Jump to content

- - - - -

More win32 problems

  • Please log in to reply
48 replies to this topic

#1 Guest_Guest_tektok3_*_*

  • Guests

Posted 05 September 2005 - 10:43 AM

I am having win32 problems, as well as the smartsecurity desktop. Also, I have cox internet and am using their firewall, antivirus, etc. What do you think of the coxware? The smartsecurity desktop showed up after I started using the package from cox, and I wonder if it downloaded with the cox stuff. Should I get rid of the cox stuff, and use something else?

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:08 AM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {BD9CF1BA-C149-7FD6-0BF4-CE2A97CF0E4F} - C:\WINDOWS\sdklz32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [d3ty32.exe] C:\WINDOWS\system32\d3ty32.exe
O4 - HKLM\..\Run: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\Run: [mfcya32.exe] C:\WINDOWS\mfcya32.exe
O4 - HKLM\..\Run: [netkg32.exe] C:\WINDOWS\system32\netkg32.exe
O4 - HKLM\..\Run: [mfcgo32.exe] C:\WINDOWS\system32\mfcgo32.exe
O4 - HKLM\..\Run: [ieui32.exe] C:\WINDOWS\ieui32.exe
O4 - HKLM\..\Run: [d3hq32.exe] C:\WINDOWS\d3hq32.exe
O4 - HKLM\..\Run: [ipbf32.exe] C:\WINDOWS\system32\ipbf32.exe
O4 - HKLM\..\Run: [appwg32.exe] C:\WINDOWS\appwg32.exe
O4 - HKLM\..\Run: [cruu.exe] C:\WINDOWS\system32\cruu.exe
O4 - HKLM\..\Run: [d3ne.exe] C:\WINDOWS\system32\d3ne.exe
O4 - HKLM\..\Run: [sdkqp.exe] C:\WINDOWS\system32\sdkqp.exe
O4 - HKLM\..\Run: [d3mr32.exe] C:\WINDOWS\system32\d3mr32.exe
O4 - HKLM\..\Run: [atltm32.exe] C:\WINDOWS\atltm32.exe
O4 - HKLM\..\Run: [crfq32.exe] C:\WINDOWS\system32\crfq32.exe
O4 - HKLM\..\Run: [sdkzd32.exe] C:\WINDOWS\sdkzd32.exe
O4 - HKLM\..\Run: [sdksi.exe] C:\WINDOWS\sdksi.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [atlxm32.exe] C:\WINDOWS\atlxm32.exe
O4 - HKLM\..\Run: [apida.exe] C:\WINDOWS\apida.exe
O4 - HKLM\..\Run: [javajm32.exe] C:\WINDOWS\system32\javajm32.exe
O4 - HKLM\..\Run: [winpl.exe] C:\WINDOWS\system32\winpl.exe
O4 - HKLM\..\Run: [systf32.exe] C:\WINDOWS\system32\systf32.exe
O4 - HKLM\..\Run: [sdkpm.exe] C:\WINDOWS\system32\sdkpm.exe
O4 - HKLM\..\Run: [appws32.exe] C:\WINDOWS\system32\appws32.exe
O4 - HKLM\..\Run: [Upp] C:\WINDOWS\Qab.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Systemos Restart] Rundll32.exe pifn.dll, DllRegisterServer
O4 - HKLM\..\Run: [Mbg] C:\WINDOWS\System32\Ohg.exe
O4 - HKLM\..\Run: [Tgv] C:\WINDOWS\System32\Ted.exe
