Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Search assitant/Shopping Wizard Search Extender

Reply
1 2 Last »

Join Date: Jul 2005
Posts: 13
Reputation: bubba is an unknown quantity at this point 
Solved Threads: 0
bubba bubba is offline Offline
Newbie Poster

Search assitant/Shopping Wizard Search Extender

 
0
  #1
Jul 9th, 2005
Please help me. I have the above on my computer, and the about blank web page keeps popping up. I keep receiving messages that state no memory left, and that I need to close programs. I have run Adware Alert, SE Adaware, as well as SPybot/Destroyer. It states that they have removed, but keeps coming back. I am not sure what to do. I have ME edition.

Thanks for any help you can offer.
:cry:
:o
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #2
Jul 10th, 2005
Hi Bubba, welcome to DaniWeb

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract..._download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 13
Reputation: bubba is an unknown quantity at this point 
Solved Threads: 0
bubba bubba is offline Offline
Newbie Poster

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #3
Jul 12th, 2005
Here is the log from the Hijack this file

Thank you so much for your help

Bubba

Logfile of HijackThis v1.99.1
Scan saved at 7:17:20 PM, on 7/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IPIB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\D3RC.EXE
C:\WINDOWS\SYSTEM\IPGY.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\TEMP\TD_0010.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {287067A0-9848-929E-B819-572CE5C53D03} - C:\WINDOWS\SYSTEM\IPIL32.DLL
O2 - BHO: Class - {C7593148-738E-F18C-0FD1-179344BFCC46} - C:\WINDOWS\ADDUW32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [APIOI32.EXE] C:\WINDOWS\SYSTEM\APIOI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\JAVAAC32.EXE /s
O4 - HKLM\..\RunServices: [IPOI32.EXE] C:\WINDOWS\IPOI32.EXE /s
O4 - HKLM\..\RunServices: [IPIB.EXE] C:\WINDOWS\SYSTEM\IPIB.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [D3RC.EXE] C:\WINDOWS\SYSTEM\D3RC.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAOH.EXE] C:\WINDOWS\SYSTEM\JAVAOH.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [IPGY.EXE] C:\WINDOWS\SYSTEM\IPGY.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\D3ER32.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF32.EXE] C:\WINDOWS\SYSTEM\JAVAMF32.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [ADDDZ32.EXE] C:\WINDOWS\ADDDZ32.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APISI32.EXE] C:\WINDOWS\SYSTEM\APISI32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPGG32.EXE] C:\WINDOWS\APPGG32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [JAVAXX32.EXE] C:\WINDOWS\JAVAXX32.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab








Originally Posted by dlh6213
Hi Bubba, welcome to DaniWeb

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract..._download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #4
Jul 13th, 2005
You are running HijackThis from a Temp folder, please move it to its own permanent folder so that we can continue the cleanup.
http://www.daniweb.com/techtalkforums/thread24085.html
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 13
Reputation: bubba is an unknown quantity at this point 
Solved Threads: 0
bubba bubba is offline Offline
Newbie Poster

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #5
Jul 17th, 2005
Here is the copy of the Hijack this file. Please give me any help you can. I have run CWS Shredder, etc. I have no memory left on the computer.

