a shortcut on your desktop. Open Ad-Aware and click check for updates>click connect. Click download updates if updates are available.

    4. Make all hidden files viewable .

    5. Boot up into safe mode. To enter safe mode> reboot> tap the f8 button at the start up screen>select safe mode from the menu.

    6. Run Hijack this and place a checkmark next to the following entries. Click “Fix Checked”:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vohju.dll/sp.html#12047
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {6F61BA9A-5EA1-7903-5454-DCA081431490} - C:\WINDOWS\D3YW32.DLL
    O2 - BHO: Class - {2A7363DF-C45A-5954-477D-0C78AF4A207C} - C:\WINDOWS\ATLTK.DLL
    O2 - BHO: Class - {6C6535B8-0E28-10F8-F18F-4A14786EF2AB} - C:\WINDOWS\WINTQ32.DLL
    O2 - BHO: Class - {563DCE88-75DB-95E7-58A3-CADCD2ABD78D} - C:\WINDOWS\SYSTEM\MSJE32.DLL
    O2 - BHO: Class - {194D64FC-3C15-A259-1488-97B822B61F45} - C:\WINDOWS\SYSTEM\SDKSY.DLL
    O2 - BHO: Class - {455B7C3B-BCAA-9FA5-A3E8-C0A5ABC09CDF} - C:\WINDOWS\SYSTEM\D3VA32.DLL
    O2 - BHO: Class - {42B7CFF8-A757-D31D-1B76-9B9401F53679} - C:\WINDOWS\NETFU.DLL
    O2 - BHO: Class - {D3698457-5E93-2115-32A6-711A2255B851} - C:\WINDOWS\SYSTEM\ADDKD32.DLL
    O2 - BHO: Class - {7CE655C4-4035-EAD3-AA4B-B249B2321E71} - C:\WINDOWS\SYSTEM\NETBN.DLL
    O2 - BHO: Class - {B872ADF3-31FE-E674-3365-21EDB13DD5A1} - C:\WINDOWS\SYSTEM\D3NB.DLL
    O2 - BHO: Class - {30CF258B-877E-D68F-75DB-04254FA4477D} - C:\WINDOWS\SYSSC.DLL
    O4 - HKLM\..\Run: [ADDHJ32.EXE] C:\WINDOWS\ADDHJ32.EXE
    O4 - HKLM\..\RunServices: [NTRZ.EXE] C:\WINDOWS\NTRZ.EXE /s
    O4 - HKLM\..\RunServices: [CRJI.EXE] C:\WINDOWS\CRJI.EXE /s
    O4 - HKLM\..\RunServices: [SDKGK.EXE] C:\WINDOWS\SYSTEM\SDKGK.EXE /s
    O4 - HKLM\..\RunServices: [SDKQK32.EXE] C:\WINDOWS\SYSTEM\SDKQK32.EXE /s
    O4 - HKLM\..\RunServices: [JAVADZ.EXE] C:\WINDOWS\SYSTEM\JAVADZ.EXE /s
    O4 - HKLM\..\RunServices: [APPYK.EXE] C:\WINDOWS\APPYK.EXE /s
    O4 - HKLM\..\RunServices: [ADDXP.EXE] C:\WINDOWS\SYSTEM\ADDXP.EXE /s
    O4 - HKLM\..\RunServices: [ATLVT32.EXE] C:\WINDOWS\SYSTEM\ATLVT32.EXE /s
    O4 - HKLM\..\RunServices: [NTMG.EXE] C:\WINDOWS\SYSTEM\NTMG.EXE /s
    O4 - HKLM\..\RunServices: [ATLSJ32.EXE] C:\WINDOWS\ATLSJ32.EXE /s
    O4 - HKLM\..\RunServices: [NTAY.EXE] C:\WINDOWS\NTAY.EXE /s
    O4 - HKLM\..\RunServices: [NTYO.EXE] C:\WINDOWS\SYSTEM\NTYO.EXE /s
    O4 - HKLM\..\RunServices: [D3ON32.EXE] C:\WINDOWS\SYSTEM\D3ON32.EXE /s
    O4 - HKLM\..\RunServices: [NTKT.EXE] C:\WINDOWS\SYSTEM\NTKT.EXE /s
    O4 - HKLM\..\RunServices: [NETGU32.EXE] C:\WINDOWS\NETGU32.EXE /s
    O4 - HKLM\..\RunServices: [D3JT32.EXE] C:\WINDOWS\SYSTEM\D3JT32.EXE /s
    O4 - HKLM\..\RunServices: [WINII.EXE] C:\WINDOWS\WINII.EXE /s
    O4 - HKLM\..\RunServices: [D3MU.EXE] C:\WINDOWS\D3MU.EXE /s
    O4 - HKLM\..\RunServices: [APIZI.EXE] C:\WINDOWS\APIZI.EXE /s
    O4 - HKLM\..\RunServices: [MFCXG.EXE] C:\WINDOWS\MFCXG.EXE /s
    O4 - HKLM\..\RunServices: [WINNY32.EXE] C:\WINDOWS\WINNY32.EXE /s
    O4 - HKLM\..\RunServices: [ADDXK.EXE] C:\WINDOWS\SYSTEM\ADDXK.EXE /s