O4 - HKLM\..\Run: [Etc] C:\WINDOWS\Sea.exe
O4 - HKLM\..\Run: [Noh] C:\WINDOWS\Cri.exe
O4 - HKLM\..\Run: [Nlq] C:\WINDOWS\Hft.exe
O4 - HKLM\..\Run: [Dfl] C:\WINDOWS\System32\Uuj.exe
O4 - HKLM\..\Run: [Epm] C:\WINDOWS\Uni.exe
O4 - HKLM\..\Run: [Gai] C:\WINDOWS\System32\Sgf.exe
O4 - HKLM\..\Run: [Nbh] C:\WINDOWS\Hpr.exe
O4 - HKLM\..\Run: [Dig] C:\WINDOWS\Rer.exe
O4 - HKLM\..\Run: [Hrp] C:\WINDOWS\System32\Cci.exe
O4 - HKLM\..\Run: [Vic] C:\WINDOWS\System32\Poo.exe
O4 - HKLM\..\Run: [Mit] C:\WINDOWS\Ljt.exe
O4 - HKLM\..\Run: [Jji] C:\WINDOWS\Ilc.exe
O4 - HKLM\..\Run: [Thd] C:\WINDOWS\Rkm.exe
O4 - HKLM\..\Run: [Cfn] C:\WINDOWS\System32\Ecc.exe
O4 - HKLM\..\Run: [Qpt] C:\WINDOWS\System32\Nqr.exe
O4 - HKLM\..\Run: [Qob] C:\WINDOWS\Eom.exe
O4 - HKLM\..\Run: [Duc] C:\WINDOWS\Elr.exe
O4 - HKLM\..\Run: [Alp] C:\WINDOWS\Dre.exe
O4 - HKLM\..\Run: [Mog] C:\WINDOWS\System32\Alk.exe
O4 - HKLM\..\Run: [Nmp] C:\WINDOWS\Nnl.exe
O4 - HKLM\..\Run: [Dmg] C:\WINDOWS\System32\Srs.exe
O4 - HKLM\..\Run: [Hoi] C:\WINDOWS\System32\Fuh.exe
O4 - HKLM\..\Run: [Ruk] C:\WINDOWS\Hvq.exe
O4 - HKLM\..\Run: [Pad] C:\WINDOWS\System32\Bun.exe
O4 - HKLM\..\Run: [Tti] C:\WINDOWS\Lua.exe
O4 - HKLM\..\Run: [Mvk] C:\WINDOWS\Udn.exe
O4 - HKLM\..\Run: [Hcr] C:\WINDOWS\System32\Uel.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\Sha.exe
O4 - HKLM\..\Run: [Cnr] C:\WINDOWS\System32\Erc.exe
O4 - HKLM\..\Run: [Gcs] C:\WINDOWS\System32\Utn.exe
O4 - HKLM\..\Run: [Mom] C:\WINDOWS\System32\Bah.exe
O4 - HKLM\..\Run: [Vou] C:\WINDOWS\System32\Svn.exe
O4 - HKLM\..\Run: [Ifa] C:\WINDOWS\System32\Jea.exe
O4 - HKLM\..\Run: [Imu] C:\WINDOWS\System32\Ama.exe
O4 - HKLM\..\Run: [Bgm] C:\WINDOWS\System32\Ppu.exe
O4 - HKLM\..\Run: [Lfr] C:\WINDOWS\System32\Tnl.exe
O4 - HKLM\..\Run: [Jcc] C:\WINDOWS\System32\Ega.exe
O4 - HKLM\..\Run: [Ebg] C:\WINDOWS\Dai.exe
O4 - HKLM\..\Run: [Ctj] C:\WINDOWS\System32\Nll.exe
O4 - HKLM\..\Run: [Buu] C:\WINDOWS\Abv.exe
O4 - HKLM\..\Run: [Dgg] C:\WINDOWS\Rmf.exe
O4 - HKLM\..\Run: [Blb] C:\WINDOWS\System32\Lci.exe
O4 - HKLM\..\Run: [Qme] C:\WINDOWS\System32\Dku.exe
O4 - HKLM\..\Run: [Cqk] C:\WINDOWS\System32\Nvb.exe
O4 - HKLM\..\Run: [Kig] C:\WINDOWS\System32\Tom.exe
O4 - HKLM\..\Run: [Lor] C:\WINDOWS\System32\Cuj.exe
O4 - HKLM\..\Run: [Bds] C:\WINDOWS\System32\Eij.exe
O4 - HKLM\..\Run: [Vmk] C:\WINDOWS\Vaf.exe
O4 - HKLM\..\Run: [Bvr] C:\WINDOWS\Cof.exe
O4 - HKLM\..\Run: [Ufb] C:\WINDOWS\System32\Vni.exe
