hijack this log...........help please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cooma

Thread Starter
Joined
Dec 1, 2001
Messages
88
could someone please look at this.........................had 3 [email protected] w32.blasterworm

think i have fixed these...done all the virus scanning possible.....also ran spybot

pls help
 

cooma

Thread Starter
Joined
Dec 1, 2001
Messages
88
oops...might help

Logfile of HijackThis v1.97.2
Scan saved at 6:45:33 PM, on 9/13/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sam finocchiaro\My Documents\My Received Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra Big Pond Home
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe
O4 - HKCU\..\Run: [983280] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\983280.cpl
O4 - HKCU\..\Run: [852282] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852282.cpl
O4 - HKCU\..\Run: [852260] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852260.cpl
O4 - HKCU\..\Run: [721140] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\721140.cpl
O4 - HKCU\..\Run: [721114] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\721114.cpl
O4 - HKCU\..\Run: [66032] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66032.cpl
O4 - HKCU\..\Run: [65894] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65894.cpl
O4 - HKCU\..\Run: [65858] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65858.cpl
O4 - HKCU\..\Run: [65832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65832.cpl
O4 - HKCU\..\Run: [65816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65816.cpl
O4 - HKCU\..\Run: [65812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65812.cpl
O4 - HKCU\..\Run: [65810] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65810.cpl
O4 - HKCU\..\Run: [65806] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65806.cpl
O4 - HKCU\..\Run: [65804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65804.cpl
O4 - HKCU\..\Run: [65802] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65802.cpl
O4 - HKCU\..\Run: [65800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65800.cpl
O4 - HKCU\..\Run: [65798] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65798.cpl
O4 - HKCU\..\Run: [65796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65796.cpl
O4 - HKCU\..\Run: [65794] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65794.cpl
O4 - HKCU\..\Run: [65792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65792.cpl
O4 - HKCU\..\Run: [65790] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65790.cpl
O4 - HKCU\..\Run: [65788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65788.cpl
O4 - HKCU\..\Run: [65786] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65786.cpl
O4 - HKCU\..\Run: [65784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65784.cpl
O4 - HKCU\..\Run: [65782] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65782.cpl
O4 - HKCU\..\Run: [65780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65780.cpl
O4 - HKCU\..\Run: [65778] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65778.cpl
O4 - HKCU\..\Run: [65776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65776.cpl
O4 - HKCU\..\Run: [65774] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65774.cpl
O4 - HKCU\..\Run: [65770] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65770.cpl
O4 - HKCU\..\Run: [65768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65768.cpl
O4 - HKCU\..\Run: [655614] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655614.cpl
O4 - HKCU\..\Run: [655612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655612.cpl
O4 - HKCU\..\Run: [655594] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655594.cpl
O4 - HKCU\..\Run: [655586] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655586.cpl
O4 - HKCU\..\Run: [655574] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655574.cpl
O4 - HKCU\..\Run: [655550] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655550.cpl
O4 - HKCU\..\Run: [590058] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\590058.cpl
O4 - HKCU\..\Run: [590044] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\590044.cpl
O4 - HKCU\..\Run: [524600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524600.cpl
O4 - HKCU\..\Run: [524552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524552.cpl
O4 - HKCU\..\Run: [524550] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524550.cpl
O4 - HKCU\..\Run: [524534] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524534.cpl
O4 - HKCU\..\Run: [524532] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524532.cpl
O4 - HKCU\..\Run: [524508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524508.cpl
O4 - HKCU\..\Run: [524496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524496.cpl
O4 - HKCU\..\Run: [458998] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458998.cpl
O4 - HKCU\..\Run: [458988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458988.cpl
O4 - HKCU\..\Run: [458978] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458978.cpl
O4 - HKCU\..\Run: [458968] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458968.cpl
O4 - HKCU\..\Run: [458958] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458958.cpl
O4 - HKCU\..\Run: [458942] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458942.cpl
O4 - HKCU\..\Run: [458928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458928.cpl
O4 - HKCU\..\Run: [393718] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393718.cpl
O4 - HKCU\..\Run: [393466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393466.cpl
O4 - HKCU\..\Run: [393464] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393464.cpl
O4 - HKCU\..\Run: [393444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393444.cpl
O4 - HKCU\..\Run: [393438] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393438.cpl
O4 - HKCU\..\Run: [393424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393424.cpl
O4 - HKCU\..\Run: [393420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393420.cpl
O4 - HKCU\..\Run: [393392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393392.cpl
O4 - HKCU\..\Run: [328016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\328016.cpl
O4 - HKCU\..\Run: [327970] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327970.cpl
O4 - HKCU\..\Run: [327930] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327930.cpl
O4 - HKCU\..\Run: [327918] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327918.cpl
O4 - HKCU\..\Run: [327916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327916.cpl
O4 - HKCU\..\Run: [327912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327912.cpl
O4 - HKCU\..\Run: [327910] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327910.cpl
O4 - HKCU\..\Run: [327906] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327906.cpl
O4 - HKCU\..\Run: [327902] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327902.cpl
O4 - HKCU\..\Run: [327898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327898.cpl
O4 - HKCU\..\Run: [327896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327896.cpl
O4 - HKCU\..\Run: [327890] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327890.cpl
O4 - HKCU\..\Run: [262422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262422.cpl
O4 - HKCU\..\Run: [262412] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262412.cpl
O4 - HKCU\..\Run: [262404] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262404.cpl
O4 - HKCU\..\Run: [262402] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262402.cpl
O4 - HKCU\..\Run: [262400] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262400.cpl
O4 - HKCU\..\Run: [262398] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262398.cpl
O4 - HKCU\..\Run: [262392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262392.cpl
O4 - HKCU\..\Run: [262390] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262390.cpl
O4 - HKCU\..\Run: [262388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262388.cpl
O4 - HKCU\..\Run: [262384] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262384.cpl
O4 - HKCU\..\Run: [262380] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262380.cpl
O4 - HKCU\..\Run: [262372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262372.cpl
O4 - HKCU\..\Run: [262370] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262370.cpl
O4 - HKCU\..\Run: [262368] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262368.cpl
O4 - HKCU\..\Run: [262364] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262364.cpl
O4 - HKCU\..\Run: [262356] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262356.cpl
O4 - HKCU\..\Run: [262304] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262304.cpl
O4 - HKCU\..\Run: [2425008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2425008.cpl
O4 - HKCU\..\Run: [196936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196936.cpl
O4 - HKCU\..\Run: [196914] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196914.cpl
O4 - HKCU\..\Run: [196896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196896.cpl
O4 - HKCU\..\Run: [196886] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196886.cpl
O4 - HKCU\..\Run: [196880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196880.cpl
O4 - HKCU\..\Run: [196870] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196870.cpl
O4 - HKCU\..\Run: [196866] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196866.cpl
O4 - HKCU\..\Run: [196860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196860.cpl
O4 - HKCU\..\Run: [196858] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196858.cpl
O4 - HKCU\..\Run: [196856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196856.cpl
O4 - HKCU\..\Run: [196854] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196854.cpl
O4 - HKCU\..\Run: [196852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196852.cpl
O4 - HKCU\..\Run: [196850] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196850.cpl
O4 - HKCU\..\Run: [196848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196848.cpl
O4 - HKCU\..\Run: [196844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196844.cpl
O4 - HKCU\..\Run: [196842] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196842.cpl
O4 - HKCU\..\Run: [196840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196840.cpl
