Options
Help! Shopping Wizard, Search Extender & Home Search Assistent
Hi,
I'm a first time poster, please bear with me. I'm kinda computer illiterate (sp?) so am apprehensive about manually deleted things. I got hijacked by spysheriff and it downloaded these other malwares that I can't get rid of. My Norton kept telling me I had a trojan.adclicker, but couldn't do anything about it. I tried to run Trend Micro's houseclean online scan several times, but the few times it made it through the scan and I tried to fix or clean what it found, I got an error message that IE performed an illegal operation and was shut down. Then I tried Panda's online scan. It seemed to work okay so I downloaded the trial version and have run it. I've run spybot and it comes up clean. I've downloaded Ad-Aware, but when I try to scan, it always seems to get hung up (busy...). I've downloaded Hijack this and about:Buster and unzipped them into the same folder (C:\hijack this) . I read your tutorial for getting rid of shopping wizard and followed along up to hard booting in safe mode, running Hijack this, comparing logs but then I balk at checkin things to fix them. Based on your tutorial, here is what I think I should have checked to have fixed by HJT:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [sdkdc.exe] C:\WINDOWS\system32\sdkdc.exe
O4 - HKLM\..\Run: [17F1.tmp] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
O4 - HKLM\..\Run: [17F1.tmp.exe] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
Please look at my entire HJT log and let me know what you think. Would this do it or mess me up?
Thanks in advance - Tomster
Logfile of HijackThis v1.99.1
Scan saved at 6:06:49 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
C:\Program Files\Panda Software\AVTC\PavKRE.exe
C:\Program Files\Panda Software\AVTC\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Panda Software\AVTC\CPntSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\borland\interbase\Bin\IBGuard.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\AVTC\PavSrv51.exe
C:\Program Files\Panda Software\AVTC\AVENGINE.EXE
C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
C:\Program Files\Panda Software\AVTC\PnmSrv.exe
C:\Program Files\Panda Software\AVTC\PsImSvc.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Documents\common files\tlmgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\borland\interbase\Bin\IBServer.exe
C:\Program Files\Panda Software\AVTC\ClShield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\Program Files\Panda Software\AVTC\SRVLOAD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\All Users\Documents\common files\tlmgrconsole.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\sdkdc.exe
C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\SABRE\Apps\ATS\SSSClnt.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Panda Software\AVTC\WebProxy.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\netfj32.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=
O2 - BHO: Class - {477B7AAD-0649-5E89-9CE8-C2D797FBBFCE} - C:\WINDOWS\system32\addvm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {64756197-0912-3C45-8035-BCD345804020} - C:\WINDOWS\system32\winos.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {7FD19601-50AB-2F2B-5D99-C8FA44F668F7} - C:\WINDOWS\winer.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TRAMSLicenseManagerConsole] "C:\Documents and Settings\All Users\Documents\common files\tlmgrconsole.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [sdkdc.exe] C:\WINDOWS\system32\sdkdc.exe
O4 - HKLM\..\Run: [17F1.tmp] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
O4 - HKLM\..\Run: [17F1.tmp.exe] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\AVTC\ClShield.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE
O4 - HKCU\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\eVoya\JServer.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Sabre Printing Start.lnk = ?