O4 - HKLM\..\Run: [Gtn] C:\WINDOWS\Ibu.exe
O4 - HKLM\..\Run: [Jsv] C:\WINDOWS\System32\Ovf.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Qko.exe
O4 - HKLM\..\Run: [Alq] C:\WINDOWS\Maj.exe
O4 - HKLM\..\Run: [Vor] C:\WINDOWS\System32\Bes.exe
O4 - HKLM\..\Run: [Pcd] C:\WINDOWS\Ijs.exe
O4 - HKLM\..\Run: [Cfb] C:\WINDOWS\Pkm.exe
O4 - HKLM\..\Run: [Ugm] C:\WINDOWS\System32\Upp.exe
O4 - HKLM\..\Run: [Fbk] C:\WINDOWS\Use.exe
O4 - HKLM\..\Run: [Gom] C:\WINDOWS\Ncn.exe
O4 - HKLM\..\Run: [Uci] C:\WINDOWS\System32\Tca.exe
O4 - HKLM\..\Run: [Rnq] C:\WINDOWS\System32\Jpe.exe
O4 - HKLM\..\Run: [Api] C:\WINDOWS\Jlr.exe
O4 - HKLM\..\Run: [Qov] C:\WINDOWS\Tqi.exe
O4 - HKLM\..\Run: [Iin] C:\WINDOWS\System32\Ncm.exe
O4 - HKLM\..\Run: [Tjj] C:\WINDOWS\System32\Ppe.exe
O4 - HKLM\..\Run: [Ahe] C:\WINDOWS\System32\Plc.exe
O4 - HKLM\..\Run: [Nhn] C:\WINDOWS\Fdh.exe
O4 - HKLM\..\Run: [Rln] C:\WINDOWS\System32\Irp.exe
O4 - HKLM\..\Run: [Cqr] C:\WINDOWS\Onl.exe
O4 - HKLM\..\Run: [Cni] C:\WINDOWS\Sgc.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Bfe.exe
O4 - HKLM\..\Run: [Aua] C:\WINDOWS\System32\Ljg.exe
O4 - HKLM\..\Run: [Gba] C:\WINDOWS\System32\Dql.exe
O4 - HKLM\..\Run: [Qok] C:\WINDOWS\System32\Rrj.exe
O4 - HKLM\..\Run: [Iuu] C:\WINDOWS\Tjm.exe
O4 - HKLM\..\Run: [Lfo] C:\WINDOWS\Qsl.exe
O4 - HKLM\..\Run: [Kdm] C:\WINDOWS\Chf.exe
O4 - HKLM\..\Run: [Qjb] C:\WINDOWS\System32\Eap.exe
O4 - HKLM\..\Run: [Hnp] C:\WINDOWS\Cks.exe
O4 - HKLM\..\Run: [Ucm] C:\WINDOWS\System32\Tug.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\Rpt.exe
O4 - HKLM\..\Run: [Qvn] C:\WINDOWS\System32\Pgf.exe
O4 - HKLM\..\Run: [Shh] C:\WINDOWS\Hnb.exe
O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\Gmv.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Oma.exe
O4 - HKLM\..\Run: [Pih] C:\WINDOWS\System32\Ace.exe
O4 - HKLM\..\Run: [mfcuc.exe] C:\WINDOWS\mfcuc.exe
O4 - HKLM\..\Run: [Nle] C:\WINDOWS\Ofo.exe
O4 - HKLM\..\Run: [Acj] C:\WINDOWS\System32\Dps.exe
O4 - HKLM\..\Run: [Jlj] C:\WINDOWS\Sft.exe
O4 - HKLM\..\Run: [Sdv] C:\WINDOWS\Ikg.exe
O4 - HKLM\..\RunOnce: [atldi32.exe] C:\WINDOWS\atldi32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Upp] C:\WINDOWS\Qab.exe
O4 - HKCU\..\Run: [xservice] C:\DOCUME~1\Owner\LOCALS~1\Temp\temp25.exe
O4 - HKCU\..\Run: [Mbg] C:\WINDOWS\System32\Ohg.exe
O4 - HKCU\..\Run: [Tgv] C:\WINDOWS\System32\Ted.exe
O4 - HKCU\..\Run: [Etc] C:\WINDOWS\Sea.exe