Please let me know what I have to do. Thank you so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:23:11 PM, on 7/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\IPIB.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\D3RC.EXE
C:\WINDOWS\SYSTEM\JAVAOH.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSTEM\IPGY.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CE0313BB-3015-D4A8-1854-F6B277DB070A} - C:\WINDOWS\IEJA.DLL (disabled by BHODemon)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [SYSHU32.EXE] C:\WINDOWS\SYSTEM\SYSHU32.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [APIOI32.EXE] C:\WINDOWS\SYSTEM\APIOI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\JAVAAC32.EXE /s
O4 - HKLM\..\RunServices: [IPOI32.EXE] C:\WINDOWS\IPOI32.EXE /s
O4 - HKLM\..\RunServices: [IPIB.EXE] C:\WINDOWS\SYSTEM\IPIB.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [D3RC.EXE] C:\WINDOWS\SYSTEM\D3RC.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAOH.EXE] C:\WINDOWS\SYSTEM\JAVAOH.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [IPGY.EXE] C:\WINDOWS\SYSTEM\IPGY.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\D3ER32.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF32.EXE] C:\WINDOWS\SYSTEM\JAVAMF32.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [ADDDZ32.EXE] C:\WINDOWS\ADDDZ32.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APISI32.EXE] C:\WINDOWS\SYSTEM\APISI32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPGG32.EXE] C:\WINDOWS\APPGG32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [JAVAXX32.EXE] C:\WINDOWS\JAVAXX32.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab












Originally Posted by dlh6213
You are running HijackThis from a Temp folder, please move it to its own permanent folder so that we can continue the cleanup.
http://www.daniweb.com/techtalkforums/thread24085.html
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #6
Jul 19th, 2005
Update about:Buster

Reboot into Safe Mode

Disable BHO Demon

Scan with about:Buster

Reboot normally

Close any open browser windows, scan with HJT, and post a new log please.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 13
Reputation: bubba is an unknown quantity at this point 
Solved Threads: 0
bubba bubba is offline Offline
Newbie Poster

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #7
Jul 20th, 2005
DLH6213

At this point I can't even use the internet, and am actually posting from work. Last night Zone Alarms was asking permission to set-up a new network. Every time I try to run something I have to use the close programs window to even gain enough IM to run something. I have CWS Shredder, and About Buster and have run it, but both say that there is nothing wrong. I can't get to the internet to update, not even in Safe mode. I have run Adware SE, and it keeps coming up with CoolWebSearch as a problem, and I have tried to quarantine/clear, but keeps coming back. I actually went in and also tried to delete the SE, SW, HSA from the registry under safe mode, but that has also come back. I am at my wits end, and am ready to throw the damn thing out the window.

I really appreciate your help.

Thanks again

Bubba




Originally Posted by dlh6213
Update about:Buster

Reboot into Safe Mode

Disable BHO Demon

Scan with about:Buster

Reboot normally

Close any open browser windows, scan with HJT, and post a new log please.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 13
Reputation: bubba is an unknown quantity at this point 
Solved Threads: 0
bubba bubba is offline Offline
Newbie Poster

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #8
Jul 21st, 2005
Here is the most up to date

Please provide whatever assistance you can.

thanks bubba

Logfile of HijackThis v1.99.1
Scan saved at 7:44:27 PM, on 7/21/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\NTES.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\SYSJG.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (disabled by BHODemon)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab







Originally Posted by bubba
DLH6213

At this point I can't even use the internet, and am actually posting from work. Last night Zone Alarms was asking permission to set-up a new network. Every time I try to run something I have to use the close programs window to even gain enough IM to run something. I have CWS Shredder, and About Buster and have run it, but both say that there is nothing wrong. I can't get to the internet to update, not even in Safe mode. I have run Adware SE, and it keeps coming up with CoolWebSearch as a problem, and I have tried to quarantine/clear, but keeps coming back. I actually went in and also tried to delete the SE, SW, HSA from the registry under safe mode, but that has also come back. I am at my wits end, and am ready to throw the damn thing out the window.

I really appreciate your help.

Thanks again

Bubba
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #9
Jul 22nd, 2005
Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Close any open windows, other then HijackThis, and hit Fix checked.