    7. Run CWShredder which you downloaded in step 1. Click the “Fix” button.

    8. Now delete these files or directories if they exist:

    C:\WINDOWS\system\vohju.dll
    C:\WINDOWS\D3YW32.DLL
    C:\WINDOWS\ATLTK.DLL
    C:\WINDOWS\WINTQ32.DLL
    C:\WINDOWS\SYSTEM\MSJE32.DLL
    C:\WINDOWS\SYSTEM\SDKSY.DLL
    C:\WINDOWS\SYSTEM\D3VA32.DLL
    C:\WINDOWS\NETFU.DLL
    C:\WINDOWS\SYSTEM\ADDKD32.DLL
    C:\WINDOWS\SYSTEM\NETBN.DLL
    C:\WINDOWS\SYSTEM\D3NB.DLL
    C:\WINDOWS\SYSSC.DLL
    C:\WINDOWS\ADDHJ32.EXE
    C:\WINDOWS\NTRZ.EXE
    C:\WINDOWS\CRJI.EXE
    C:\WINDOWS\SYSTEM\SDKGK.EXE
    C:\WINDOWS\SYSTEM\SDKQK32.EXE
    C:\WINDOWS\SYSTEM\JAVADZ.EXE
    C:\WINDOWS\APPYK.EXE
    C:\WINDOWS\SYSTEM\ADDXP.EXE
    C:\WINDOWS\SYSTEM\ATLVT32.EXE
    C:\WINDOWS\SYSTEM\NTMG.EXE
    C:\WINDOWS\ATLSJ32.EXE
    C:\WINDOWS\NTAY.EXE
    C:\WINDOWS\SYSTEM\NTYO.EXE
    C:\WINDOWS\SYSTEM\D3ON32.EXE
    C:\WINDOWS\SYSTEM\NTKT.EXE
    C:\WINDOWS\NETGU32.EXE
    C:\WINDOWS\WINII.EXE
    C:\WINDOWS\D3MU.EXE
    C:\WINDOWS\APIZI.EXE
    C:\WINDOWS\MFCXG.EXE
    C:\WINDOWS\WINNY32.EXE
    C:\WINDOWS\SYSTEM\ADDXK.EXE


    9. Run aboutbuster which you downloaded in step 2. Click ok>start>ok. Copy and paste the results of the aboutbuster scan to notepad. Save this as a .txt file.

    10. Run a “full system scan" with Ad-Aware SE. Remove all files found.

    11. Reboot and post a new Hijack This log with the results of the aboutbuster scan.
  • Eric
    edited September 2005
    Thank you for your reply on this. I'll post a log as soon as I can. It may take a day or two as I'm in the middle of a number of deadlines. And I'll be sure to find this thread and bump it rather than start a new one.

