HJT Log- Computer Worth Saving?

Verve

Verve

New Member
Here is a log from my brother's laptop. I'll just start by saying that he doesn't know anything about computer security, and it is now overrun with every type of spyware, virus, etc. that I can think of. Well, at this point its pretty useless, IE won't work, MS Word fails and so on...

He had Lime, and let Norton expire (I'm gonna go ahead an get him Avast once I get it running again). MS anti-spyware freezes, same with Ad-aware.

Is this comp savable? Or should I just go forward an reformat it, wipe the slate clean?

__

Logfile of HijackThis v1.99.1
Scan saved at 8:38:28 PM, on 12/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
A:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/003/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/003/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {10FD73CB-AFFE-F815-78AD-30359A3E5683} - C:\WINDOWS\system32\hlpcuioc.exe (file missing)
R3 - URLSearchHook: (no name) - {42FBC138-3A58-DC78-85FD-2506C13EE416} - ftbar.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {044CE81C-0B5A-4662-811A-30EE5BF0FA95} - C:\WINDOWS\System32\msbc.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A7AA1FF5-F373-4B7F-9DBB-552F7DCCB181} - C:\WINDOWS\System32\jdod.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKLM\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKLM\..\Run: [E724F20E] C:\WINDOWS\system32\insrrtut.exe
O4 - HKLM\..\Run: [FAD84EEB] C:\WINDOWS\system32\tdllegnp.exe
O4 - HKLM\..\Run: [898D564E] C:\WINDOWS\system32\inenhens.exe
O4 - HKLM\..\Run: [FC885B86] C:\WINDOWS\system32\dcr3msx.exe
O4 - HKLM\..\Run: [CB6C1476] C:\WINDOWS\system32\gehhsvapph.exe
O4 - HKLM\..\Run: [E00CC186] C:\WINDOWS\system32\i32z3ndde.exe
O4 - HKLM\..\Run: [SAPSTR] startman.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] msag.exe
O4 - HKLM\..\Run: [DA6F0D5B] C:\WINDOWS\system32\k32rt4api.exe
O4 - HKLM\..\Run: [A4285676] C:\WINDOWS\system32\phlsvc.exe
O4 - HKLM\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKLM\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKLM\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKLM\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKLM\..\Run: [E2D88E63] C:\WINDOWS\system32\vision.exe
O4 - HKLM\..\Run: [4BE86CEE] C:\WINDOWS\system32\ootvses.exe
O4 - HKLM\..\Run: [B704D9DB] C:\WINDOWS\system32\oleauhel.exe
O4 - HKLM\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKLM\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [8B10B37B] C:\WINDOWS\system32\pmsgsrv.exe
O4 - HKLM\..\Run: [FFC955D3] C:\WINDOWS\system32\ptdlntpc.exe
O4 - HKLM\..\Run: [5B2C40C6] C:\WINDOWS\system32\vcrprnr.exe
O4 - HKLM\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKLM\..\Run: [886C4DE6] C:\WINDOWS\system32\v32int.exe
O4 - HKLM\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKLM\..\Run: [ED12D8D3] C:\WINDOWS\system32\srapi.exe
O4 - HKLM\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKLM\..\Run: [CD753856] C:\WINDOWS\system32\tlctivi32.exe
O4 - HKLM\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKLM\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKLM\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKLM\..\Run: [4BBBD356] C:\WINDOWS\system32\pmsapi3.exe