In order to view some of the files and folders mentioned here, you will need to set your system to show hidden files and folders. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Go to the following locations and delete the highlighted files and folders:

C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSJG.EXE
C:\WINDOWS\dbxpi.dll
C:\WINDOWS\APPPI32.EXE
C:\WINDOWS\JAVAWY32.EXE
C:\WINDOWS\MFCDL32.DLL
C:\WINDOWS\NTJY.DLL
C:\WINDOWS\NTES.EXE
C:\WINDOWS\MFCNQ32.EXE
C:\WINDOWS\WINKC32.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\CRHZ32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\JAVAPZ32.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\MFCMZ32.EXE
C:\WINDOWS\MSZI32.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\IEAO32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\JAVAZJ32.EXE
C:\WINDOWS\APIHX32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SYSTEM\MSSW32.EXE
C:\WINDOWS\SYSTEM\SDKEU32.EXE
C:\WINDOWS\SYSTEM\MFCNC32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPQP32.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\IEMV32.EXE
C:\WINDOWS\SYSTEM\WINGM32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\SYSTEM\CRRI32.EXE
C:\WINDOWS\SYSTEM\IPES32.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\SYSPJ32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\SYSTEM\MFCHD32.EXE
C:\WINDOWS\SYSTEM\IPOY32.DLL

C:\S-MONEY
C:\Program Files\AVEO

Do a search for hpfsched and delete any instances found.

Empty your Recycle Bin.

Run about:Buster and CWShredder again.

Post a new HijackThis log and let us know if you are now able to access the internet.

Please do not restart your computer.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 13
Reputation: bubba is an unknown quantity at this point 
Solved Threads: 0
bubba bubba is offline Offline
Newbie Poster

Re: Search assitant/Shopping Wizard Search Extender

 
0
  #10
Jul 23rd, 2005
dlh6213:

Thanks for all your help to date. I am back to a degree. Still looks like Home Search Assistant, Shoopping Wizard, and Search Extender are still on my computer. Still getting about blank taking over as the default browser, and only the best pop-ups. After all the deletes, I can't use optonline. When I click icon, I get the an error message saying windows can't find Program.exe. I am computer novice so not sure what I need to now do. I am leaving computer and won't shut down until I hear back from you.

Thanks so much for your help so far.

Here is the most recent Hijack file:


Logfile of HijackThis v1.99.1
Scan saved at 11:42:57 PM, on 7/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\IPZT32.EXE
C:\WINDOWS\IPZT32.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {A0114348-958C-3797-ED04-B855B86EDEE6} - C:\WINDOWS\SYSTEM\ADDBY32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [IPZT32.EXE] C:\WINDOWS\IPZT32.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/








Originally Posted by dlh6213
Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Close any open windows, other then HijackThis, and hit Fix checked.

In order to view some of the files and folders mentioned here, you will need to set your system to show hidden files and folders. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Go to the following locations and delete the highlighted files and folders:

C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSJG.EXE
C:\WINDOWS\dbxpi.dll
C:\WINDOWS\APPPI32.EXE
C:\WINDOWS\JAVAWY32.EXE
C:\WINDOWS\MFCDL32.DLL
C:\WINDOWS\NTJY.DLL
C:\WINDOWS\NTES.EXE
C:\WINDOWS\MFCNQ32.EXE
C:\WINDOWS\WINKC32.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\CRHZ32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\JAVAPZ32.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\MFCMZ32.EXE
C:\WINDOWS\MSZI32.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\IEAO32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\JAVAZJ32.EXE
C:\WINDOWS\APIHX32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SYSTEM\MSSW32.EXE
C:\WINDOWS\SYSTEM\SDKEU32.EXE
C:\WINDOWS\SYSTEM\MFCNC32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPQP32.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\IEMV32.EXE
C:\WINDOWS\SYSTEM\WINGM32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\SYSTEM\CRRI32.EXE
C:\WINDOWS\SYSTEM\IPES32.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\SYSPJ32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\SYSTEM\MFCHD32.EXE
C:\WINDOWS\SYSTEM\IPOY32.DLL

C:\S-MONEY
C:\Program Files\AVEO

Do a search for hpfsched and delete any instances found.

Empty your Recycle Bin.

Run about:Buster and CWShredder again.

Post a new HijackThis log and let us know if you are now able to access the internet.

Please do not restart your computer.
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC