Solved: I've got a nail and need a hammer!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
I've run some of the basics first but I need some assistance...

Ran Grisoft AVG and Ewido in Safe mode already.
Cleaned up the temp files and turned off system restore.

Latest Hijack this...

Logfile of HijackThis v1.99.1
Scan saved at 9:24:40 PM, on 28/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\w?auclt.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\crny32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Utilities\hijack this\HijackThis.exe
C:\WINDOWS\System32\lcugulu.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pyzrf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.iwantsearch.com/to.php?ID1=575&ID2=69460317&ID3=58464333446&ID4=2&ID5={244F4B15-D36E-445A-91E3-4A3F4844A325}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Class - {0115E9AD-16FD-CFEF-318A-81686D1E9319} - C:\WINDOWS\system32\ieds.dll (file missing)
O2 - BHO: Class - {01DD0CE9-5C36-455A-25BD-EAC65D9DB1D3} - C:\WINDOWS\system32\ipao32.dll (file missing)
O2 - BHO: Class - {01DD3C0B-760F-349E-147E-03404280DA8F} - C:\WINDOWS\addcb32.dll
O2 - BHO: Class - {05D1E7E3-6BEF-35A7-EA95-41C9AA0FD288} - C:\WINDOWS\system32\crkz32.dll
O2 - BHO: Class - {0631CBDA-7F99-C68B-C89A-E8A19DA73BEE} - C:\WINDOWS\system32\addsi32.dll (file missing)
O2 - BHO: Class - {07055945-CCCD-343D-041A-707FBD5680FF} - C:\WINDOWS\system32\sdkyv32.dll (file missing)
O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll (file missing)
O2 - BHO: Class - {07F1B04E-4B15-B5BD-E9F8-0D52EB22542A} - C:\WINDOWS\javazb32.dll (file missing)
O2 - BHO: Class - {095AEAC7-0EE3-5E2C-CE96-56983CF29ED9} - C:\WINDOWS\system32\apiba32.dll (file missing)
O2 - BHO: Class - {0C5166B1-769E-6539-9208-12261EAF18EA} - C:\WINDOWS\system32\d3fz.dll (file missing)
O2 - BHO: Class - {0E21F25B-0D5F-DB07-A23E-096542875F23} - C:\WINDOWS\sdkdw.dll (file missing)
O2 - BHO: Class - {11370574-D9D8-E8CA-D626-4D6350899CDF} - C:\WINDOWS\system32\apidm32.dll (file missing)
O2 - BHO: Class - {13D34B57-E72D-5D96-0F9B-060DB3211D4B} - C:\WINDOWS\system32\mshc32.dll
O2 - BHO: Class - {14763206-F6A7-4D6F-D4D5-2E72E367ABB1} - C:\WINDOWS\system32\apiqa32.dll (file missing)
O2 - BHO: Class - {18BA6790-DA50-1A1A-0E2C-FC6CDFD533BF} - C:\WINDOWS\addxn.dll (file missing)
O2 - BHO: Class - {1BC19818-C6D6-BC63-8A18-434354542571} - C:\WINDOWS\atllb.dll
O2 - BHO: Class - {1C69A5C0-73A2-5593-0FBD-0E5DB07E3737} - C:\WINDOWS\system32\msvx32.dll
O2 - BHO: Class - {1CBB0404-86C5-09E4-D08A-24B073930DCC} - C:\WINDOWS\netjz.dll (file missing)
O2 - BHO: Class - {1EDDA893-407F-4AA4-792C-9D75EC6A544B} - C:\WINDOWS\appcd32.dll (file missing)
O2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\sdkoa32.dll (file missing)
O2 - BHO: (no name) - {2034624C-E056-AB75-0F01-AC20C2E11D24} - C:\WINDOWS\system32\appxv.dll (file missing)
O2 - BHO: (no name) - {2140643E-8DDB-8B7A-AE87-864DB755E795} - C:\WINDOWS\System32\qswhgd.dll
O2 - BHO: Class - {21E4D24D-BFDF-C114-094D-146BCC336764} - C:\WINDOWS\apilw.dll (file missing)
O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msby32.dll (file missing)
O2 - BHO: (no name) - {25ADEB1C-223C-2A7D-D3AD-712F742ABDB1} - (no file)
O2 - BHO: Class - {2A88963D-92B5-F301-849E-570A9ABCA3DE} - C:\WINDOWS\system32\apizi.dll (file missing)
O2 - BHO: (no name) - {2B3FC2B5-8EC5-0AC5-D56B-8208A144A487} - (no file)
O2 - BHO: Class - {2DC00BAA-4229-004B-D978-89E592AF6B1F} - C:\WINDOWS\ntzi.dll
O2 - BHO: Class - {30E404C8-9E52-6BCC-07B7-75B62569A989} - C:\WINDOWS\addyw.dll (file missing)
O2 - BHO: Class - {3430DBD7-FB8E-89AC-570B-BFD4FF9822B6} - C:\WINDOWS\system32\sdkxk32.dll (file missing)
O2 - BHO: Class - {34597DBE-1705-86A7-50E9-42869E4F8567} - C:\WINDOWS\system32\javaxa.dll
O2 - BHO: Class - {367BDA74-112C-A690-28AA-F33ADF8DEDD0} - C:\WINDOWS\system32\javaqo32.dll
O2 - BHO: Class - {36B0002B-6BC8-BE39-74D5-234853739B76} - C:\WINDOWS\system32\sdkua.dll (file missing)
O2 - BHO: Class - {3A45712A-04D7-9561-0AF2-7704CBBF8F75} - C:\WINDOWS\system32\javawo.dll (file missing)
O2 - BHO: Class - {3A6D4A75-035C-3482-B127-1A32586AA762} - C:\WINDOWS\system32\atlip32.dll
O2 - BHO: (no name) - {3F18E16D-F794-AD29-32FD-2AA0E587716B} - (no file)
O2 - BHO: Class - {40085E62-C8C2-5EB8-A6B0-0E40313EDEB3} - C:\WINDOWS\javavz.dll (file missing)
O2 - BHO: Class - {41D0E5E5-4CC4-AAC1-982F-7B2573677ABE} - C:\WINDOWS\appvj32.dll
O2 - BHO: Class - {4249913F-B87B-5BCB-BDAC-0E589CD03682} - C:\WINDOWS\system32\appih32.dll
O2 - BHO: Class - {45704FCA-088F-4D29-2764-FC45C65E5B49} - C:\WINDOWS\appnd.dll
O2 - BHO: Class - {45BB100E-E1E8-C990-C393-ABFCC68EB7AA} - C:\WINDOWS\ntdu32.dll (file missing)
O2 - BHO: Class - {4602BD0D-C987-DA51-337E-3BA373708489} - C:\WINDOWS\system32\apiyj32.dll (file missing)
O2 - BHO: Class - {49E0A5C4-82AC-E5B9-6BBD-F6071509CC72} - C:\WINDOWS\system32\apiwt32.dll (file missing)
O2 - BHO: Class - {4A461B03-223F-63AE-8A66-848FF24D6FCA} - C:\WINDOWS\system32\netyi.dll (file missing)
O2 - BHO: Class - {4A71E4ED-B153-02B7-F9C5-D2CE34029094} - C:\WINDOWS\javaiy32.dll (file missing)
O2 - BHO: Class - {4AA3BE08-9CE4-7D9F-F202-DA39AAEC5E43} - C:\WINDOWS\sdkak32.dll
O2 - BHO: Class - {4B4C8A49-4EDC-535E-34FA-78C935F0E8FC} - C:\WINDOWS\system32\addun.dll (file missing)
O2 - BHO: Class - {4CB9FE89-C678-F47B-2F95-B7988A0FC10D} - C:\WINDOWS\system32\netpq.dll (file missing)
O2 - BHO: Class - {51210ACC-D1ED-AB86-D910-0A930B850A8C} - C:\WINDOWS\system32\sdkzw32.dll (file missing)
O2 - BHO: Class - {5369BF71-4D46-FEDA-2B2C-49E20A1CBCC5} - C:\WINDOWS\mfcnh32.dll (file missing)
O2 - BHO: Class - {547AD346-410C-3E62-4513-8C74102C30E0} - C:\WINDOWS\crbr32.dll (file missing)
O2 - BHO: Class - {565744A1-C652-BC19-4230-289DA72A989C} - C:\WINDOWS\netur32.dll (file missing)
O2 - BHO: Class - {5883D979-5C1C-5AE9-C370-C39713BB8756} - C:\WINDOWS\addgo32.dll