O4 - HKLM\..\Run: [D3FA3ECE] C:\WINDOWS\system32\srvdiven.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKLM\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKLM\..\Run: [avpmondll] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [media64] uio.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmfeb.exe] C:\WINDOWS\System32\dmfeb.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKCU\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKCU\..\Run: [E724F20E] C:\WINDOWS\system32\insrrtut.exe
O4 - HKCU\..\Run: [FAD84EEB] C:\WINDOWS\system32\tdllegnp.exe
O4 - HKCU\..\Run: [898D564E] C:\WINDOWS\system32\inenhens.exe
O4 - HKCU\..\Run: [FC885B86] C:\WINDOWS\system32\dcr3msx.exe
O4 - HKCU\..\Run: [E00CC186] C:\WINDOWS\system32\i32z3ndde.exe
O4 - HKCU\..\Run: [CB6C1476] C:\WINDOWS\system32\gehhsvapph.exe
O4 - HKCU\..\Run: [DA6F0D5B] C:\WINDOWS\system32\k32rt4api.exe
O4 - HKCU\..\Run: [A4285676] C:\WINDOWS\system32\phlsvc.exe
O4 - HKCU\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKCU\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKCU\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKCU\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKCU\..\Run: [E2D88E63] C:\WINDOWS\system32\vision.exe
O4 - HKCU\..\Run: [B704D9DB] C:\WINDOWS\system32\oleauhel.exe
O4 - HKCU\..\Run: [4BE86CEE] C:\WINDOWS\system32\ootvses.exe
O4 - HKCU\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKCU\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKCU\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKCU\..\Run: [8B10B37B] C:\WINDOWS\system32\pmsgsrv.exe
O4 - HKCU\..\Run: [FFC955D3] C:\WINDOWS\system32\ptdlntpc.exe
O4 - HKCU\..\Run: [5B2C40C6] C:\WINDOWS\system32\vcrprnr.exe
O4 - HKCU\..\Run: [886C4DE6] C:\WINDOWS\system32\v32int.exe
O4 - HKCU\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKCU\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKCU\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKCU\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKCU\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKCU\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKCU\..\Run: [CD753856] C:\WINDOWS\system32\tlctivi32.exe
O4 - HKCU\..\Run: [ED12D8D3] C:\WINDOWS\system32\srapi.exe
O4 - HKCU\..\Run: [D3FA3ECE] C:\WINDOWS\system32\srvdiven.exe
O4 - HKCU\..\Run: [4BBBD356] C:\WINDOWS\system32\pmsapi3.exe
O4 - HKCU\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKCU\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WhatsNewBot] powerdll.exe
O4 - HKCU\..\Run: [teqq32] teqq32.exe
O4 - HKCU\..\Run: [MSTCPDLL] ssweeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sharp-business.com/
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104115758868
O17 - HKLM\System\CCS\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDEDC261-38BC-439F-9F2C-9CFC1FA83FCA}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE68BF13-C11E-4E73-AF4F-5EBD05BFE6C5}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O18 - Filter: text/plain - {179ADF6A-AC16-4529-B36E-BC6C96AA739D} - C:\WINDOWS\System32\jdod.dll
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\ZA1Z5.dll
O21 - SSODL: SecurityUpdate - {794C262A-B491-4E53-9AD3-174C3404D3C4} - C:\WINDOWS\System32\rasabdbu.ocx
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
You have alot of spyware on there, dont realy know what to tell you if you cant run any programs like spybot, maybe buzz or byteman can help you!

