IELoader is driving me crazy

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bdsto

Thread Starter
Joined
Feb 5, 2005
Messages
3
I have run many spyware and virus checkers on my system. Adaware, Spybot, TDS, Spyhunter, etc. I have WinPatrol on and it keeps telling me that IELoader is trying to install stuff like faortlht.exe (dll?) and aabqgsav.dll. When I click on Windows Internet Explorer I get multiple copies of iexplorer.exe and they take over the CPU. I kill them using Windows Task Manager, otherwise the system becomes unusable. I use Firefox most of the time, but some sites require IE. Then there is the problem of something trying to install DesktopSearch (c:\windows\isrvs\desktop.exe). I would like to get rid of that too. I have also downloaded all of the Microsoft Updates that the computer will allow. Five of them have been rejected. I think because I was using Firefox.

I have created a hijack this log and would appreciate any help anyone could offer. Thank you.

----------------------------------

Logfile of HijackThis v1.99.0
Scan saved at 12:45:54 PM, on 2/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\PInfo\Dialers\Lori\Lori.exe
C:\Windows\system32\axs.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Windows\System32\ctfmon.exe
C:\Windows\System32\wuaclt.exe
C:\Windows\System32\PackethSvc.exe
C:\Windows\System32\sysmonnt.exe
C:\Documents and Settings\Administrator\Application Data\elat.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Windows\System32\devldr32.exe
C:\Windows\wanmpsvc.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realaudio Player] realaudioplay.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Lori] C:\Program Files\PInfo\Dialers\Lori\Lori.exe /dontdial
O4 - HKLM\..\Run: [cd1] c:\windows\system32\cd1.exe /nocomm
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [gkfyqc] C:\Windows\System32\gkfyqc.exe
O4 - HKLM\..\Run: [oqcjmc] C:\Windows\System32\oqcjmc.exe
O4 - HKLM\..\Run: [WinTask driver] C:\Windows\System32\wintask.exe
O4 - HKLM\..\Run: [secure] C:\Windows\System32\Dnegvm.exe
O4 - HKLM\..\Run: [TinkoPal] C:\Program Files\TinkoPal\AppStart.exe
O4 - HKLM\..\Run: [axs] C:\Windows\system32\axs.exe
O4 - HKLM\..\Run: [r74R3sh] wshuth.exe
O4 - HKLM\..\Run: [Desktop Search] C:\Windows\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\Windows\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Dvx] C:\Windows\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [himkfjlf] C:\Windows\System32\himkfjlf.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunServices: [Realaudio Player] realaudioplay.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [awv5RiN5T] uxtcp32r.exe
O4 - HKCU\..\Run: [Qtutnar] C:\Windows\System32\wuaclt.exe
O4 - HKCU\..\Run: [sysmonnt] C:\Windows\System32\sysmonnt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Administrator\Application Data\elat.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107130436733
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\Windows\System32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\Windows\wanmpsvc.exe
 
Joined
Aug 5, 2004
Messages
1,137
Hello bdsto and Welcome to TSG! :D

Open Task Manager (ctrl+alt+delete) and choose the "Processes" tab.
Find and "End Process" the following processes:
Lori.exe
axs.exe
sysmonnt.exe
elat.exe


Turn off System Restore by right-clicking on My Computer and choosing "Properties". Click on the "System Restore" tab and put a tick next to "Turn System Restore off". Click "OK".

Go to My Computer and click on "Tools" then "Folder Options. Click on the "View" tab and make sure that "Show hidden files and folders" is enabled. Click "OK".

Find and delete the following files and folders hilighted in RED:
C:\Program Files\PInfo
C:\Windows\system32\axs.exe
C:\Windows\System32\sysmonnt.exe
C:\Documents and Settings\Administrator\Application Data\elat.exe

Open Internet Explorer and at the top click on "Tools" and choose "Internet Options". Click on the "Advanced" tab and untick "Enable third-party browser extensions". Click on "Apply" then "OK".