    Thanks again! :)
  • Eric
    edited September 2005
    Well, I did as you suggested and with that here's the log from the aboutbuster scan-
    AboutBuster 5.0 reference file 28
    Scan started on [9/26/05] at [10:36:00 PM]
    Streams(ADS) not scanned: System not NTFS
    Removed File! : C:\Windows\izjuc.dat
    Removed File! : C:\Windows\tltyo.dat
    Removed File! : C:\Windows\ltdvjf.dat
    Removed File! : C:\Windows\exnqn.dat
    Removed File! : C:\Windows\oipzwl.dat
    Removed File! : C:\Windows\zgbmg.dat
    Removed File! : C:\Windows\dwixvc.dat
    Removed File! : C:\Windows\nxscx.dat
    Removed File! : C:\Windows\vxzpel.dat
    Scan was COMPLETED SUCCESSFULLY at 10:36:04 PM


    I ran Adaware and didn't find anything other than some mru hits. Which Adaware says aren't a threat. But I ran Spybot after that and it did find some Coolwebsearch and other (can't recall the name) hits. I got rid of them but are they gone for good now?

    Anyway, thanks again for your help. I guess we'll just have to wait and see if anything new shows up. I'll check in here later to see if you get a chance to reply.

    Eric
  • Eric
    edited September 2005
    I went back and had another look and I still have about:blank for Explorer's home page and I'm still getting pop ups, so I guess I missed something. I did another Hijack This scan and here's the log-
    Logfile of HijackThis v1.99.1
    Scan saved at 11:28:57 PM, on 9/26/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R3 - Default URLSearchHook is missing
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Class - {9971458F-29E5-772B-D55C-E681993738D1} - C:\WINDOWS\ADDPP32.DLL
    O2 - BHO: Class - {869AC35F-5F1A-ABC7-04D4-AA0D80E2EF03} - C:\WINDOWS\SYSTEM\SYSLQ32.DLL
    O2 - BHO: Class - {F1A16D01-6E18-B984-B2B4-58741C35C427} - C:\WINDOWS\SYSTEM\NTUT32.DLL
    O2 - BHO: Class - {7091E7AC-9792-0B02-E2FF-3EAF307B875C} - C:\WINDOWS\ADDND.DLL
    O2 - BHO: Class - {E3BB4043-FA6F-22B1-A3F6-2EFEADF8316E} - C:\WINDOWS\SYSTEM\APIGU32.DLL
    O2 - BHO: Class - {DA961EB4-D503-2B8A-69AB-C4905735F48D} - C:\WINDOWS\ATLPJ32.DLL
    O2 - BHO: Class - {D1FABFA3-12FE-6B59-88D3-1CA0B4FC7374} - C:\WINDOWS\SYSTEM\ADDSV.DLL