Try downloading ewido and update it and run it and then post new hijack this log!

http://www.ewido.net/en/
 
yea, try anything to get adaware to run. do a selective startup and dont load anything you dont need to use. adaware gets rid of a HUGE chunk of stuff.
 
That is one nasty log. Let's clean things up a bit first.

If you haven't already got Adaware, Spybot and Ewido, download and update them.

I think there may be a rootkit involved, follow these instructions carefully.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Then boot into safemode and run Spysweeper.

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

Exit Spy Sweeper.

Then run Adaware, Spybot and Ewido, remove all they find.

Then boot back to normal mode and post a new Hijackthis log.
 
Ok, I'll have to wait a bit for my brother to give me his computer.

EDIT: It may be a day or two
 
Last edited:
I think that unless the laptop is old then you should just reformat. You could spend hours trying to get programs to get rid of all the things on that computer just wipe it and start new.
 
I will try at least first. My brother has basically all his College asignments on it, and the CD burner is a bit faulty.

I should be able to get to it tomarrow.
 
I got Ewido and it caught a bunch of trojans. The computer has since then been running a bit faster.

I was only able to run ad-aware for about 2 minutes before it freezes, I had to stop and delete what I had, about 30 objects.

I have also gotten ZoneAlarm and Avast! to replace the expired Norton (which will not delete by the way). Avast deleted a number of trojans as well.

The internet explorer will not work anyomore. Nothing will connect to the internet except for Limewire once in a while. Strange.

Here is the new log, it does seem a bit shorter.
_____________

Logfile of HijackThis v1.99.1
Scan saved at 6:51:38 PM, on 12/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
A:\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/003/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R3 - URLSearchHook: (no name) - {10FD73CB-AFFE-F815-78AD-30359A3E5683} - C:\WINDOWS\system32\hlpcuioc.exe (file missing)
R3 - URLSearchHook: (no name) - {42FBC138-3A58-DC78-85FD-2506C13EE416} - ftbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {044CE81C-0B5A-4662-811A-30EE5BF0FA95} - C:\WINDOWS\System32\msbc.dll (file missing)
O2 - BHO: (no name) - {A7AA1FF5-F373-4B7F-9DBB-552F7DCCB181} - C:\WINDOWS\System32\jdod.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [SAPSTR] startman.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] msag.exe
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [avpmondll] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [media64] uio.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [dmfeb.exe] C:\WINDOWS\System32\dmfeb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\CHRISL~1.YOU\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKCU\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKCU\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKCU\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKCU\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKCU\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKCU\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKCU\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKCU\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKCU\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKCU\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKCU\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKCU\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKCU\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKCU\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKCU\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKCU\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKCU\..\Run: [WhatsNewBot] powerdll.exe
O4 - HKCU\..\Run: [teqq32] teqq32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sharp-business.com/
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104115758868
O17 - HKLM\System\CCS\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDEDC261-38BC-439F-9F2C-9CFC1FA83FCA}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE68BF13-C11E-4E73-AF4F-5EBD05BFE6C5}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O18 - Filter: text/plain - {179ADF6A-AC16-4529-B36E-BC6C96AA739D} - C:\WINDOWS\System32\jdod.dll
O20 - Winlogon Notify: iexplore - ZA1Z5.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: SecurityUpdate - {794C262A-B491-4E53-9AD3-174C3404D3C4} - C:\WINDOWS\System32\rasabdbu.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/003/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R3 - URLSearchHook: (no name) - {10FD73CB-AFFE-F815-78AD-30359A3E5683} - C:\WINDOWS\system32\hlpcuioc.exe (file missing)
R3 - URLSearchHook: (no name) - {42FBC138-3A58-DC78-85FD-2506C13EE416} - ftbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {044CE81C-0B5A-4662-811A-30EE5BF0FA95} - C:\WINDOWS\System32\msbc.dll (file missing)
O2 - BHO: (no name) - {A7AA1FF5-F373-4B7F-9DBB-552F7DCCB181} - C:\WINDOWS\System32\jdod.dll (file missing)
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [SAPSTR] startman.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] msag.exe
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [avpmondll] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [media64] uio.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [dmfeb.exe] C:\WINDOWS\System32\dmfeb.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\CHRISL~1.YOU\LOCALS~1\Temp\DELDIR0.EX E" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKCU\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKCU\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKCU\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKCU\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKCU\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKCU\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKCU\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKCU\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKCU\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKCU\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKCU\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKCU\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKCU\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKCU\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKCU\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKCU\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKCU\..\Run: [WhatsNewBot] powerdll.exe
O4 - HKCU\..\Run: [teqq32] teqq32.exe
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDEDC261-38BC-439F-9F2C-9CFC1FA83FCA}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE68BF13-C11E-4E73-AF4F-5EBD05BFE6C5}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O18 - Filter: text/plain - {179ADF6A-AC16-4529-B36E-BC6C96AA739D} - C:\WINDOWS\System32\jdod.dll
O20 - Winlogon Notify: iexplore - ZA1Z5.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: SecurityUpdate - {794C262A-B491-4E53-9AD3-174C3404D3C4} - C:\WINDOWS\System32\rasabdbu.ocx

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, restart your computer again, and post a new Hijackthis log.
 
limewire is a killer. i would NEVER use it on one of my own. if i had to go p2p, i would just use bearshare. much better.

ugh. limewire bad. ugh
 
It says to post this, and then it ended. What does it mean?



Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
33,32,45,56,4e,54,31,2e,44,4c,4c,00,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,\
6c,65,73,5c,41,6c,77,69,6c,20,53,6f,66,74,77,61,72,65,5c,41,76,61,73,74,34,\
5c,61,73,77,4d,6f,6e,56,64,2e,64,6c,6c,00,00
.....
End vxd check
.....
please post this at the forum
 
Last edited:
krimson_king said:
limewire is a killer. i would NEVER use it on one of my own. if i had to go p2p, i would just use bearshare. much better.

ugh. limewire bad. ugh
Click to expand...

Limewire (Even the free version is spyware free) I tried bearshare and got 144 spyware infections so please do not follow that advice! Sorry for interupting in the middle of fix but just wanted that to be known!
 
Starwarsman said:
It says to post this, and then it ended. What does it mean?



Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
33,32,45,56,4e,54,31,2e,44,4c,4c,00,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,\
6c,65,73,5c,41,6c,77,69,6c,20,53,6f,66,74,77,61,72,65,5c,41,76,61,73,74,34,\
5c,61,73,77,4d,6f,6e,56,64,2e,64,6c,6c,00,00
.....
End vxd check
.....
please post this at the forum
Click to expand...

Post a new Hijackthis log.
 
well, limewire has been nothing but trouble, for a number of computers i have used. bearshare on the other hand was not, soo...it could be any number of things. either way, its all sketchy business.
 
Logfile of HijackThis v1.99.1
Scan saved at 11:09:06 AM, on 12/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\wuauclt.exe
A:\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKLM\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKLM\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKLM\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKLM\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKLM\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKLM\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKLM\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKLM\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKLM\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKLM\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKLM\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKLM\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKLM\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKLM\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [MSTCPDLL] ssweeper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FFC955D3] C:\WINDOWS\system32\ptdlntpc.exe
O4 - HKCU\..\Run: [FC885B86] C:\WINDOWS\system32\dcr3msx.exe
O4 - HKCU\..\Run: [FAD84EEB] C:\WINDOWS\system32\tdllegnp.exe
O4 - HKCU\..\Run: [ED12D8D3] C:\WINDOWS\system32\srapi.exe
O4 - HKCU\..\Run: [E724F20E] C:\WINDOWS\system32\insrrtut.exe
O4 - HKCU\..\Run: [E2D88E63] C:\WINDOWS\system32\vision.exe
O4 - HKCU\..\Run: [E00CC186] C:\WINDOWS\system32\i32z3ndde.exe
O4 - HKCU\..\Run: [DA6F0D5B] C:\WINDOWS\system32\k32rt4api.exe
O4 - HKCU\..\Run: [D3FA3ECE] C:\WINDOWS\system32\srvdiven.exe
O4 - HKCU\..\Run: [CD753856] C:\WINDOWS\system32\tlctivi32.exe
O4 - HKCU\..\Run: [CB6C1476] C:\WINDOWS\system32\gehhsvapph.exe
O4 - HKCU\..\Run: [B704D9DB] C:\WINDOWS\system32\oleauhel.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [A4285676] C:\WINDOWS\system32\phlsvc.exe
O4 - HKCU\..\Run: [8B10B37B] C:\WINDOWS\system32\pmsgsrv.exe
O4 - HKCU\..\Run: [898D564E] C:\WINDOWS\system32\inenhens.exe
O4 - HKCU\..\Run: [886C4DE6] C:\WINDOWS\system32\v32int.exe
O4 - HKCU\..\Run: [5B2C40C6] C:\WINDOWS\system32\vcrprnr.exe
O4 - HKCU\..\Run: [4BE86CEE] C:\WINDOWS\system32\ootvses.exe
O4 - HKCU\..\Run: [4BBBD356] C:\WINDOWS\system32\pmsapi3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sharp-business.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104115758868
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 
You must log in or register to reply here.
Back
Top