O2 - BHO: Class - {5924C00A-80E3-71E7-FA17-AEE58A1B0A00} - C:\WINDOWS\appjq.dll (file missing)
O2 - BHO: Class - {5A46A228-4AD2-6394-AAB4-A2F5E5B258F9} - C:\WINDOWS\system32\mfchq.dll
O2 - BHO: Class - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} - C:\WINDOWS\system32\apiuv32.dll
O2 - BHO: Class - {5DB715E3-618E-CA23-B81A-058995B513DB} - C:\WINDOWS\appae.dll (file missing)
O2 - BHO: Class - {5F1BDCF6-4981-EA27-2568-462612867593} - C:\WINDOWS\system32\netvu.dll (file missing)
O2 - BHO: Class - {5F61F83B-5C3C-0AA1-16A9-BFBA5DB260FE} - C:\WINDOWS\system32\mslt.dll (file missing)
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\d3pv32.dll (file missing)
O2 - BHO: Class - {600840E3-E400-AC5E-D33B-44B05BB29B01} - C:\WINDOWS\system32\addgj32.dll
O2 - BHO: Class - {63491145-0DFC-8514-EE36-1EEBDABEF01C} - C:\WINDOWS\system32\sdkgj.dll
O2 - BHO: Class - {63F55AAB-207A-4070-C941-3AF6DF73213B} - C:\WINDOWS\sdkxn32.dll
O2 - BHO: Class - {644853C5-6F66-EAC8-4FD6-390432061D1E} - C:\WINDOWS\ntws.dll (file missing)
O2 - BHO: Class - {64B13F2A-9E42-D6C3-3421-E701B8205EB9} - C:\WINDOWS\system32\apibr.dll
O2 - BHO: Class - {65410090-FD57-DBFA-0CE3-6CEC2D7DECE7} - C:\WINDOWS\system32\appzd32.dll (file missing)
O2 - BHO: Class - {66100307-54EE-8324-718F-DA7041322625} - C:\WINDOWS\system32\croj32.dll
O2 - BHO: Class - {6A179565-2A80-B3E8-B301-3F172DD761A4} - C:\WINDOWS\winlr32.dll (file missing)
O2 - BHO: Class - {6BFB4F8E-42B3-1853-FED2-0CE716BE6757} - C:\WINDOWS\system32\d3by.dll (file missing)
O2 - BHO: Class - {70287588-232F-F15E-0032-852CC2FECDD4} - C:\WINDOWS\msbr32.dll (file missing)
O2 - BHO: Class - {71849A64-EB27-1029-8F9D-70E8D4CF1707} - C:\WINDOWS\apiyp.dll (file missing)
O2 - BHO: Class - {75AC68C4-FC8D-B1AF-D11A-72FC70708CDE} - C:\WINDOWS\apizu.dll (file missing)
O2 - BHO: Class - {7C121035-5121-FC97-9150-A3A543AADFC9} - C:\WINDOWS\netki32.dll
O2 - BHO: Class - {7C395C70-4770-1EBB-BEF0-A0B7926007FF} - C:\WINDOWS\mfcjv.dll
O2 - BHO: Class - {7CCE424A-B1F0-679F-DE39-341AF2ED99EF} - C:\WINDOWS\system32\winjs.dll
O2 - BHO: Class - {7F0FD938-6921-7913-8F78-2E42633C1214} - C:\WINDOWS\appgn.dll (file missing)
O2 - BHO: Class - {853AFE61-897E-FF77-C876-B79FF8EF16A6} - C:\WINDOWS\sysbv.dll (file missing)
O2 - BHO: Class - {85400964-C2DA-EC82-F9E5-A84E50F255C5} - C:\WINDOWS\ntke32.dll (file missing)
O2 - BHO: Class - {8681F5FE-10E5-BC0E-53C2-DCC12E244065} - C:\WINDOWS\ipyb.dll (file missing)
O2 - BHO: Class - {86CC7407-F3BA-3F91-9317-EDFFCDF2FA77} - C:\WINDOWS\system32\appiq.dll
O2 - BHO: Class - {87684604-6852-F5FC-07A8-F01DC933DBA2} - C:\WINDOWS\sysyf.dll (file missing)
O2 - BHO: Class - {87716C8D-8534-BE5D-802D-4FD4A93168DF} - C:\WINDOWS\system32\winqn32.dll
O2 - BHO: Class - {89CC3F76-EE2D-F2EE-061C-BACBCC65458D} - C:\WINDOWS\system32\mscb32.dll
O2 - BHO: Class - {8A805C25-C0B7-1426-1D24-BC93152A99CA} - C:\WINDOWS\system32\ntrp.dll (file missing)
O2 - BHO: Class - {8B9B4C67-045B-2559-03A4-FD879036D7DA} - C:\WINDOWS\system32\atlzo.dll (file missing)
O2 - BHO: Class - {8CC8C8BC-AC70-7455-4A51-2FD0E216EE8D} - C:\WINDOWS\system32\winog32.dll (file missing)
O2 - BHO: Class - {8D32F80A-AB76-8C8A-C145-95961BCC455D} - C:\WINDOWS\system32\winun32.dll (file missing)
O2 - BHO: Class - {8D565590-A209-9855-93F1-821B80B1EAD4} - C:\WINDOWS\ieua.dll
O2 - BHO: Class - {941F5DCD-AF76-661B-D1D1-69B4CABC1B03} - C:\WINDOWS\addis.dll (file missing)
O2 - BHO: Class - {94EE2D7A-2FA2-CC22-EF26-F138D4D7935C} - C:\WINDOWS\system32\javazw.dll (file missing)
O2 - BHO: Class - {9599FA72-449A-32E4-49DA-E9481AF3FDF6} - C:\WINDOWS\iphx.dll (file missing)
O2 - BHO: Class - {962342AD-7D9C-4ED9-06F6-290AD24C961B} - C:\WINDOWS\system32\mfcfm32.dll (file missing)
O2 - BHO: Class - {9709B368-B64F-22D7-F55C-19C0CF259122} - C:\WINDOWS\system32\apiow.dll
O2 - BHO: Class - {97844521-9B02-5F4A-6832-B572D5720BB7} - C:\WINDOWS\system32\netjh32.dll
O2 - BHO: Class - {988DC8C7-E652-21EC-B118-A0C2F8D3FD03} - C:\WINDOWS\system32\mfcae.dll (file missing)
O2 - BHO: Class - {9A5DD453-2B63-7128-69B3-DF8DE08210F0} - C:\WINDOWS\system32\winsh32.dll
O2 - BHO: Class - {9AD557DC-60E2-6D19-8F5D-9B004A2149D9} - C:\WINDOWS\sdkue.dll
O2 - BHO: Class - {9D55C141-97B0-C943-E41A-BE16A3D32D53} - C:\WINDOWS\appeo32.dll (file missing)
O2 - BHO: Class - {A25A0FBE-F4CC-7100-C2D6-4AA4632EE591} - C:\WINDOWS\system32\mfcva32.dll
O2 - BHO: Class - {A4844B2A-0F34-63F1-9085-DC85F24E5C19} - C:\WINDOWS\netmb.dll (file missing)
O2 - BHO: Class - {A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} - C:\WINDOWS\system32\ntaj32.dll
O2 - BHO: Class - {A6A72AAF-CB9E-27D8-86D1-5DCB49B7F01F} - C:\WINDOWS\system32\appis.dll
O2 - BHO: Class - {A7E07085-B57F-70F2-3F48-7C08795ADF50} - C:\WINDOWS\system32\addbj.dll
O2 - BHO: Class - {A81BCC5D-44D8-3E61-02BF-B9E0BABCEBCC} - C:\WINDOWS\winjk32.dll
O2 - BHO: Class - {A940618E-7FAF-575F-4E37-F2966FCD0430} - C:\WINDOWS\system32\atlbq32.dll
O2 - BHO: Class - {AC9C4885-7656-D10D-70A9-3D0592AAE898} - C:\WINDOWS\atluk32.dll
O2 - BHO: Class - {AE845430-3B50-352F-A6D3-21174EDCA037} - C:\WINDOWS\system32\javaix.dll
O2 - BHO: Class - {AEDFB120-4369-AEF1-980E-CD34535DC196} - C:\WINDOWS\system32\iprh32.dll (file missing)
O2 - BHO: Class - {AF462537-008A-9CDC-5714-AC5E29B29DDA} - C:\WINDOWS\apitw.dll
O2 - BHO: Class - {AF788EC7-C67D-57FE-2FD3-6EC5D983BABF} - C:\WINDOWS\mfcpi.dll (file missing)
O2 - BHO: Class - {B1D1D324-FC8B-3721-9BF6-C3F37D8175F7} - C:\WINDOWS\system32\netgh32.dll (file missing)
O2 - BHO: Class - {B1D33F22-DCF6-C4F9-36CA-5E85E6824B01} - C:\WINDOWS\system32\winak32.dll (file missing)
O2 - BHO: Class - {B1FF3F19-7676-CE5B-FC1F-3CE368BA9C2F} - C:\WINDOWS\system32\iemb32.dll (file missing)
O2 - BHO: Class - {B27E8BCF-1A21-257E-958D-00B94008A3E8} - C:\WINDOWS\d3mn32.dll (file missing)
O2 - BHO: Class - {B5769D78-B754-5933-4551-D7BB1A2896C7} - C:\WINDOWS\syssv.dll
O2 - BHO: Class - {B8E64B1D-97B9-D9CD-4452-E3D27877AC97} - C:\WINDOWS\system32\d3vb.dll