    O2 - BHO: Class - {A0B1BB32-2A5E-E376-CBA9-120065D755BD} - C:\WINDOWS\SYSTEM\ATLNQ32.DLL
    O2 - BHO: Class - {07B1BC0C-374C-D7B7-5A20-7204FBD57457} - C:\WINDOWS\SYSTEM\JAVAJK.DLL
    O2 - BHO: Class - {CAEA8CD1-03BD-C448-732E-0309C92E677F} - C:\WINDOWS\SYSTEM\JAVAMM.DLL
    O2 - BHO: Class - {382544E1-147D-F605-A678-BBD18A0F3232} - C:\WINDOWS\APIVH.DLL
    O2 - BHO: Class - {DA211C7E-80D9-4852-98A8-572088007AC3} - C:\WINDOWS\WINJU.DLL
    O2 - BHO: Class - {E433A46E-2FD1-792D-709B-F788A00AC431} - C:\WINDOWS\MFCHB32.DLL
    O2 - BHO: Class - {CB868F46-633A-4D25-2B7C-44B2B654D1C7} - C:\WINDOWS\SDKYE32.DLL
    O2 - BHO: Class - {56A8C663-874D-4D49-A514-C7F1D1B06635} - C:\WINDOWS\NETGX.DLL
    O2 - BHO: Class - {3EC51367-FA39-1261-3090-522B4BFA5214} - C:\WINDOWS\MFCLD32.DLL
    O2 - BHO: Class - {146169FD-5A25-DF9C-CAF3-92CC3D405620} - C:\WINDOWS\CRNW32.DLL
    O2 - BHO: Class - {DB570B79-743D-68F0-283C-84D9FC4283C2} - C:\WINDOWS\SYSTEM\ADDGH.DLL
    O2 - BHO: Class - {57139321-BFB2-894C-9C21-AA3CBF02AC36} - C:\WINDOWS\NTSV.DLL
    O2 - BHO: Class - {78D32403-C993-B552-A98C-01511980B33D} - C:\WINDOWS\APIRF32.DLL
    O2 - BHO: Class - {0FD330D5-D102-3F23-69CD-43366CD32156} - C:\WINDOWS\SYSTEM\ATLUM32.DLL
    O2 - BHO: Class - {EEAE7FC1-32EA-E091-86B0-FFA76484875A} - C:\WINDOWS\SYSTEM\IEHG.DLL
    O2 - BHO: Class - {A1A2F8F0-3992-55E5-A766-063F5284DA73} - C:\WINDOWS\SYSTEM\NTNI32.DLL
    O2 - BHO: Class - {78AFF2F8-E6CE-9B55-9F05-5E6558B36A94} - C:\WINDOWS\MSFE.DLL
    O2 - BHO: Class - {3366A681-63B6-7915-C2CB-2CC4EF3E7DB2} - C:\WINDOWS\SYSTEM\APPQB32.DLL
    O2 - BHO: Class - {3ADBDF49-47B7-70B8-7E62-B9F953421BB1} - C:\WINDOWS\SYSTEM\NTLZ32.DLL
    O2 - BHO: Class - {EB3D8D2D-50C0-C45C-AAF4-AC97F26F8602} - C:\WINDOWS\ADDAX.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [ADDHJ32.EXE] C:\WINDOWS\ADDHJ32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [TabletService] C:\WINDOWS\SYSTEM\Tablet.exe
    O4 - HKLM\..\RunServices: [ATLBL.EXE] C:\WINDOWS\SYSTEM\ATLBL.EXE /s
    O4 - HKLM\..\RunServices: [NTJY32.EXE] C:\WINDOWS\SYSTEM\NTJY32.EXE /s
    O4 - HKLM\..\RunServices: [WINOR.EXE] C:\WINDOWS\WINOR.EXE /s
    O4 - HKLM\..\RunServices: [JAVARJ32.EXE] C:\WINDOWS\JAVARJ32.EXE /s