O4 - HKCU\..\Run: [196830] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196830.cpl
O4 - HKCU\..\Run: [196824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196824.cpl
O4 - HKCU\..\Run: [196816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196816.cpl
O4 - HKCU\..\Run: [196812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196812.cpl
O4 - HKCU\..\Run: [196782] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196782.cpl
O4 - HKCU\..\Run: [1704172] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1704172.cpl
O4 - HKCU\..\Run: [1638636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1638636.cpl
O4 - HKCU\..\Run: [1507558] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1507558.cpl
O4 - HKCU\..\Run: [1442000] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1442000.cpl
O4 - HKCU\..\Run: [1376510] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376510.cpl
O4 - HKCU\..\Run: [1376472] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376472.cpl
O4 - HKCU\..\Run: [131628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131628.cpl
O4 - HKCU\..\Run: [131424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131424.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [131408] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131408.cpl
O4 - HKCU\..\Run: [131394] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131394.cpl
O4 - HKCU\..\Run: [131386] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131386.cpl
O4 - HKCU\..\Run: [131382] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131382.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [131374] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131374.cpl
O4 - HKCU\..\Run: [131372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131372.cpl
O4 - HKCU\..\Run: [131370] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131370.cpl
O4 - HKCU\..\Run: [131364] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131364.cpl
O4 - HKCU\..\Run: [131354] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131354.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [131346] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131346.cpl
O4 - HKCU\..\Run: [131344] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131344.cpl
O4 - HKCU\..\Run: [131340] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131340.cpl
O4 - HKCU\..\Run: [131332] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131332.cpl
O4 - HKCU\..\Run: [131330] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131330.cpl
O4 - HKCU\..\Run: [131328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131328.cpl
O4 - HKCU\..\Run: [131326] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131326.cpl
O4 - HKCU\..\Run: [131324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131324.cpl
O4 - HKCU\..\Run: [131322] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131322.cpl
O4 - HKCU\..\Run: [131320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131320.cpl
O4 - HKCU\..\Run: [131318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131318.cpl
O4 - HKCU\..\Run: [131316] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131316.cpl
O4 - HKCU\..\Run: [131314] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131314.cpl
O4 - HKCU\..\Run: [131312] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131312.cpl
O4 - HKCU\..\Run: [131310] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131310.cpl
O4 - HKCU\..\Run: [131308] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131308.cpl
O4 - HKCU\..\Run: [131306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131306.cpl
O4 - HKCU\..\Run: [131304] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131304.cpl
O4 - HKCU\..\Run: [131302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131302.cpl
O4 - HKCU\..\Run: [131298] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131298.cpl
O4 - HKCU\..\Run: [131296] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131296.cpl
O4 - HKCU\..\Run: [131290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131290.cpl
O4 - HKCU\..\Run: [131284] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131284.cpl
O4 - HKCU\..\Run: [131282] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131282.cpl
O4 - HKCU\..\Run: [131278] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131278.cpl
O4 - HKCU\..\Run: [131258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131258.cpl
O4 - HKCU\..\Run: [131256] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131256.cpl
O4 - HKCU\..\Run: [131254] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131254.cpl
O4 - HKCU\..\Run: [1245390] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1245390.cpl
O4 - HKCU\..\Run: [1114360] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1114360.cpl
O4 - HKCU\..\Run: [1114358] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1114358.cpl
O4 - Startup: Norton Disk Doctor.LNK = D:\NU\NDD32.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Big Pond (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} (Installer Class) - http://www.tradeexit.com/Config.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81268B89-A8E9-4E31-8AE7-31A4C0A10D77}: NameServer = 203.194.27.57 203.194.56.150
 