Run HijackThis and fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\about.htm

R3 - Default URLSearchHook is missing

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)

O4 - HKLM\..\Run: [Lori] C:\Program Files\PInfo\Dialers\Lori\Lori.exe /dontdial

O4 - HKLM\..\Run: [cd1] c:\windows\system32\cd1.exe /nocomm

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe

O4 - HKLM\..\Run: [gkfyqc] C:\Windows\System32\gkfyqc.exe

O4 - HKLM\..\Run: [oqcjmc] C:\Windows\System32\oqcjmc.exe

O4 - HKLM\..\Run: [WinTask driver] C:\Windows\System32\wintask.exe

O4 - HKLM\..\Run: [secure] C:\Windows\System32\Dnegvm.exe

O4 - HKLM\..\Run: [axs] C:\Windows\system32\axs.exe

O4 - HKLM\..\Run: [r74R3sh] wshuth.exe

O4 - HKLM\..\Run: [ffis] C:\Windows\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Dvx] C:\Windows\System32\wsxsvc\wsxsvc.exe

O4 - HKLM\..\Run: [himkfjlf] C:\Windows\System32\himkfjlf.exe

O4 - HKCU\..\Run: [awv5RiN5T] uxtcp32r.exe

O4 - HKCU\..\Run: [sysmonnt] C:\Windows\System32\sysmonnt

O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Administrator\Application Data\elat.exe

O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/Insta...nsAssistent.ocx

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file


Restart your computer and post a fresh HijackThis log back on this thread.
 

bdsto

Thread Starter
Joined
Feb 5, 2005
Messages
3
Thank you for the help. I believe I did what you said where I could. IE crashed when I tried to open it. But I right clicked on it and turned off the ... whatever it was... that way. Here is the new log.

----------------------
Logfile of HijackThis v1.99.0
Scan saved at 8:01:31 AM, on 2/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\System32\PROMon.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\realaudioplay.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Windows\isrvs\desktop.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\System32\wuaclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Windows\System32\PackethSvc.exe
C:\Windows\System32\devldr32.exe
C:\Windows\System32\msupd5.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Security\HijackThis.exe
C:\Windows\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {43044E3B-107A-01E1-DC60-4CEB4DF0BF2C} - C:\Windows\System32\faortlht.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBB9C1B7-3B16-C6E8-D6FA-B21DE9DA5D8C} - C:\Windows\System32\aabqgsav.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realaudio Player] realaudioplay.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Desktop Search] C:\Windows\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\Windows\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Realaudio Player] realaudioplay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Qtutnar] C:\Windows\System32\wuaclt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107130436733
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\Windows\System32\msupd5.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\Windows\System32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\Windows\wanmpsvc.exe
 
Joined
Aug 5, 2004
Messages
1,137
Run HijackThis and fix the following entries:

O2 - BHO: (no name) - {43044E3B-107A-01E1-DC60-4CEB4DF0BF2C} - C:\Windows\System32\faortlht.dll

O2 - BHO: (no name) - {BBB9C1B7-3B16-C6E8-D6FA-B21DE9DA5D8C} - C:\Windows\System32\aabqgsav.dll

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)


Restart your computer and post a fresh HijackThis log back on this thread.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {43044E3B-107A-01E1-DC60-4CEB4DF0BF2C} - C:\Windows\System32\faortlht.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: (no name) - {BBB9C1B7-3B16-C6E8-D6FA-B21DE9DA5D8C} - C:\Windows\System32\aabqgsav.dll
O4 - HKLM\..\Run: [Realaudio Player] realaudioplay.exe
O4 - HKLM\..\Run: [Desktop Search] C:\Windows\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\Windows\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Realaudio Player] realaudioplay.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

Close all applications and browser windows before you click "fix checked".


Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Go to control panel add/remove programs and remove Viewpoint also SpyHunter as you can see it is not doing you any good either.

Delete these folders:
C:\Windows\isrvs
C:\Program Files\Enigma Software Group
C:\Program Files\Viewpoint

Reboot.

Go here: http://www.kaspersky.com/remoteviruschk.html
Copy this: C:\Windows\System32\realaudioplay.exe and paste it into the Submit box.

Please report back the findings.
 

bdsto

Thread Starter
Joined
Feb 5, 2005
Messages
3
I did what you said, close the browser, safe mode, delete the directories, etc. ffis and the no names will not go away. Here is my latest log. Thanx for the help.

----------------------
Logfile of HijackThis v1.99.0
Scan saved at 8:49:32 AM, on 2/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\System32\PROMon.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\System32\wuaclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Windows\System32\devldr32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Windows\System32\msupd5.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\110807~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110807~1\EE\AOLServiceHost.exe
C:\Windows\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Windows\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {43044E3B-107A-01E1-DC60-4CEB4DF0BF2C} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBB9C1B7-3B16-C6E8-D6FA-B21DE9DA5D8C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Desktop Search] C:\Windows\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\Windows\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Qtutnar] C:\Windows\System32\wuaclt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107130436733
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\Windows\System32\msupd5.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\Windows\wanmpsvc.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top