O2 - BHO: Class - {BA50E5AC-6039-C44B-E0E4-4E13B9CB89AA} - C:\WINDOWS\system32\sdkrm.dll (file missing)
O2 - BHO: Class - {BFF9AA12-B35F-5FD0-E04C-538197D788AE} - C:\WINDOWS\ntsm.dll (file missing)
O2 - BHO: Class - {C0C15DD5-D316-46D2-4F80-397DA0785F03} - C:\WINDOWS\mfciv32.dll
O2 - BHO: Class - {C0C21005-EE4C-81C5-426F-EAF3F15EA4B5} - C:\WINDOWS\system32\winpr.dll
O2 - BHO: Class - {C131A37D-9F99-CE31-6C64-1A436BC9299C} - C:\WINDOWS\system32\d3qr.dll (file missing)
O2 - BHO: Class - {C20A038A-407E-8A25-A19B-78BCAF0F004B} - C:\WINDOWS\ipas32.dll
O2 - BHO: Class - {C3AAEC67-F763-AFDD-7B89-B292B7DC615D} - C:\WINDOWS\system32\netbi32.dll (file missing)
O2 - BHO: Class - {C3DFD60C-F72B-47B4-D7B9-54227AB606A9} - C:\WINDOWS\addup32.dll
O2 - BHO: Class - {C47F26FB-2717-FEB3-9E41-FD54EB783896} - C:\WINDOWS\netnt.dll (file missing)
O2 - BHO: Class - {C7B0E086-75CE-E71D-0DDA-51166A3A3D0F} - C:\WINDOWS\system32\mfcdl32.dll (file missing)
O2 - BHO: Class - {C8D1C684-C2C9-372C-CB57-F9A72CB478D6} - C:\WINDOWS\ntth32.dll
O2 - BHO: Class - {C964ABCA-619A-D517-19F0-3D02D7587F99} - C:\WINDOWS\ntdo.dll (file missing)
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3tp32.dll (file missing)
O2 - BHO: Class - {CD101537-32F8-4AA3-3402-3E75C232A431} - C:\WINDOWS\ipex32.dll (file missing)
O2 - BHO: Class - {CE0313BB-3015-D4A8-1854-F6B277DB070A} - C:\WINDOWS\ieja.dll (file missing)
O2 - BHO: Class - {CF264CBC-F6A6-BCAF-4A88-674D64BFD312} - C:\WINDOWS\system32\sysgw32.dll
O2 - BHO: Class - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - C:\WINDOWS\ieax.dll
O2 - BHO: Class - {D005958B-A70C-E04B-F567-786C7EFC5875} - C:\WINDOWS\system32\msfd32.dll (file missing)
O2 - BHO: Class - {D30AC97E-6571-1DC7-4A47-4FD27E4BC8A4} - C:\WINDOWS\sdkxv.dll
O2 - BHO: Class - {D46A242B-6194-E7D0-7207-4CC5FFB11ADE} - C:\WINDOWS\system32\winjy.dll
O2 - BHO: Class - {DBD602A8-8F55-C964-E168-4A9DD3C20AC4} - C:\WINDOWS\winuv32.dll (file missing)
O2 - BHO: Class - {DC9FB4E0-35CF-8D4C-628B-3690884983C2} - C:\WINDOWS\system32\ipad32.dll (file missing)
O2 - BHO: Class - {DE16FD7C-EF33-8A48-686D-E9319A871319} - C:\WINDOWS\crnz.dll
O2 - BHO: Class - {E0C391EC-E5DC-2EB5-4D6C-E96F55D9CF3A} - C:\WINDOWS\system32\sysvk.dll
O2 - BHO: Class - {E2D18933-6CA1-461A-2D30-CC986B408A2C} - C:\WINDOWS\system32\nethp.dll
O2 - BHO: (no name) - {E3367314-1EAE-8F76-CB90-062589DB57E1} - C:\WINDOWS\system32\appxv.dll (file missing)
O2 - BHO: Class - {E3932B1E-C8F3-EA00-4E09-88EDF68EDE0A} - C:\WINDOWS\apixn32.dll (file missing)
O2 - BHO: Class - {E41D6571-D567-8510-6CC7-77FDC5C43E33} - C:\WINDOWS\msif32.dll (file missing)
O2 - BHO: Class - {E47AA49F-9660-E090-1F8F-172B36FCAD9B} - C:\WINDOWS\system32\msvp.dll
O2 - BHO: Class - {E4F81D49-D627-F1CA-FA4A-24E3C374D656} - C:\WINDOWS\ierx.dll
O2 - BHO: Class - {E5A932D6-23F4-5016-9ABB-AC2CAF1A53A0} - C:\WINDOWS\wincc.dll (file missing)
O2 - BHO: Class - {E68FF21A-1D01-4C00-EDC8-A80470B5A15F} - C:\WINDOWS\system32\appot32.dll (file missing)
O2 - BHO: Class - {E8F9F03A-BE22-03A0-0932-A5CF0D6CA011} - C:\WINDOWS\javahd.dll
O2 - BHO: Class - {E92EFA08-05B6-5902-325B-EF61C5EC29A7} - C:\WINDOWS\system32\winmj32.dll
O2 - BHO: Class - {ECD8EB7B-F315-F6C9-F00A-D133E9653BB1} - C:\WINDOWS\addmh.dll
O2 - BHO: Class - {F1BFBED8-8817-33C8-DB05-3E5843F24CBD} - C:\WINDOWS\system32\atlow32.dll
O2 - BHO: (no name) - {F3AE7EFD-04D4-732F-30B4-3395DFA366FC} - C:\WINDOWS\system32\appxv.dll (file missing)
O2 - BHO: Class - {F4907C9F-9B30-22D6-7C19-69B28CC732FD} - C:\WINDOWS\msxd32.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: Class - {F607095C-FD2B-4343-1C4F-F77394A2E39A} - C:\WINDOWS\system32\apipz32.dll (file missing)
O2 - BHO: Class - {F788F832-21D0-55B5-FC8F-115E62624D9C} - C:\WINDOWS\system32\crqv32.dll (file missing)
O2 - BHO: Class - {FA2F9533-02AC-2257-2C0F-DC0D6F5DCF55} - C:\WINDOWS\system32\atlng32.dll
O2 - BHO: Class - {FB1FF3C6-0115-2FD6-315D-8C97AEC3A3E5} - C:\WINDOWS\appry.dll
O2 - BHO: Class - {FBD81A45-7D6E-CF78-2720-BF05C51B1F0E} - C:\WINDOWS\system32\sdkuq32.dll
O2 - BHO: Class - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - C:\WINDOWS\mshd32.dll
O2 - BHO: Class - {FE20707E-55DD-02AB-49D8-AE6258A0B4A7} - C:\WINDOWS\system32\iefq32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [javacj.exe] C:\WINDOWS\system32\javacj.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [virtual] winit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [addcj32.exe] C:\WINDOWS\addcj32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [virtual] winit.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Qqr] C:\WINDOWS\System32\w?auclt.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt mt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/148627d5bcdc51f03a19/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crny32.exe" /s (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning.
  • Extract About:Buster to your Desktop
  • Run About:Buster and click OK>>Update>>Check for Update
  • Download any available updates by clicking Download Update
  • Exit About:Buster
  • Save CWShredder to your Desktop
  • Run CWShredder and click I Agree>>Check For Update
  • Exit CWShredder
  • Run About:Buster and click Start>>OK
  • Click Yes when prompted to shutdown explorer.exe
  • Allow the program to make a second pass through your system if it asks you to do so
  • Click Save Log and save this log to your Desktop
  • Run About:Buster and click Start>>OK
  • Click Yes when prompted to shutdown explorer.exe
  • Allow the program to make a second pass through your system if it asks you to do so
  • Click Save Log and save this log to your Desktop
  • Run CWShredder
  • Click I Agree>>Fix>>Next and allow it to fix any problems it finds
  • Exit CWShredder
  • Run SpSeHjFix
  • Run CleanUp! and go to Options>>Custom CleanUp!
  • Put a checkmark next to each of the following items:

    Empty Recycle Bins
    Delete Cookies
    Delete Prefetch files
    Scan local drives for temporary files
    Cleanup! All Users
  • Click OK>>CleanUp!
  • Exit CleanUp!
  • Restart your computer
  • Post the contents of the About:Buster log you saved earlier
  • Post the contents of SpSeHjFix.log
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Having a lot of trouble with internet connection cutting out when I enter certain sites including this one.

Ran Aboutbuster, cwshredder and this spsehjfix
unable to runthe online version of kasperksy but installed & updatedx Kas personal and ran it over nite - Apears to recognize over 2000 issues. ()Dangerous)
AVG finding lots of viruses and I've deleted them

Nothing seems to be cleaned up. Very slow... unuinstalled Kasper

Latest...

SPSehjfix

(12/28/05 10:14:41 PM) SPSeHjFix started v1.1.2
(12/28/05 10:14:41 PM) OS: WinXP (5.1.2600)
(12/28/05 10:14:41 PM) Language: english
(12/28/05 10:14:41 PM) Win-Path: C:\WINDOWS
(12/28/05 10:14:41 PM) System-Path: C:\WINDOWS\System32
(12/28/05 10:14:41 PM) Temp-Path: C:\DOCUME~1\PATSHA~1\LOCALS~1\Temp\
(12/28/05 10:14:50 PM) Disinfection started
(12/28/05 10:14:50 PM) Bad-Dll(IEP): c:\windows\system32\wxkej.dll
(12/28/05 10:14:51 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:14:51 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:14:51 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\system32\wxkej.dll/sp.html#29126
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\system32\wxkej.dll/sp.html#29126
(12/28/05 10:14:51 PM) Stealth-String not found
(12/28/05 10:14:51 PM) No locked Files to delete. End without Reboot
(12/28/05 10:15:03 PM) Disinfection started
(12/28/05 10:15:03 PM) Bad-Dll(IEP): c:\windows\system32\pyzrf.dll
(12/28/05 10:15:03 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:03 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:03 PM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\system32\pyzrf.dll/sp.html#29126
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\system32\pyzrf.dll/sp.html#29126
(12/28/05 10:15:03 PM) Stealth-String not found
(12/28/05 10:15:03 PM) No locked Files to delete. End without Reboot
(12/28/05 10:15:47 PM) Disinfection started
(12/28/05 10:15:47 PM) Bad-Dll(IEP): c:\windows\system32\pyzrf.dll
(12/28/05 10:15:47 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:47 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:47 PM) Bad IE-pages: (none)
(12/28/05 10:15:47 PM) Stealth-String not found
(12/28/05 10:15:47 PM) No locked Files to delete. End without Reboot
(12/28/05 10:15:48 PM) Disinfection started
(12/28/05 10:15:48 PM) Bad-Dll(IEP): c:\windows\system32\pyzrf.dll
(12/28/05 10:15:48 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:48 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:48 PM) Bad IE-pages: (none)
(12/28/05 10:15:48 PM) Stealth-String not found
(12/28/05 10:15:48 PM) No locked Files to delete. End without Reboot
(12/28/05 10:15:48 PM) Disinfection started
(12/28/05 10:15:48 PM) Bad-Dll(IEP): c:\windows\system32\pyzrf.dll
(12/28/05 10:15:49 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:49 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:15:49 PM) Bad IE-pages: (none)
(12/28/05 10:15:49 PM) Stealth-String not found
(12/28/05 10:15:49 PM) No locked Files to delete. End without Reboot