Joined
Mar 9, 2003
Messages
4,699
OK, this is going to take some time, hang in there.
We are going to do this in several steps.
You say you got rid or all the virus?
 
Joined
Sep 10, 2003
Messages
76
i think the running process is all right~~~~~:D

but something like this is too bad:
O4 - HKCU\..\Run: [983280] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\983280.cpl
O4 - HKCU\..\Run: [852282] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852282.cpl
O4 - HKCU\..\Run: [852260] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852260.cpl
O4 - HKCU\..\Run: [721140] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\721140.cpl
O4 - HKCU\..\Run: [721114] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\721114.cpl


we will wait for the NiteHawk ,he is a superman !!

(y) :cool:
 
Joined
Mar 9, 2003
Messages
4,699
In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

O4 - HKCU\..\Run: [983280] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\983280.cpl
O4 - HKCU\..\Run: [852282] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852282.cpl
O4 - HKCU\..\Run: [852260] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852260.cpl
O4 - HKCU\..\Run: [721140] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\721140.cpl
O4 - HKCU\..\Run: [721114] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\721114.cpl
O4 - HKCU\..\Run: [66032] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66032.cpl
O4 - HKCU\..\Run: [65894] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65894.cpl
O4 - HKCU\..\Run: [65858] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65858.cpl
O4 - HKCU\..\Run: [65832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65832.cpl
O4 - HKCU\..\Run: [65816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65816.cpl
O4 - HKCU\..\Run: [65812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65812.cpl
O4 - HKCU\..\Run: [65810] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65810.cpl
O4 - HKCU\..\Run: [65806] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65806.cpl
O4 - HKCU\..\Run: [65804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65804.cpl
O4 - HKCU\..\Run: [65802] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65802.cpl
O4 - HKCU\..\Run: [65800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65800.cpl
O4 - HKCU\..\Run: [65798] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65798.cpl
O4 - HKCU\..\Run: [65796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65796.cpl
O4 - HKCU\..\Run: [65794] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65794.cpl
O4 - HKCU\..\Run: [65792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65792.cpl
O4 - HKCU\..\Run: [65790] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65790.cpl
O4 - HKCU\..\Run: [65788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65788.cpl
O4 - HKCU\..\Run: [65786] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65786.cpl
O4 - HKCU\..\Run: [65784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65784.cpl
O4 - HKCU\..\Run: [65782] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65782.cpl
O4 - HKCU\..\Run: [65780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65780.cpl
O4 - HKCU\..\Run: [65778] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65778.cpl
O4 - HKCU\..\Run: [65776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65776.cpl
O4 - HKCU\..\Run: [65774] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65774.cpl
O4 - HKCU\..\Run: [65770] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65770.cpl
O4 - HKCU\..\Run: [65768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\65768.cpl
O4 - HKCU\..\Run: [655614] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655614.cpl
O4 - HKCU\..\Run: [655612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655612.cpl
O4 - HKCU\..\Run: [655594] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655594.cpl
O4 - HKCU\..\Run: [655586] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655586.cpl
O4 - HKCU\..\Run: [655574] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655574.cpl
O4 - HKCU\..\Run: [655550] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\655550.cpl
O4 - HKCU\..\Run: [590058] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\590058.cpl
O4 - HKCU\..\Run: [590044] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\590044.cpl
O4 - HKCU\..\Run: [524600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524600.cpl
O4 - HKCU\..\Run: [524552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524552.cpl
O4 - HKCU\..\Run: [524550] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524550.cpl
O4 - HKCU\..\Run: [524534] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524534.cpl
O4 - HKCU\..\Run: [524532] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524532.cpl
O4 - HKCU\..\Run: [524508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524508.cpl
O4 - HKCU\..\Run: [524496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\524496.cpl
O4 - HKCU\..\Run: [458998] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458998.cpl
O4 - HKCU\..\Run: [458988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458988.cpl
O4 - HKCU\..\Run: [458978] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458978.cpl
O4 - HKCU\..\Run: [458968] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458968.cpl
O4 - HKCU\..\Run: [458958] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458958.cpl
O4 - HKCU\..\Run: [458942] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458942.cpl
O4 - HKCU\..\Run: [458928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\458928.cpl
O4 - HKCU\..\Run: [393718] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393718.cpl
O4 - HKCU\..\Run: [393466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393466.cpl
O4 - HKCU\..\Run: [393464] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393464.cpl
O4 - HKCU\..\Run: [393444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393444.cpl
O4 - HKCU\..\Run: [393438] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393438.cpl
O4 - HKCU\..\Run: [393424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393424.cpl
O4 - HKCU\..\Run: [393420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393420.cpl
O4 - HKCU\..\Run: [393392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\393392.cpl
O4 - HKCU\..\Run: [328016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\328016.cpl
O4 - HKCU\..\Run: [327970] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327970.cpl
O4 - HKCU\..\Run: [327930] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327930.cpl
O4 - HKCU\..\Run: [327918] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327918.cpl
O4 - HKCU\..\Run: [327916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327916.cpl
O4 - HKCU\..\Run: [327912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327912.cpl
O4 - HKCU\..\Run: [327910] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327910.cpl
O4 - HKCU\..\Run: [327906] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327906.cpl
O4 - HKCU\..\Run: [327902] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327902.cpl
O4 - HKCU\..\Run: [327898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327898.cpl
O4 - HKCU\..\Run: [327896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327896.cpl
O4 - HKCU\..\Run: [327890] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327890.cpl
O4 - HKCU\..\Run: [262422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262422.cpl
O4 - HKCU\..\Run: [262412] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262412.cpl
O4 - HKCU\..\Run: [262404] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262404.cpl
O4 - HKCU\..\Run: [262402] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262402.cpl
O4 - HKCU\..\Run: [262400] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262400.cpl
O4 - HKCU\..\Run: [262398] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262398.cpl
O4 - HKCU\..\Run: [262392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262392.cpl
O4 - HKCU\..\Run: [262390] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262390.cpl
O4 - HKCU\..\Run: [262388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262388.cpl
O4 - HKCU\..\Run: [262384] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262384.cpl
O4 - HKCU\..\Run: [262380] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262380.cpl
O4 - HKCU\..\Run: [262372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262372.cpl
O4 - HKCU\..\Run: [262370] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262370.cpl
O4 - HKCU\..\Run: [262368] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262368.cpl
O4 - HKCU\..\Run: [262364] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262364.cpl
O4 - HKCU\..\Run: [262356] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262356.cpl
O4 - HKCU\..\Run: [262304] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262304.cpl
O4 - HKCU\..\Run: [2425008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2425008.cpl
O4 - HKCU\..\Run: [196936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196936.cpl
O4 - HKCU\..\Run: [196914] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196914.cpl
O4 - HKCU\..\Run: [196896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196896.cpl
O4 - HKCU\..\Run: [196886] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196886.cpl
O4 - HKCU\..\Run: [196880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196880.cpl
O4 - HKCU\..\Run: [196870] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196870.cpl
O4 - HKCU\..\Run: [196866] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196866.cpl
O4 - HKCU\..\Run: [196860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196860.cpl
O4 - HKCU\..\Run: [196858] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196858.cpl
O4 - HKCU\..\Run: [196856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196856.cpl
O4 - HKCU\..\Run: [196854] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196854.cpl
O4 - HKCU\..\Run: [196852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196852.cpl
O4 - HKCU\..\Run: [196850] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196850.cpl
O4 - HKCU\..\Run: [196848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196848.cpl
O4 - HKCU\..\Run: [196844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196844.cpl
O4 - HKCU\..\Run: [196842] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196842.cpl
O4 - HKCU\..\Run: [196840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196840.cpl
O4 - HKCU\..\Run: [196830] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196830.cpl
O4 - HKCU\..\Run: [196824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196824.cpl
O4 - HKCU\..\Run: [196816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196816.cpl
O4 - HKCU\..\Run: [196812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196812.cpl
O4 - HKCU\..\Run: [196782] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196782.cpl
O4 - HKCU\..\Run: [1704172] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1704172.cpl
O4 - HKCU\..\Run: [1638636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1638636.cpl
O4 - HKCU\..\Run: [1507558] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1507558.cpl
O4 - HKCU\..\Run: [1442000] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1442000.cpl
O4 - HKCU\..\Run: [1376510] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376510.cpl
O4 - HKCU\..\Run: [1376472] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376472.cpl
O4 - HKCU\..\Run: [131628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131628.cpl
O4 - HKCU\..\Run: [131424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131424.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [131408] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131408.cpl
O4 - HKCU\..\Run: [131394] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131394.cpl
O4 - HKCU\..\Run: [131386] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131386.cpl
O4 - HKCU\..\Run: [131382] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131382.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [131374] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131374.cpl
O4 - HKCU\..\Run: [131372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131372.cpl
O4 - HKCU\..\Run: [131370] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131370.cpl
O4 - HKCU\..\Run: [131364] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131364.cpl
O4 - HKCU\..\Run: [131354] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131354.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [131346] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131346.cpl
O4 - HKCU\..\Run: [131344] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131344.cpl
O4 - HKCU\..\Run: [131340] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131340.cpl
O4 - HKCU\..\Run: [131332] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131332.cpl
O4 - HKCU\..\Run: [131330] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131330.cpl
O4 - HKCU\..\Run: [131328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131328.cpl
O4 - HKCU\..\Run: [131326] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131326.cpl
O4 - HKCU\..\Run: [131324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131324.cpl
O4 - HKCU\..\Run: [131322] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131322.cpl
O4 - HKCU\..\Run: [131320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131320.cpl
O4 - HKCU\..\Run: [131318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131318.cpl
O4 - HKCU\..\Run: [131316] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131316.cpl
O4 - HKCU\..\Run: [131314] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131314.cpl
O4 - HKCU\..\Run: [131312] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131312.cpl
O4 - HKCU\..\Run: [131310] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131310.cpl
O4 - HKCU\..\Run: [131308] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131308.cpl
O4 - HKCU\..\Run: [131306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131306.cpl
O4 - HKCU\..\Run: [131304] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131304.cpl
O4 - HKCU\..\Run: [131302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131302.cpl
O4 - HKCU\..\Run: [131298] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131298.cpl
O4 - HKCU\..\Run: [131296] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131296.cpl
O4 - HKCU\..\Run: [131290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131290.cpl
O4 - HKCU\..\Run: [131284] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131284.cpl
O4 - HKCU\..\Run: [131282] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131282.cpl
O4 - HKCU\..\Run: [131278] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131278.cpl
O4 - HKCU\..\Run: [131258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131258.cpl
O4 - HKCU\..\Run: [131256] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131256.cpl
O4 - HKCU\..\Run: [131254] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131254.cpl
O4 - HKCU\..\Run: [1245390] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1245390.cpl
O4 - HKCU\..\Run: [1114360] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1114360.cpl
O4 - HKCU\..\Run: [1114358] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1114358.cpl


Next, use the find command to find *.cpl and limit the search to ONLY Windows

Delete all with numbers only. This is just in case there happens to be any other files with the .cpl extension in Windows.

Reboot

Then run and post another HJT log
 
Joined
Mar 9, 2003
Messages
4,699
Most of the files with a VALID .cpl extension will be in either windows\system or windows\system32
 
Joined
Mar 9, 2003
Messages
4,699
Once we filter all the crap out, there should be only a few entries in your log to be concerned about.
 
Joined
Mar 9, 2003
Messages
4,699
Originally posted by kaspersky:
and or winnt\system32 :D
Yes, for XP. However since the original HJT log entries had the format of
C:\WINDOWS\1114358.cpl

That's why I used \windows\system or system32

If you look at the top part of his HJT all the path names use windows and not winnt

Ya gotta love how consistent XP is :D
 
Joined
Mar 9, 2003
Messages
4,699
Phase II

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll

O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe

O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} (Installer Class) - http://www.tradeexit.com/Config.cab


IF you are running ME or XP Disable SYSTEM RESTORE : Here's How

Next reboot into Safe Mode and remove the following files and folders that are bolded

C:\WINDOWS\winupie.exe

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Reboot into normal mode


Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks
 

cooma

Thread Starter
Joined
Dec 1, 2001
Messages
88
finish phase 1.....sry 4 taking so long...no numbered cpl extensions....
new log..

Logfile of HijackThis v1.97.2
Scan saved at 9:33:15 PM, on 9/13/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sam finocchiaro\My Documents\My Received Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra Big Pond Home
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe
O4 - Startup: Norton Disk Doctor.LNK = D:\NU\NDD32.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Big Pond (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} (Installer Class) - http://www.tradeexit.com/Config.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81268B89-A8E9-4E31-8AE7-31A4C0A10D77}: NameServer = 203.194.27.57 203.194.56.150
 
Joined
Mar 9, 2003
Messages
4,699
OK, your antivirus program probably deleted all of then and what we saw were just left over entries in the reg. HJT removed them for you.

Take care of the 3 in phase II and you should be good.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top