O4 - HKCU\..\Run: [Noh] C:\WINDOWS\Cri.exe
O4 - HKCU\..\Run: [Nlq] C:\WINDOWS\Hft.exe
O4 - HKCU\..\Run: [Dfl] C:\WINDOWS\System32\Uuj.exe
O4 - HKCU\..\Run: [Epm] C:\WINDOWS\Uni.exe
O4 - HKCU\..\Run: [Gai] C:\WINDOWS\System32\Sgf.exe
O4 - HKCU\..\Run: [Nbh] C:\WINDOWS\Hpr.exe
O4 - HKCU\..\Run: [Dig] C:\WINDOWS\Rer.exe
O4 - HKCU\..\Run: [Hrp] C:\WINDOWS\System32\Cci.exe
O4 - HKCU\..\Run: [Vic] C:\WINDOWS\System32\Poo.exe
O4 - HKCU\..\Run: [Mit] C:\WINDOWS\Ljt.exe
O4 - HKCU\..\Run: [winservice] C:\WINDOWS\services\svchost.exe
O4 - HKCU\..\Run: [Jji] C:\WINDOWS\Ilc.exe
O4 - HKCU\..\Run: [Thd] C:\WINDOWS\Rkm.exe
O4 - HKCU\..\Run: [Cfn] C:\WINDOWS\System32\Ecc.exe
O4 - HKCU\..\Run: [Qpt] C:\WINDOWS\System32\Nqr.exe
O4 - HKCU\..\Run: [Qob] C:\WINDOWS\Eom.exe
O4 - HKCU\..\Run: [Duc] C:\WINDOWS\Elr.exe
O4 - HKCU\..\Run: [Alp] C:\WINDOWS\Dre.exe
O4 - HKCU\..\Run: [Mog] C:\WINDOWS\System32\Alk.exe
O4 - HKCU\..\Run: [Nmp] C:\WINDOWS\Nnl.exe
O4 - HKCU\..\Run: [Dmg] C:\WINDOWS\System32\Srs.exe
O4 - HKCU\..\Run: [Hoi] C:\WINDOWS\System32\Fuh.exe
O4 - HKCU\..\Run: [Ruk] C:\WINDOWS\Hvq.exe
O4 - HKCU\..\Run: [Pad] C:\WINDOWS\System32\Bun.exe
O4 - HKCU\..\Run: [Tti] C:\WINDOWS\Lua.exe
O4 - HKCU\..\Run: [Mvk] C:\WINDOWS\Udn.exe
O4 - HKCU\..\Run: [Hcr] C:\WINDOWS\System32\Uel.exe
O4 - HKCU\..\Run: [Dsi] C:\WINDOWS\Sha.exe
O4 - HKCU\..\Run: [Cnr] C:\WINDOWS\System32\Erc.exe
O4 - HKCU\..\Run: [Gcs] C:\WINDOWS\System32\Utn.exe
O4 - HKCU\..\Run: [Mom] C:\WINDOWS\System32\Bah.exe
O4 - HKCU\..\Run: [Vou] C:\WINDOWS\System32\Svn.exe
O4 - HKCU\..\Run: [Ifa] C:\WINDOWS\System32\Jea.exe
O4 - HKCU\..\Run: [Imu] C:\WINDOWS\System32\Ama.exe
O4 - HKCU\..\Run: [Bgm] C:\WINDOWS\System32\Ppu.exe
O4 - HKCU\..\Run: [Lfr] C:\WINDOWS\System32\Tnl.exe
O4 - HKCU\..\Run: [Jcc] C:\WINDOWS\System32\Ega.exe
O4 - HKCU\..\Run: [Ebg] C:\WINDOWS\Dai.exe
O4 - HKCU\..\Run: [Ctj] C:\WINDOWS\System32\Nll.exe
O4 - HKCU\..\Run: [Buu] C:\WINDOWS\Abv.exe
O4 - HKCU\..\Run: [Dgg] C:\WINDOWS\Rmf.exe
O4 - HKCU\..\Run: [Blb] C:\WINDOWS\System32\Lci.exe
O4 - HKCU\..\Run: [Qme] C:\WINDOWS\System32\Dku.exe
O4 - HKCU\..\Run: [Cqk] C:\WINDOWS\System32\Nvb.exe
O4 - HKCU\..\Run: [Kig] C:\WINDOWS\System32\Tom.exe
O4 - HKCU\..\Run: [Lor] C:\WINDOWS\System32\Cuj.exe
O4 - HKCU\..\Run: [Bds] C:\WINDOWS\System32\Eij.exe
O4 - HKCU\..\Run: [Vmk] C:\WINDOWS\Vaf.exe
O4 - HKCU\..\Run: [Bvr] C:\WINDOWS\Cof.exe
O4 - HKCU\..\Run: [Ufb] C:\WINDOWS\System32\Vni.exe
O4 - HKCU\..\Run: [Gtn] C:\WINDOWS\Ibu.exe
O4 - HKCU\..\Run: [Jsv] C:\WINDOWS\System32\Ovf.exe
O4 - HKCU\..\Run: [Rhv] C:\WINDOWS\Qko.exe
O4 - HKCU\..\Run: [Alq] C:\WINDOWS\Maj.exe
O4 - HKCU\..\Run: [Vor] C:\WINDOWS\System32\Bes.exe
O4 - HKCU\..\Run: [Pcd] C:\WINDOWS\Ijs.exe
O4 - HKCU\..\Run: [Cfb] C:\WINDOWS\Pkm.exe
O4 - HKCU\..\Run: [Ugm] C:\WINDOWS\System32\Upp.exe
O4 - HKCU\..\Run: [Fbk] C:\WINDOWS\Use.exe
O4 - HKCU\..\Run: [Gom] C:\WINDOWS\Ncn.exe
O4 - HKCU\..\Run: [Uci] C:\WINDOWS\System32\Tca.exe
O4 - HKCU\..\Run: [Rnq] C:\WINDOWS\System32\Jpe.exe
O4 - HKCU\..\Run: [Api] C:\WINDOWS\Jlr.exe
O4 - HKCU\..\Run: [Qov] C:\WINDOWS\Tqi.exe
O4 - HKCU\..\Run: [Iin] C:\WINDOWS\System32\Ncm.exe
O4 - HKCU\..\Run: [Tjj] C:\WINDOWS\System32\Ppe.exe
O4 - HKCU\..\Run: [Ahe] C:\WINDOWS\System32\Plc.exe
O4 - HKCU\..\Run: [Nhn] C:\WINDOWS\Fdh.exe
O4 - HKCU\..\Run: [Rln] C:\WINDOWS\System32\Irp.exe
O4 - HKCU\..\Run: [Cqr] C:\WINDOWS\Onl.exe
O4 - HKCU\..\Run: [Cni] C:\WINDOWS\Sgc.exe
O4 - HKCU\..\Run: [Rmt] C:\WINDOWS\Bfe.exe
O4 - HKCU\..\Run: [Aua] C:\WINDOWS\System32\Ljg.exe
O4 - HKCU\..\Run: [Gba] C:\WINDOWS\System32\Dql.exe
O4 - HKCU\..\Run: [Qok] C:\WINDOWS\System32\Rrj.exe
O4 - HKCU\..\Run: [Iuu] C:\WINDOWS\Tjm.exe
O4 - HKCU\..\Run: [Lfo] C:\WINDOWS\Qsl.exe
O4 - HKCU\..\Run: [Kdm] C:\WINDOWS\Chf.exe
O4 - HKCU\..\Run: [Qjb] C:\WINDOWS\System32\Eap.exe
O4 - HKCU\..\Run: [Hnp] C:\WINDOWS\Cks.exe
O4 - HKCU\..\Run: [Ucm] C:\WINDOWS\System32\Tug.exe
O4 - HKCU\..\Run: [Vek] C:\WINDOWS\Rpt.exe
O4 - HKCU\..\Run: [Qvn] C:\WINDOWS\System32\Pgf.exe
O4 - HKCU\..\Run: [Shh] C:\WINDOWS\Hnb.exe
O4 - HKCU\..\Run: [Qsh] C:\WINDOWS\Gmv.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Oma.exe
O4 - HKCU\..\Run: [Pih] C:\WINDOWS\System32\Ace.exe
O4 - HKCU\..\Run: [Nle] C:\WINDOWS\Ofo.exe
O4 - HKCU\..\Run: [Acj] C:\WINDOWS\System32\Dps.exe
O4 - HKCU\..\Run: [Jlj] C:\WINDOWS\Sft.exe
O4 - HKCU\..\Run: [Sdv] C:\WINDOWS\Ikg.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WindowsUpdate23452[1].exe
O4 - Startup: winupdate07503810[1].exe
O4 - Startup: winupdate19698025[1].exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range:
O15 - Trusted IP range: (HKLM)
O16 - DPF: {42B4A4BC-E46F-2B93-417D-7F1E6F6F1EBA} -
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11F▀ń#Ě║─Í`I) - Unknown owner - C:\WINDOWS\sysay32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common files\WinTools\WToolsS.exe (file missing)

#2 tektok3



  • Members
  • PipPip
  • 36 posts

Posted 05 September 2005 - 10:45 AM

Oops. I didn't log in. That was me.

#3 guestolo


    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 September 2005 - 11:06 AM

HI again tektok3

You have a few problems on your computer, we should be able to rid you of all of them

Can you do the following for me first please

Open Hijackthis>>Open Misc Tools Section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop and then copy and paste back here the contents

Can you also do the following
==Download and save WinPFind.zip
UNZIP the contents to your desktop or a folder
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Then click Start Scan
This could take some time as it will scan your drive
Go to the WinPFind folder
Locate WinPFind.txt in the WinPfind folder

Post the results of the WindPFind.txt

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here

#4 tektok3



  • Members
  • PipPip
  • 36 posts

Posted 05 September 2005 - 01:10 PM

Okie-dokie. Here is my SAVE LIST list from Hijackthis. I will post the WinPFind stuff as soon as it finishes scanning. Thank you!

3D Home Architect Home Design Deluxe 6
3D Home Architect® Deluxe 3.0
Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
Adware Away v2.2
Ahead Nero Burning ROM
AOL Explorer
AOL Instant Messenger
Avery DesignPro
Blackhawk Striker from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Compaq Connections
Compaq Instant Support
Compaq Organize
Cox High Speed Internet security software
Dell Photo Printer 720
DjVu Browser Plug-in 4.1
Documents To Go
Excavation from Compaq (remove only)
First Step Guide
Google Earth
green label Print It 3
Handmark 4.0Student for Palm OS
Handmark« PDA Money for palmOne
HijackThis 1.99.1
Home Search Assistent
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
ImageMixer VCD2
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
Internet Explorer Q831167
InterVideo WinDVD Player
iPod Updater 2004-11-15
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Kodak EasyShare software
Learn2 Player (Uninstall Only)
LingvoSoft Talking Dictionary (English<->Persian (Farsi)) for Palm OS
LiveUpdate 2.6 (Symantec Corporation)
Logitech Pocket Digital
Macromedia Flash Player
Memories Disc Creator 2.0
MGI PhotoSuite 4 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
MSN Music Assistant
Norton WMI Update
Offer Optimizer
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Outlook Express Q837009
Overball from Compaq (remove only)
Pacific Poker
Palm Desktop
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Planet Poker
Polar Bowler from Compaq (remove only)
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
RealOne Player
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Screen2 Screen Saver
Search Assistant
Search Extender
Shopping Wizard
Shopping Wizard
Slyder from Compaq (remove only)
Software for your PC!
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy 1.3
Symantec Network Driver Update
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
Web Search Tools Error Search
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows open32 update
Windows SR 2.0
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833