(12/28/05 10:16:19 PM) SPSeHjFix started v1.1.2
(12/28/05 10:16:19 PM) OS: WinXP (5.1.2600)
(12/28/05 10:16:19 PM) Language: english
(12/28/05 10:16:19 PM) Win-Path: C:\WINDOWS
(12/28/05 10:16:19 PM) System-Path: C:\WINDOWS\System32
(12/28/05 10:16:19 PM) Temp-Path: C:\DOCUME~1\PATSHA~1\LOCALS~1\Temp\
(12/28/05 10:16:21 PM) Disinfection started
(12/28/05 10:16:21 PM) Bad-Dll(IEP): (not found)
(12/28/05 10:16:21 PM) Bad-Dll(IEP) in BHO: (not found)
(12/28/05 10:16:21 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:16:21 PM) UBF: 4 - UBB: 162 - UBR: 23
(12/28/05 10:16:21 PM) Bad IE-pages: (none)
(12/28/05 10:16:21 PM) Stealth-String not found
(12/28/05 10:16:21 PM) Not infected->END



Latest HJT

Logfile of HijackThis v1.99.1
Scan saved at 1:29:48 PM, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\w?auclt.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\hrvuhq.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Utilities\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {2140643E-8DDB-8B7A-AE87-864DB755E795} - C:\WINDOWS\System32\qswhgd.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Class - {0115E9AD-16FD-CFEF-318A-81686D1E9319} - C:\WINDOWS\system32\ieds.dll (file missing)
O2 - BHO: Class - {01DD0CE9-5C36-455A-25BD-EAC65D9DB1D3} - C:\WINDOWS\system32\ipao32.dll (file missing)
O2 - BHO: Class - {01DD3C0B-760F-349E-147E-03404280DA8F} - C:\WINDOWS\addcb32.dll
O2 - BHO: Class - {05D1E7E3-6BEF-35A7-EA95-41C9AA0FD288} - C:\WINDOWS\system32\crkz32.dll
O2 - BHO: Class - {0631CBDA-7F99-C68B-C89A-E8A19DA73BEE} - C:\WINDOWS\system32\addsi32.dll (file missing)
O2 - BHO: Class - {07055945-CCCD-343D-041A-707FBD5680FF} - C:\WINDOWS\system32\sdkyv32.dll (file missing)
O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll (file missing)
O2 - BHO: Class - {07F1B04E-4B15-B5BD-E9F8-0D52EB22542A} - C:\WINDOWS\javazb32.dll (file missing)
O2 - BHO: Class - {095AEAC7-0EE3-5E2C-CE96-56983CF29ED9} - C:\WINDOWS\system32\apiba32.dll (file missing)
O2 - BHO: Class - {0C5166B1-769E-6539-9208-12261EAF18EA} - C:\WINDOWS\system32\d3fz.dll (file missing)
O2 - BHO: Class - {0E21F25B-0D5F-DB07-A23E-096542875F23} - C:\WINDOWS\sdkdw.dll (file missing)
O2 - BHO: Class - {11370574-D9D8-E8CA-D626-4D6350899CDF} - C:\WINDOWS\system32\apidm32.dll (file missing)
O2 - BHO: Class - {13D34B57-E72D-5D96-0F9B-060DB3211D4B} - C:\WINDOWS\system32\mshc32.dll
O2 - BHO: Class - {14763206-F6A7-4D6F-D4D5-2E72E367ABB1} - C:\WINDOWS\system32\apiqa32.dll (file missing)
O2 - BHO: Class - {18BA6790-DA50-1A1A-0E2C-FC6CDFD533BF} - C:\WINDOWS\addxn.dll (file missing)
O2 - BHO: Class - {1BC19818-C6D6-BC63-8A18-434354542571} - C:\WINDOWS\atllb.dll
O2 - BHO: Class - {1C69A5C0-73A2-5593-0FBD-0E5DB07E3737} - C:\WINDOWS\system32\msvx32.dll
O2 - BHO: Class - {1CBB0404-86C5-09E4-D08A-24B073930DCC} - C:\WINDOWS\netjz.dll (file missing)
O2 - BHO: Class - {1EDDA893-407F-4AA4-792C-9D75EC6A544B} - C:\WINDOWS\appcd32.dll (file missing)
O2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\sdkoa32.dll (file missing)
O2 - BHO: (no name) - {2034624C-E056-AB75-0F01-AC20C2E11D24} - C:\WINDOWS\system32\appxv.dll (file missing)
O2 - BHO: (no name) - {2140643E-8DDB-8B7A-AE87-864DB755E795} - C:\WINDOWS\System32\qswhgd.dll
O2 - BHO: Class - {21E4D24D-BFDF-C114-094D-146BCC336764} - C:\WINDOWS\apilw.dll (file missing)
O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msby32.dll (file missing)
O2 - BHO: (no name) - {25ADEB1C-223C-2A7D-D3AD-712F742ABDB1} - (no file)
O2 - BHO: Class - {2A88963D-92B5-F301-849E-570A9ABCA3DE} - C:\WINDOWS\system32\apizi.dll (file missing)
O2 - BHO: (no name) - {2B3FC2B5-8EC5-0AC5-D56B-8208A144A487} - (no file)
O2 - BHO: Class - {2DC00BAA-4229-004B-D978-89E592AF6B1F} - C:\WINDOWS\ntzi.dll
O2 - BHO: Class - {30E404C8-9E52-6BCC-07B7-75B62569A989} - C:\WINDOWS\addyw.dll (file missing)
O2 - BHO: Class - {3430DBD7-FB8E-89AC-570B-BFD4FF9822B6} - C:\WINDOWS\system32\sdkxk32.dll (file missing)
O2 - BHO: Class - {34597DBE-1705-86A7-50E9-42869E4F8567} - C:\WINDOWS\system32\javaxa.dll
O2 - BHO: Class - {367BDA74-112C-A690-28AA-F33ADF8DEDD0} - C:\WINDOWS\system32\javaqo32.dll
O2 - BHO: Class - {36B0002B-6BC8-BE39-74D5-234853739B76} - C:\WINDOWS\system32\sdkua.dll (file missing)
O2 - BHO: Class - {3A45712A-04D7-9561-0AF2-7704CBBF8F75} - C:\WINDOWS\system32\javawo.dll (file missing)
O2 - BHO: Class - {3A6D4A75-035C-3482-B127-1A32586AA762} - C:\WINDOWS\system32\atlip32.dll
O2 - BHO: (no name) - {3F18E16D-F794-AD29-32FD-2AA0E587716B} - (no file)
O2 - BHO: Class - {40085E62-C8C2-5EB8-A6B0-0E40313EDEB3} - C:\WINDOWS\javavz.dll (file missing)
O2 - BHO: Class - {41D0E5E5-4CC4-AAC1-982F-7B2573677ABE} - C:\WINDOWS\appvj32.dll
O2 - BHO: Class - {4249913F-B87B-5BCB-BDAC-0E589CD03682} - C:\WINDOWS\system32\appih32.dll
O2 - BHO: Class - {45704FCA-088F-4D29-2764-FC45C65E5B49} - C:\WINDOWS\appnd.dll
O2 - BHO: Class - {45BB100E-E1E8-C990-C393-ABFCC68EB7AA} - C:\WINDOWS\ntdu32.dll (file missing)
O2 - BHO: Class - {4602BD0D-C987-DA51-337E-3BA373708489} - C:\WINDOWS\system32\apiyj32.dll (file missing)
O2 - BHO: Class - {49E0A5C4-82AC-E5B9-6BBD-F6071509CC72} - C:\WINDOWS\system32\apiwt32.dll (file missing)
O2 - BHO: Class - {4A461B03-223F-63AE-8A66-848FF24D6FCA} - C:\WINDOWS\system32\netyi.dll (file missing)
O2 - BHO: Class - {4A71E4ED-B153-02B7-F9C5-D2CE34029094} - C:\WINDOWS\javaiy32.dll (file missing)
O2 - BHO: Class - {4AA3BE08-9CE4-7D9F-F202-DA39AAEC5E43} - C:\WINDOWS\sdkak32.dll
O2 - BHO: Class - {4B4C8A49-4EDC-535E-34FA-78C935F0E8FC} - C:\WINDOWS\system32\addun.dll (file missing)
O2 - BHO: Class - {4CB9FE89-C678-F47B-2F95-B7988A0FC10D} - C:\WINDOWS\system32\netpq.dll (file missing)
O2 - BHO: Class - {51210ACC-D1ED-AB86-D910-0A930B850A8C} - C:\WINDOWS\system32\sdkzw32.dll (file missing)