    O4 - HKLM\..\RunServices: [MFCUC.EXE] C:\WINDOWS\MFCUC.EXE /s
    O4 - HKLM\..\RunServices: [SDKQH.EXE] C:\WINDOWS\SDKQH.EXE /s
    O4 - HKLM\..\RunServices: [ATLTA32.EXE] C:\WINDOWS\ATLTA32.EXE /s
    O4 - HKLM\..\RunServices: [ADDKK.EXE] C:\WINDOWS\ADDKK.EXE /s
    O4 - HKLM\..\RunServices: [NETQN.EXE] C:\WINDOWS\SYSTEM\NETQN.EXE /s
    O4 - HKLM\..\RunServices: [IPFV.EXE] C:\WINDOWS\IPFV.EXE /s
    O4 - HKLM\..\RunServices: [CRGF.EXE] C:\WINDOWS\SYSTEM\CRGF.EXE /s
    O4 - HKLM\..\RunServices: [CREV.EXE] C:\WINDOWS\SYSTEM\CREV.EXE /s
    O4 - HKLM\..\RunServices: [D3VU.EXE] C:\WINDOWS\D3VU.EXE /s
    O4 - HKLM\..\RunServices: [D3SS.EXE] C:\WINDOWS\SYSTEM\D3SS.EXE /s
    O4 - HKLM\..\RunServices: [ADDLH.EXE] C:\WINDOWS\ADDLH.EXE /s
    O4 - HKLM\..\RunServices: [MFCFX32.EXE] C:\WINDOWS\SYSTEM\MFCFX32.EXE /s
    O4 - HKLM\..\RunServices: [SDKVK.EXE] C:\WINDOWS\SYSTEM\SDKVK.EXE /s
    O4 - HKLM\..\RunServices: [MSCO.EXE] C:\WINDOWS\MSCO.EXE /s
    O4 - HKLM\..\RunServices: [IEWM32.EXE] C:\WINDOWS\SYSTEM\IEWM32.EXE /s
    O4 - HKLM\..\RunServices: [NTRZ.EXE] C:\WINDOWS\NTRZ.EXE /s
    O4 - HKLM\..\RunServices: [D3MU.EXE] C:\WINDOWS\D3MU.EXE /s
    O4 - HKLM\..\RunServices: [ADDXK.EXE] C:\WINDOWS\SYSTEM\ADDXK.EXE /s
    O4 - HKLM\..\RunServices: [MFCXG.EXE] C:\WINDOWS\MFCXG.EXE /s
    O4 - HKLM\..\RunServices: [WINNY32.EXE] C:\WINDOWS\WINNY32.EXE /s
    O4 - HKLM\..\RunServices: [CRJI.EXE] C:\WINDOWS\CRJI.EXE /s
    O4 - HKLM\..\RunServices: [WINII.EXE] C:\WINDOWS\WINII.EXE /s
    O4 - HKLM\..\RunServices: [ATLSJ32.EXE] C:\WINDOWS\ATLSJ32.EXE /s
    O4 - HKLM\..\RunServices: [IEUU32.EXE] C:\WINDOWS\SYSTEM\IEUU32.EXE /s
    O4 - HKLM\..\RunServices: [NTKT.EXE] C:\WINDOWS\SYSTEM\NTKT.EXE /s
    O4 - HKLM\..\RunServices: [JAVADZ.EXE] C:\WINDOWS\SYSTEM\JAVADZ.EXE /s
    O4 - HKLM\..\RunServices: [ADDXP.EXE] C:\WINDOWS\SYSTEM\ADDXP.EXE /s
    O4 - HKLM\..\RunServices: [ATLDP32.EXE] C:\WINDOWS\SYSTEM\ATLDP32.EXE /s
    O4 - HKLM\..\RunServices: [APPBF32.EXE] C:\WINDOWS\SYSTEM\APPBF32.EXE /s
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM\Wtablet\TabUserW.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv3.view22.com/view22/app/view22rte.cab


    I look forward to your feedback on this :)
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2005
    Repeat the steps that Shadow gave you in post #2, except these are the new files to delete:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lblcl.dll/sp.html#12047
    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: Class - {9971458F-29E5-772B-D55C-E681993738D1} - C:\WINDOWS\ADDPP32.DLL
    O2 - BHO: Class - {869AC35F-5F1A-ABC7-04D4-AA0D80E2EF03} - C:\WINDOWS\SYSTEM\SYSLQ32.DLL
    O2 - BHO: Class - {F1A16D01-6E18-B984-B2B4-58741C35C427} - C:\WINDOWS\SYSTEM\NTUT32.DLL
    O2 - BHO: Class - {7091E7AC-9792-0B02-E2FF-3EAF307B875C} - C:\WINDOWS\ADDND.DLL
    O2 - BHO: Class - {E3BB4043-FA6F-22B1-A3F6-2EFEADF8316E} - C:\WINDOWS\SYSTEM\APIGU32.DLL
    O2 - BHO: Class - {DA961EB4-D503-2B8A-69AB-C4905735F48D} - C:\WINDOWS\ATLPJ32.DLL
    O2 - BHO: Class - {D1FABFA3-12FE-6B59-88D3-1CA0B4FC7374} - C:\WINDOWS\SYSTEM\ADDSV.DLL
    O2 - BHO: Class - {A0B1BB32-2A5E-E376-CBA9-120065D755BD} - C:\WINDOWS\SYSTEM\ATLNQ32.DLL
    O2 - BHO: Class - {07B1BC0C-374C-D7B7-5A20-7204FBD57457} - C:\WINDOWS\SYSTEM\JAVAJK.DLL
    O2 - BHO: Class - {CAEA8CD1-03BD-C448-732E-0309C92E677F} - C:\WINDOWS\SYSTEM\JAVAMM.DLL
    O2 - BHO: Class - {382544E1-147D-F605-A678-BBD18A0F3232} - C:\WINDOWS\APIVH.DLL
    O2 - BHO: Class - {DA211C7E-80D9-4852-98A8-572088007AC3} - C:\WINDOWS\WINJU.DLL
    O2 - BHO: Class - {E433A46E-2FD1-792D-709B-F788A00AC431} - C:\WINDOWS\MFCHB32.DLL
    O2 - BHO: Class - {CB868F46-633A-4D25-2B7C-44B2B654D1C7} - C:\WINDOWS\SDKYE32.DLL
    O2 - BHO: Class - {56A8C663-874D-4D49-A514-C7F1D1B06635} - C:\WINDOWS\NETGX.DLL
    O2 - BHO: Class - {3EC51367-FA39-1261-3090-522B4BFA5214} - C:\WINDOWS\MFCLD32.DLL
    O2 - BHO: Class - {146169FD-5A25-DF9C-CAF3-92CC3D405620} - C:\WINDOWS\CRNW32.DLL
    O2 - BHO: Class - {DB570B79-743D-68F0-283C-84D9FC4283C2} - C:\WINDOWS\SYSTEM\ADDGH.DLL
    O2 - BHO: Class - {57139321-BFB2-894C-9C21-AA3CBF02AC36} - C:\WINDOWS\NTSV.DLL
    O2 - BHO: Class - {78D32403-C993-B552-A98C-01511980B33D} - C:\WINDOWS\APIRF32.DLL
    O2 - BHO: Class - {0FD330D5-D102-3F23-69CD-43366CD32156} - C:\WINDOWS\SYSTEM\ATLUM32.DLL
    O2 - BHO: Class - {EEAE7FC1-32EA-E091-86B0-FFA76484875A} - C:\WINDOWS\SYSTEM\IEHG.DLL
    O2 - BHO: Class - {A1A2F8F0-3992-55E5-A766-063F5284DA73} - C:\WINDOWS\SYSTEM\NTNI32.DLL
    O2 - BHO: Class - {78AFF2F8-E6CE-9B55-9F05-5E6558B36A94} - C:\WINDOWS\MSFE.DLL
    O2 - BHO: Class - {3366A681-63B6-7915-C2CB-2CC4EF3E7DB2} - C:\WINDOWS\SYSTEM\APPQB32.DLL
    O2 - BHO: Class - {3ADBDF49-47B7-70B8-7E62-B9F953421BB1} - C:\WINDOWS\SYSTEM\NTLZ32.DLL
    O2 - BHO: Class - {EB3D8D2D-50C0-C45C-AAF4-AC97F26F8602} - C:\WINDOWS\ADDAX.DLL