O4 - Global Startup: Sabre Server.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.941994343435869&file=stamps.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/controls/iptdweb/ikcntrls.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: TPLogon - TPLogon.dll (file missing)
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netfj32.exe" /s (file missing)
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Panda NetworkSecure Service (CPntSrv) - Panda Software - C:\Program Files\Panda Software\AVTC\CPntSrv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Interbase Guardian (InterbaseGuardian) - Inprise Corporation - C:\Program Files\borland\interbase\Bin\IBGuard.EXE
O23 - Service: Interbase Server (InterbaseServer) - Inprise Corporation - C:\Program Files\borland\interbase\Bin\IBServer.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software - C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
O23 - Service: Panda PavKRE (PavKRE) - Panda Software - C:\Program Files\Panda Software\AVTC\PavKRE.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\AVTC\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software - C:\Program Files\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Panda Firewall Service (PnmSrv) - Panda Software - C:\Program Files\Panda Software\AVTC\PnmSrv.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVTC\PsImSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TRAMS License Manager (TRAMSLicenseManager) - TRAMS, Inc. - C:\Documents and Settings\All Users\Documents\common files\tlmgr.exe
I'm a first time poster, please bear with me. I'm kinda computer illiterate (sp?) so am apprehensive about manually deleted things. I got hijacked by spysheriff and it downloaded these other malwares that I can't get rid of. My Norton kept telling me I had a trojan.adclicker, but couldn't do anything about it. I tried to run Trend Micro's houseclean online scan several times, but the few times it made it through the scan and I tried to fix or clean what it found, I got an error message that IE performed an illegal operation and was shut down. Then I tried Panda's online scan. It seemed to work okay so I downloaded the trial version and have run it. I've run spybot and it comes up clean. I've downloaded Ad-Aware, but when I try to scan, it always seems to get hung up (busy...). I've downloaded Hijack this and about:Buster and unzipped them into the same folder (C:\hijack this) . I read your tutorial for getting rid of shopping wizard and followed along up to hard booting in safe mode, running Hijack this, comparing logs but then I balk at checkin things to fix them. Based on your tutorial, here is what I think I should have checked to have fixed by HJT:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [sdkdc.exe] C:\WINDOWS\system32\sdkdc.exe
O4 - HKLM\..\Run: [17F1.tmp] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
O4 - HKLM\..\Run: [17F1.tmp.exe] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
Please look at my entire HJT log and let me know what you think. Would this do it or mess me up?
Thanks in advance - Tomster
Logfile of HijackThis v1.99.1
Scan saved at 6:06:49 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
C:\Program Files\Panda Software\AVTC\PavKRE.exe
C:\Program Files\Panda Software\AVTC\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Panda Software\AVTC\CPntSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\borland\interbase\Bin\IBGuard.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\AVTC\PavSrv51.exe
C:\Program Files\Panda Software\AVTC\AVENGINE.EXE
C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
C:\Program Files\Panda Software\AVTC\PnmSrv.exe
C:\Program Files\Panda Software\AVTC\PsImSvc.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Documents\common files\tlmgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\borland\interbase\Bin\IBServer.exe
C:\Program Files\Panda Software\AVTC\ClShield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\Program Files\Panda Software\AVTC\SRVLOAD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\All Users\Documents\common files\tlmgrconsole.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\sdkdc.exe
C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\SABRE\Apps\ATS\SSSClnt.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Panda Software\AVTC\WebProxy.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\netfj32.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mtkia.dll/sp.html#12047%resultposition.net
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=
O2 - BHO: Class - {477B7AAD-0649-5E89-9CE8-C2D797FBBFCE} - C:\WINDOWS\system32\addvm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {64756197-0912-3C45-8035-BCD345804020} - C:\WINDOWS\system32\winos.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {7FD19601-50AB-2F2B-5D99-C8FA44F668F7} - C:\WINDOWS\winer.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TRAMSLicenseManagerConsole] "C:\Documents and Settings\All Users\Documents\common files\tlmgrconsole.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [sdkdc.exe] C:\WINDOWS\system32\sdkdc.exe
O4 - HKLM\..\Run: [17F1.tmp] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
O4 - HKLM\..\Run: [17F1.tmp.exe] C:\DOCUME~1\TOMBRU~1\LOCALS~1\Temp\17F1.tmp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\AVTC\ClShield.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE
O4 - HKCU\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\eVoya\JServer.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Sabre Printing Start.lnk = ?
O4 - Global Startup: Sabre Server.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.941994343435869&file=stamps.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/controls/iptdweb/ikcntrls.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: TPLogon - TPLogon.dll (file missing)
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netfj32.exe" /s (file missing)
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Panda NetworkSecure Service (CPntSrv) - Panda Software - C:\Program Files\Panda Software\AVTC\CPntSrv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Interbase Guardian (InterbaseGuardian) - Inprise Corporation - C:\Program Files\borland\interbase\Bin\IBGuard.EXE
O23 - Service: Interbase Server (InterbaseServer) - Inprise Corporation - C:\Program Files\borland\interbase\Bin\IBServer.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software - C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
O23 - Service: Panda PavKRE (PavKRE) - Panda Software - C:\Program Files\Panda Software\AVTC\PavKRE.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\AVTC\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software - C:\Program Files\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Panda Firewall Service (PnmSrv) - Panda Software - C:\Program Files\Panda Software\AVTC\PnmSrv.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVTC\PsImSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TRAMS License Manager (TRAMSLicenseManager) - TRAMS, Inc. - C:\Documents and Settings\All Users\Documents\common files\tlmgr.exe
0