O2 - BHO: Class - {5369BF71-4D46-FEDA-2B2C-49E20A1CBCC5} - C:\WINDOWS\mfcnh32.dll (file missing)
O2 - BHO: Class - {547AD346-410C-3E62-4513-8C74102C30E0} - C:\WINDOWS\crbr32.dll (file missing)
O2 - BHO: Class - {565744A1-C652-BC19-4230-289DA72A989C} - C:\WINDOWS\netur32.dll (file missing)
O2 - BHO: Class - {5883D979-5C1C-5AE9-C370-C39713BB8756} - C:\WINDOWS\addgo32.dll
O2 - BHO: Class - {5924C00A-80E3-71E7-FA17-AEE58A1B0A00} - C:\WINDOWS\appjq.dll (file missing)
O2 - BHO: Class - {5A46A228-4AD2-6394-AAB4-A2F5E5B258F9} - C:\WINDOWS\system32\mfchq.dll
O2 - BHO: Class - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} - C:\WINDOWS\system32\apiuv32.dll
O2 - BHO: Class - {5DB715E3-618E-CA23-B81A-058995B513DB} - C:\WINDOWS\appae.dll (file missing)
O2 - BHO: Class - {5F1BDCF6-4981-EA27-2568-462612867593} - C:\WINDOWS\system32\netvu.dll (file missing)
O2 - BHO: Class - {5F61F83B-5C3C-0AA1-16A9-BFBA5DB260FE} - C:\WINDOWS\system32\mslt.dll (file missing)
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\d3pv32.dll (file missing)
O2 - BHO: Class - {600840E3-E400-AC5E-D33B-44B05BB29B01} - C:\WINDOWS\system32\addgj32.dll
O2 - BHO: Class - {63491145-0DFC-8514-EE36-1EEBDABEF01C} - C:\WINDOWS\system32\sdkgj.dll
O2 - BHO: Class - {63F55AAB-207A-4070-C941-3AF6DF73213B} - C:\WINDOWS\sdkxn32.dll
O2 - BHO: Class - {644853C5-6F66-EAC8-4FD6-390432061D1E} - C:\WINDOWS\ntws.dll (file missing)
O2 - BHO: Class - {64B13F2A-9E42-D6C3-3421-E701B8205EB9} - C:\WINDOWS\system32\apibr.dll
O2 - BHO: Class - {65410090-FD57-DBFA-0CE3-6CEC2D7DECE7} - C:\WINDOWS\system32\appzd32.dll (file missing)
O2 - BHO: Class - {66100307-54EE-8324-718F-DA7041322625} - C:\WINDOWS\system32\croj32.dll
O2 - BHO: Class - {6A179565-2A80-B3E8-B301-3F172DD761A4} - C:\WINDOWS\winlr32.dll (file missing)
O2 - BHO: Class - {6BFB4F8E-42B3-1853-FED2-0CE716BE6757} - C:\WINDOWS\system32\d3by.dll (file missing)
O2 - BHO: Class - {70287588-232F-F15E-0032-852CC2FECDD4} - C:\WINDOWS\msbr32.dll (file missing)
O2 - BHO: Class - {71849A64-EB27-1029-8F9D-70E8D4CF1707} - C:\WINDOWS\apiyp.dll (file missing)
O2 - BHO: Class - {75AC68C4-FC8D-B1AF-D11A-72FC70708CDE} - C:\WINDOWS\apizu.dll (file missing)
O2 - BHO: Class - {7C121035-5121-FC97-9150-A3A543AADFC9} - C:\WINDOWS\netki32.dll
O2 - BHO: Class - {7C395C70-4770-1EBB-BEF0-A0B7926007FF} - C:\WINDOWS\mfcjv.dll
O2 - BHO: Class - {7CCE424A-B1F0-679F-DE39-341AF2ED99EF} - C:\WINDOWS\system32\winjs.dll
O2 - BHO: Class - {7F0FD938-6921-7913-8F78-2E42633C1214} - C:\WINDOWS\appgn.dll (file missing)
O2 - BHO: Class - {853AFE61-897E-FF77-C876-B79FF8EF16A6} - C:\WINDOWS\sysbv.dll (file missing)
O2 - BHO: Class - {85400964-C2DA-EC82-F9E5-A84E50F255C5} - C:\WINDOWS\ntke32.dll (file missing)
O2 - BHO: Class - {8681F5FE-10E5-BC0E-53C2-DCC12E244065} - C:\WINDOWS\ipyb.dll (file missing)
O2 - BHO: Class - {86CC7407-F3BA-3F91-9317-EDFFCDF2FA77} - C:\WINDOWS\system32\appiq.dll
O2 - BHO: Class - {87684604-6852-F5FC-07A8-F01DC933DBA2} - C:\WINDOWS\sysyf.dll (file missing)
O2 - BHO: Class - {87716C8D-8534-BE5D-802D-4FD4A93168DF} - C:\WINDOWS\system32\winqn32.dll
O2 - BHO: Class - {89CC3F76-EE2D-F2EE-061C-BACBCC65458D} - C:\WINDOWS\system32\mscb32.dll
O2 - BHO: Class - {8A805C25-C0B7-1426-1D24-BC93152A99CA} - C:\WINDOWS\system32\ntrp.dll (file missing)
O2 - BHO: Class - {8B9B4C67-045B-2559-03A4-FD879036D7DA} - C:\WINDOWS\system32\atlzo.dll (file missing)
O2 - BHO: Class - {8CC8C8BC-AC70-7455-4A51-2FD0E216EE8D} - C:\WINDOWS\system32\winog32.dll (file missing)
O2 - BHO: Class - {8D32F80A-AB76-8C8A-C145-95961BCC455D} - C:\WINDOWS\system32\winun32.dll (file missing)
O2 - BHO: Class - {8D565590-A209-9855-93F1-821B80B1EAD4} - C:\WINDOWS\ieua.dll
O2 - BHO: Class - {941F5DCD-AF76-661B-D1D1-69B4CABC1B03} - C:\WINDOWS\addis.dll (file missing)
O2 - BHO: Class - {94EE2D7A-2FA2-CC22-EF26-F138D4D7935C} - C:\WINDOWS\system32\javazw.dll (file missing)
O2 - BHO: Class - {9599FA72-449A-32E4-49DA-E9481AF3FDF6} - C:\WINDOWS\iphx.dll (file missing)
O2 - BHO: Class - {962342AD-7D9C-4ED9-06F6-290AD24C961B} - C:\WINDOWS\system32\mfcfm32.dll (file missing)
O2 - BHO: Class - {9709B368-B64F-22D7-F55C-19C0CF259122} - C:\WINDOWS\system32\apiow.dll
O2 - BHO: Class - {97844521-9B02-5F4A-6832-B572D5720BB7} - C:\WINDOWS\system32\netjh32.dll
O2 - BHO: Class - {988DC8C7-E652-21EC-B118-A0C2F8D3FD03} - C:\WINDOWS\system32\mfcae.dll (file missing)
O2 - BHO: Class - {9A5DD453-2B63-7128-69B3-DF8DE08210F0} - C:\WINDOWS\system32\winsh32.dll
O2 - BHO: Class - {9AD557DC-60E2-6D19-8F5D-9B004A2149D9} - C:\WINDOWS\sdkue.dll
O2 - BHO: Class - {9D55C141-97B0-C943-E41A-BE16A3D32D53} - C:\WINDOWS\appeo32.dll (file missing)
O2 - BHO: Class - {A25A0FBE-F4CC-7100-C2D6-4AA4632EE591} - C:\WINDOWS\system32\mfcva32.dll
O2 - BHO: Class - {A4844B2A-0F34-63F1-9085-DC85F24E5C19} - C:\WINDOWS\netmb.dll (file missing)
O2 - BHO: Class - {A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} - C:\WINDOWS\system32\ntaj32.dll
O2 - BHO: Class - {A6A72AAF-CB9E-27D8-86D1-5DCB49B7F01F} - C:\WINDOWS\system32\appis.dll
O2 - BHO: Class - {A7E07085-B57F-70F2-3F48-7C08795ADF50} - C:\WINDOWS\system32\addbj.dll
O2 - BHO: Class - {A81BCC5D-44D8-3E61-02BF-B9E0BABCEBCC} - C:\WINDOWS\winjk32.dll
O2 - BHO: Class - {A940618E-7FAF-575F-4E37-F2966FCD0430} - C:\WINDOWS\system32\atlbq32.dll
O2 - BHO: Class - {AC9C4885-7656-D10D-70A9-3D0592AAE898} - C:\WINDOWS\atluk32.dll
O2 - BHO: Class - {AE845430-3B50-352F-A6D3-21174EDCA037} - C:\WINDOWS\system32\javaix.dll
O2 - BHO: Class - {AEDFB120-4369-AEF1-980E-CD34535DC196} - C:\WINDOWS\system32\iprh32.dll (file missing)
O2 - BHO: Class - {AF462537-008A-9CDC-5714-AC5E29B29DDA} - C:\WINDOWS\apitw.dll
O2 - BHO: Class - {AF788EC7-C67D-57FE-2FD3-6EC5D983BABF} - C:\WINDOWS\mfcpi.dll (file missing)
O2 - BHO: Class - {B1D1D324-FC8B-3721-9BF6-C3F37D8175F7} - C:\WINDOWS\system32\netgh32.dll (file missing)
O2 - BHO: Class - {B1D33F22-DCF6-C4F9-36CA-5E85E6824B01} - C:\WINDOWS\system32\winak32.dll (file missing)
O2 - BHO: Class - {B1FF3F19-7676-CE5B-FC1F-3CE368BA9C2F} - C:\WINDOWS\system32\iemb32.dll (file missing)
O2 - BHO: Class - {B27E8BCF-1A21-257E-958D-00B94008A3E8} - C:\WINDOWS\d3mn32.dll (file missing)
O2 - BHO: Class - {B5769D78-B754-5933-4551-D7BB1A2896C7} - C:\WINDOWS\syssv.dll
O2 - BHO: Class - {B8E64B1D-97B9-D9CD-4452-E3D27877AC97} - C:\WINDOWS\system32\d3vb.dll
O2 - BHO: Class - {BA50E5AC-6039-C44B-E0E4-4E13B9CB89AA} - C:\WINDOWS\system32\sdkrm.dll (file missing)
O2 - BHO: Class - {BFF9AA12-B35F-5FD0-E04C-538197D788AE} - C:\WINDOWS\ntsm.dll (file missing)
O2 - BHO: Class - {C0C15DD5-D316-46D2-4F80-397DA0785F03} - C:\WINDOWS\mfciv32.dll
O2 - BHO: Class - {C0C21005-EE4C-81C5-426F-EAF3F15EA4B5} - C:\WINDOWS\system32\winpr.dll
O2 - BHO: Class - {C131A37D-9F99-CE31-6C64-1A436BC9299C} - C:\WINDOWS\system32\d3qr.dll (file missing)
O2 - BHO: Class - {C20A038A-407E-8A25-A19B-78BCAF0F004B} - C:\WINDOWS\ipas32.dll
O2 - BHO: Class - {C3AAEC67-F763-AFDD-7B89-B292B7DC615D} - C:\WINDOWS\system32\netbi32.dll (file missing)
O2 - BHO: Class - {C3DFD60C-F72B-47B4-D7B9-54227AB606A9} - C:\WINDOWS\addup32.dll
O2 - BHO: Class - {C47F26FB-2717-FEB3-9E41-FD54EB783896} - C:\WINDOWS\netnt.dll (file missing)
O2 - BHO: Class - {C7B0E086-75CE-E71D-0DDA-51166A3A3D0F} - C:\WINDOWS\system32\mfcdl32.dll (file missing)
O2 - BHO: Class - {C8D1C684-C2C9-372C-CB57-F9A72CB478D6} - C:\WINDOWS\ntth32.dll
O2 - BHO: Class - {C964ABCA-619A-D517-19F0-3D02D7587F99} - C:\WINDOWS\ntdo.dll (file missing)
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3tp32.dll (file missing)
O2 - BHO: Class - {CD101537-32F8-4AA3-3402-3E75C232A431} - C:\WINDOWS\ipex32.dll (file missing)
O2 - BHO: Class - {CE0313BB-3015-D4A8-1854-F6B277DB070A} - C:\WINDOWS\ieja.dll (file missing)
O2 - BHO: Class - {CF264CBC-F6A6-BCAF-4A88-674D64BFD312} - C:\WINDOWS\system32\sysgw32.dll
O2 - BHO: Class - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - C:\WINDOWS\ieax.dll
O2 - BHO: Class - {D005958B-A70C-E04B-F567-786C7EFC5875} - C:\WINDOWS\system32\msfd32.dll (file missing)
O2 - BHO: Class - {D30AC97E-6571-1DC7-4A47-4FD27E4BC8A4} - C:\WINDOWS\sdkxv.dll
O2 - BHO: Class - {D46A242B-6194-E7D0-7207-4CC5FFB11ADE} - C:\WINDOWS\system32\winjy.dll
O2 - BHO: Class - {DBD602A8-8F55-C964-E168-4A9DD3C20AC4} - C:\WINDOWS\winuv32.dll (file missing)
O2 - BHO: Class - {DC9FB4E0-35CF-8D4C-628B-3690884983C2} - C:\WINDOWS\system32\ipad32.dll (file missing)
O2 - BHO: Class - {DE16FD7C-EF33-8A48-686D-E9319A871319} - C:\WINDOWS\crnz.dll
O2 - BHO: Class - {E0C391EC-E5DC-2EB5-4D6C-E96F55D9CF3A} - C:\WINDOWS\system32\sysvk.dll
O2 - BHO: Class - {E2D18933-6CA1-461A-2D30-CC986B408A2C} - C:\WINDOWS\system32\nethp.dll
O2 - BHO: (no name) - {E3367314-1EAE-8F76-CB90-062589DB57E1} - C:\WINDOWS\system32\appxv.dll (file missing)
O2 - BHO: Class - {E3932B1E-C8F3-EA00-4E09-88EDF68EDE0A} - C:\WINDOWS\apixn32.dll (file missing)
O2 - BHO: Class - {E41D6571-D567-8510-6CC7-77FDC5C43E33} - C:\WINDOWS\msif32.dll (file missing)
O2 - BHO: Class - {E47AA49F-9660-E090-1F8F-172B36FCAD9B} - C:\WINDOWS\system32\msvp.dll
O2 - BHO: Class - {E4F81D49-D627-F1CA-FA4A-24E3C374D656} - C:\WINDOWS\ierx.dll
O2 - BHO: Class - {E5A932D6-23F4-5016-9ABB-AC2CAF1A53A0} - C:\WINDOWS\wincc.dll (file missing)
O2 - BHO: Class - {E68FF21A-1D01-4C00-EDC8-A80470B5A15F} - C:\WINDOWS\system32\appot32.dll (file missing)
O2 - BHO: Class - {E8F9F03A-BE22-03A0-0932-A5CF0D6CA011} - C:\WINDOWS\javahd.dll
O2 - BHO: Class - {E92EFA08-05B6-5902-325B-EF61C5EC29A7} - C:\WINDOWS\system32\winmj32.dll
O2 - BHO: Class - {ECD8EB7B-F315-F6C9-F00A-D133E9653BB1} - C:\WINDOWS\addmh.dll
O2 - BHO: Class - {F1BFBED8-8817-33C8-DB05-3E5843F24CBD} - C:\WINDOWS\system32\atlow32.dll
O2 - BHO: (no name) - {F3AE7EFD-04D4-732F-30B4-3395DFA366FC} - C:\WINDOWS\system32\appxv.dll (file missing)
O2 - BHO: Class - {F4907C9F-9B30-22D6-7C19-69B28CC732FD} - C:\WINDOWS\msxd32.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: Class - {F607095C-FD2B-4343-1C4F-F77394A2E39A} - C:\WINDOWS\system32\apipz32.dll (file missing)
O2 - BHO: Class - {F788F832-21D0-55B5-FC8F-115E62624D9C} - C:\WINDOWS\system32\crqv32.dll (file missing)
O2 - BHO: Class - {FA2F9533-02AC-2257-2C0F-DC0D6F5DCF55} - C:\WINDOWS\system32\atlng32.dll
O2 - BHO: Class - {FB1FF3C6-0115-2FD6-315D-8C97AEC3A3E5} - C:\WINDOWS\appry.dll
O2 - BHO: Class - {FBD81A45-7D6E-CF78-2720-BF05C51B1F0E} - C:\WINDOWS\system32\sdkuq32.dll
O2 - BHO: Class - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - C:\WINDOWS\mshd32.dll
O2 - BHO: Class - {FE20707E-55DD-02AB-49D8-AE6258A0B4A7} - C:\WINDOWS\system32\iefq32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [javacj.exe] C:\WINDOWS\system32\javacj.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [virtual] winit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [addcj32.exe] C:\WINDOWS\addcj32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [khiotcf] C:\WINDOWS\System32\hrvuhq.exe r
O4 - HKLM\..\RunServices: [virtual] winit.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Qqr] C:\WINDOWS\System32\w?auclt.exe
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt ndrv
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/148627d5bcdc51f03a19/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Continuing to wrestle with this one.
Have been able to sort out some of the internet connection issues and was able to run Housecall - trying the Kas online again.
Other: I cleaned (Fixed) up the many 02 entries and some of the 04's
Here my latest... HJT
The sidesearch and nail still are showing.
I'm currently updating this pc with the latest windows updates (was lagging too far behind)
I'm holding off lodaing the sp2 until I get rid of nail.

Any help direction on this one appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:16:54 PM, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\qarrqr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Utilities\hijack this\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [fdixad] C:\WINDOWS\System32\qarrqr.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
 
Joined
Jul 8, 2002
Messages
14,681
  • Run KillBox and select Delete on Reboot
  • Copy this list of file and folder locations:

    C:\WINDOWS\System32\qarrqr.exe
    C:\WINDOWS\dinst.exe
    C:\WINDOWS\svcproc.exe
  • Go to File>>Paste from clipboard. Click All Files
  • Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Fixed and Ran Killbox on suggested.
Looks like some came back
I'm going to re-fix the following..

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [twdfuys] C:\WINDOWS\System32\ebmdual.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Not sure on this one.
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

I'm going to run killbox again on these:
C:\WINDOWS\Nail.exe
C:\WINDOWS\dsr.dll
C:\WINDOWS\System32\ebmdual.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\svcproc.exe



Latest Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 8:19:35 PM, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ebmdual.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Utilities\hijack this\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [twdfuys] C:\WINDOWS\System32\ebmdual.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
 
Joined
Jul 8, 2002
Messages
14,681
Let's try it again.
Uninstall BestOffers Shopping if it appears in Start>>Control Panel>>Add or Remove Programs
Restart in Safe Mode, then fix these in HijackThis

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [twdfuys] C:\WINDOWS\System32\ebmdual.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe

And KillBox these:
C:\WINDOWS\Nail.exe
C:\Program Files\TBONAS\
C:\WINDOWS\System32\ebmdual.exe
C:\WINDOWS\dinst.exe

Restart again, and post a new HJT log.
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Did all that (in safe mode) ...
ran the killbox , ran hjack this .. found nail still there, ran killbox again .. .this time it went
Came back to reg windows desktop and it appears again.also the websearch crap is back.

I'm getting the nail again and this line with a random file name.. O4 - HKLM\..\Run: [jqauqxm] C:\WINDOWS\System32\heftso.exe r


Latest hjt
Logfile of HijackThis v1.99.1
Scan saved at 9:02:16 PM, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\heftso.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Utilities\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [jqauqxm] C:\WINDOWS\System32\heftso.exe r
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Ok, lets start again....
I just discovered that this pc had selective start up enabled via msconfig.
I found newdot net on it and cleanedup every thing but the basics to get to the bottom of this one.

Here is the latest hjt
Logfile of HijackThis v1.99.1
Scan saved at 9:47:53 PM, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\mtjcetm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Utilities\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [uhcoexr] C:\WINDOWS\System32\mtjcetm.exe r
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
 
Joined
Jul 8, 2002
Messages
14,681
I'm not sure why that Nail won't delete still. Run KillBox in normal node and select Standard File Kill. Use that to delete C:\WINDOWS\Nail.exe then fix the Nail entry in HijackThis.
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Ok, I appear to have gotten rid of it.

Ran Killbox again and removed both nail and the other random file.
Rebooted and it appears to be gone.
I'm with you.. not sure why it didn't get removed in the first place.
Not sure if any of the other programs at start up were disguised as something legit.

Appreciate the patience Brendan, I'm monitoring this for a while and will run all the tools again and then update to sp2.
Thanks again... i think we got this one.



Logfile of HijackThis v1.99.1
Scan saved at 10:15:19 PM, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Utilities\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Just an FYI for future Nail infections...(y)

Click here to download Nailfix: http://castlecops.com/zx/flrman1/Nailfix.zip

Save the file to your desktop.
Unzip Nailfix.zip to extract the files it contains.
Do not do anything with it yet. You will run the Nailfix.cmd file later in Safe Mode.

Boot into Safe Mode.

* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Reboot.
 

HOBOcs

Jim
Thread Starter
Joined
Jan 5, 2004
Messages
8,874
Thanks CB - Ran dsrfix and SpSeHjFix - missed this one - so obvious.
I'll add the nailfix to my tool kit. (y)

Marking resolved
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top