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [ADDHJ32.EXE] C:\WINDOWS\ADDHJ32.EXE

    O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe

    O4 - HKLM\..\RunServices: [TabletService] C:\WINDOWS\SYSTEM\Tablet.exe
    O4 - HKLM\..\RunServices: [ATLBL.EXE] C:\WINDOWS\SYSTEM\ATLBL.EXE /s
    O4 - HKLM\..\RunServices: [NTJY32.EXE] C:\WINDOWS\SYSTEM\NTJY32.EXE /s
    O4 - HKLM\..\RunServices: [WINOR.EXE] C:\WINDOWS\WINOR.EXE /s
    O4 - HKLM\..\RunServices: [JAVARJ32.EXE] C:\WINDOWS\JAVARJ32.EXE /s
    O4 - HKLM\..\RunServices: [MFCUC.EXE] C:\WINDOWS\MFCUC.EXE /s
    O4 - HKLM\..\RunServices: [SDKQH.EXE] C:\WINDOWS\SDKQH.EXE /s
    O4 - HKLM\..\RunServices: [ATLTA32.EXE] C:\WINDOWS\ATLTA32.EXE /s
    O4 - HKLM\..\RunServices: [ADDKK.EXE] C:\WINDOWS\ADDKK.EXE /s
    O4 - HKLM\..\RunServices: [NETQN.EXE] C:\WINDOWS\SYSTEM\NETQN.EXE /s
    O4 - HKLM\..\RunServices: [IPFV.EXE] C:\WINDOWS\IPFV.EXE /s
    O4 - HKLM\..\RunServices: [CRGF.EXE] C:\WINDOWS\SYSTEM\CRGF.EXE /s
    O4 - HKLM\..\RunServices: [CREV.EXE] C:\WINDOWS\SYSTEM\CREV.EXE /s
    O4 - HKLM\..\RunServices: [D3VU.EXE] C:\WINDOWS\D3VU.EXE /s
    O4 - HKLM\..\RunServices: [D3SS.EXE] C:\WINDOWS\SYSTEM\D3SS.EXE /s
    O4 - HKLM\..\RunServices: [ADDLH.EXE] C:\WINDOWS\ADDLH.EXE /s
    O4 - HKLM\..\RunServices: [MFCFX32.EXE] C:\WINDOWS\SYSTEM\MFCFX32.EXE /s
    O4 - HKLM\..\RunServices: [SDKVK.EXE] C:\WINDOWS\SYSTEM\SDKVK.EXE /s
    O4 - HKLM\..\RunServices: [MSCO.EXE] C:\WINDOWS\MSCO.EXE /s
    O4 - HKLM\..\RunServices: [IEWM32.EXE] C:\WINDOWS\SYSTEM\IEWM32.EXE /s
    O4 - HKLM\..\RunServices: [NTRZ.EXE] C:\WINDOWS\NTRZ.EXE /s
    O4 - HKLM\..\RunServices: [D3MU.EXE] C:\WINDOWS\D3MU.EXE /s
    O4 - HKLM\..\RunServices: [ADDXK.EXE] C:\WINDOWS\SYSTEM\ADDXK.EXE /s
    O4 - HKLM\..\RunServices: [MFCXG.EXE] C:\WINDOWS\MFCXG.EXE /s
    O4 - HKLM\..\RunServices: [WINNY32.EXE] C:\WINDOWS\WINNY32.EXE /s
    O4 - HKLM\..\RunServices: [CRJI.EXE] C:\WINDOWS\CRJI.EXE /s
    O4 - HKLM\..\RunServices: [WINII.EXE] C:\WINDOWS\WINII.EXE /s
    O4 - HKLM\..\RunServices: [ATLSJ32.EXE] C:\WINDOWS\ATLSJ32.EXE /s
    O4 - HKLM\..\RunServices: [IEUU32.EXE] C:\WINDOWS\SYSTEM\IEUU32.EXE /s
    O4 - HKLM\..\RunServices: [NTKT.EXE] C:\WINDOWS\SYSTEM\NTKT.EXE /s
    O4 - HKLM\..\RunServices: [JAVADZ.EXE] C:\WINDOWS\SYSTEM\JAVADZ.EXE /s
    O4 - HKLM\..\RunServices: [ADDXP.EXE] C:\WINDOWS\SYSTEM\ADDXP.EXE /s
    O4 - HKLM\..\RunServices: [ATLDP32.EXE] C:\WINDOWS\SYSTEM\ATLDP32.EXE /s
    O4 - HKLM\..\RunServices: [APPBF32.EXE] C:\WINDOWS\SYSTEM\APPBF32.EXE /s

    O4 - Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM\Wtablet\TabUserW.exe

    Then reboot, download AVG Antivirus from GRIsoft. It's free.

    Install it, update it, and do a full scan.

    I would stop using Norton. AVG is better, and it's free. Uninstall norton when you're done, because having two antivirus programs are going to slow you down. If you prefer to keep norton, unistall AVH.

    Reboot and post a new log when you are done with all this.
  • Eric
    edited October 2005
    Well, I did another pass with Hijack This and followed your instructions. Here's tonight's HJT log-
    Logfile of HijackThis v1.99.1
    Scan saved at 11:12:54 PM, on 10/3/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MSJH.EXE
    C:\WINDOWS\NETGF.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    R3 - Default URLSearchHook is missing
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Class - {E66A5AA0-04CF-AD1D-CD73-93FD1C2DCF61} - C:\WINDOWS\SYSTEM\MSOA.DLL
    O2 - BHO: Class - {04D1DF3C-C625-0315-0875-A232686AFD1F} - C:\WINDOWS\SYSTEM\APIPN32.DLL
    O2 - BHO: Class - {97628768-41ED-6507-A805-94EA959624D8} - C:\WINDOWS\SYSTEM\CRBL.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [MSJH.EXE] C:\WINDOWS\SYSTEM\MSJH.EXE /s
    O4 - HKLM\..\RunServices: [NETGF.EXE] C:\WINDOWS\NETGF.EXE /s
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv3.view22.com/view22/app/view22rte.cab

    Thanks again for your help on this :) I'll be sure to follow up on this thread and I'll post an update if I find things are still wonky.
Sign In or Register to comment.