943,965 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Search assitant/Shopping Wizard Search Extender
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jul 9th, 2005
0

Search assitant/Shopping Wizard Search Extender

Expand Post »
Please help me. I have the above on my computer, and the about blank web page keeps popping up. I keep receiving messages that state no memory left, and that I need to close programs. I have run Adware Alert, SE Adaware, as well as SPybot/Destroyer. It states that they have removed, but keeps coming back. I am not sure what to do. I have ME edition.

Thanks for any help you can offer.
:cry:
:o
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bubba is offline Offline
13 posts
since Jul 2005
Permalink
Jul 10th, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

Hi Bubba, welcome to DaniWeb

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract..._download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jul 12th, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

Here is the log from the Hijack this file

Thank you so much for your help

Bubba

Logfile of HijackThis v1.99.1
Scan saved at 7:17:20 PM, on 7/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IPIB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\D3RC.EXE
C:\WINDOWS\SYSTEM\IPGY.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\TEMP\TD_0010.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {287067A0-9848-929E-B819-572CE5C53D03} - C:\WINDOWS\SYSTEM\IPIL32.DLL
O2 - BHO: Class - {C7593148-738E-F18C-0FD1-179344BFCC46} - C:\WINDOWS\ADDUW32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [APIOI32.EXE] C:\WINDOWS\SYSTEM\APIOI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\JAVAAC32.EXE /s
O4 - HKLM\..\RunServices: [IPOI32.EXE] C:\WINDOWS\IPOI32.EXE /s
O4 - HKLM\..\RunServices: [IPIB.EXE] C:\WINDOWS\SYSTEM\IPIB.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [D3RC.EXE] C:\WINDOWS\SYSTEM\D3RC.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAOH.EXE] C:\WINDOWS\SYSTEM\JAVAOH.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [IPGY.EXE] C:\WINDOWS\SYSTEM\IPGY.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\D3ER32.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF32.EXE] C:\WINDOWS\SYSTEM\JAVAMF32.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [ADDDZ32.EXE] C:\WINDOWS\ADDDZ32.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APISI32.EXE] C:\WINDOWS\SYSTEM\APISI32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPGG32.EXE] C:\WINDOWS\APPGG32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [JAVAXX32.EXE] C:\WINDOWS\JAVAXX32.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab








Quote originally posted by dlh6213 ...
Hi Bubba, welcome to DaniWeb

Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Download, install, update, and run these utilities:

CWShredder -- http://www.intermute.com/spysubtract..._download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html

After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bubba is offline Offline
13 posts
since Jul 2005
Permalink
Jul 13th, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

You are running HijackThis from a Temp folder, please move it to its own permanent folder so that we can continue the cleanup.
http://www.daniweb.com/techtalkforums/thread24085.html
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jul 17th, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

Here is the copy of the Hijack this file. Please give me any help you can. I have run CWS Shredder, etc. I have no memory left on the computer.

Please let me know what I have to do. Thank you so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:23:11 PM, on 7/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\IPIB.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\D3RC.EXE
C:\WINDOWS\SYSTEM\JAVAOH.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSTEM\IPGY.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CE0313BB-3015-D4A8-1854-F6B277DB070A} - C:\WINDOWS\IEJA.DLL (disabled by BHODemon)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [SYSHU32.EXE] C:\WINDOWS\SYSTEM\SYSHU32.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [APIOI32.EXE] C:\WINDOWS\SYSTEM\APIOI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\JAVAAC32.EXE /s
O4 - HKLM\..\RunServices: [IPOI32.EXE] C:\WINDOWS\IPOI32.EXE /s
O4 - HKLM\..\RunServices: [IPIB.EXE] C:\WINDOWS\SYSTEM\IPIB.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [D3RC.EXE] C:\WINDOWS\SYSTEM\D3RC.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAOH.EXE] C:\WINDOWS\SYSTEM\JAVAOH.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [IPGY.EXE] C:\WINDOWS\SYSTEM\IPGY.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [D3ER32.EXE] C:\WINDOWS\D3ER32.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF32.EXE] C:\WINDOWS\SYSTEM\JAVAMF32.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [ADDDZ32.EXE] C:\WINDOWS\ADDDZ32.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APISI32.EXE] C:\WINDOWS\SYSTEM\APISI32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPGG32.EXE] C:\WINDOWS\APPGG32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [JAVAXX32.EXE] C:\WINDOWS\JAVAXX32.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab












Quote originally posted by dlh6213 ...
You are running HijackThis from a Temp folder, please move it to its own permanent folder so that we can continue the cleanup.
http://www.daniweb.com/techtalkforums/thread24085.html
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bubba is offline Offline
13 posts
since Jul 2005
Permalink
Jul 19th, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

Update about:Buster

Reboot into Safe Mode

Disable BHO Demon

Scan with about:Buster

Reboot normally

Close any open browser windows, scan with HJT, and post a new log please.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jul 20th, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

DLH6213

At this point I can't even use the internet, and am actually posting from work. Last night Zone Alarms was asking permission to set-up a new network. Every time I try to run something I have to use the close programs window to even gain enough IM to run something. I have CWS Shredder, and About Buster and have run it, but both say that there is nothing wrong. I can't get to the internet to update, not even in Safe mode. I have run Adware SE, and it keeps coming up with CoolWebSearch as a problem, and I have tried to quarantine/clear, but keeps coming back. I actually went in and also tried to delete the SE, SW, HSA from the registry under safe mode, but that has also come back. I am at my wits end, and am ready to throw the damn thing out the window.

I really appreciate your help.

Thanks again

Bubba




Quote originally posted by dlh6213 ...
Update about:Buster

Reboot into Safe Mode

Disable BHO Demon

Scan with about:Buster

Reboot normally

Close any open browser windows, scan with HJT, and post a new log please.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bubba is offline Offline
13 posts
since Jul 2005
Permalink
Jul 21st, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

Here is the most up to date

Please provide whatever assistance you can.

thanks bubba

Logfile of HijackThis v1.99.1
Scan saved at 7:44:27 PM, on 7/21/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\NTES.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\NTES.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\SYSJG.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (disabled by BHODemon)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab







Quote originally posted by bubba ...
DLH6213

At this point I can't even use the internet, and am actually posting from work. Last night Zone Alarms was asking permission to set-up a new network. Every time I try to run something I have to use the close programs window to even gain enough IM to run something. I have CWS Shredder, and About Buster and have run it, but both say that there is nothing wrong. I can't get to the internet to update, not even in Safe mode. I have run Adware SE, and it keeps coming up with CoolWebSearch as a problem, and I have tried to quarantine/clear, but keeps coming back. I actually went in and also tried to delete the SE, SW, HSA from the registry under safe mode, but that has also come back. I am at my wits end, and am ready to throw the damn thing out the window.

I really appreciate your help.

Thanks again

Bubba
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bubba is offline Offline
13 posts
since Jul 2005
Permalink
Jul 22nd, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Close any open windows, other then HijackThis, and hit Fix checked.

In order to view some of the files and folders mentioned here, you will need to set your system to show hidden files and folders. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Go to the following locations and delete the highlighted files and folders:

C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSJG.EXE
C:\WINDOWS\dbxpi.dll
C:\WINDOWS\APPPI32.EXE
C:\WINDOWS\JAVAWY32.EXE
C:\WINDOWS\MFCDL32.DLL
C:\WINDOWS\NTJY.DLL
C:\WINDOWS\NTES.EXE
C:\WINDOWS\MFCNQ32.EXE
C:\WINDOWS\WINKC32.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\CRHZ32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\JAVAPZ32.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\MFCMZ32.EXE
C:\WINDOWS\MSZI32.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\IEAO32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\JAVAZJ32.EXE
C:\WINDOWS\APIHX32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SYSTEM\MSSW32.EXE
C:\WINDOWS\SYSTEM\SDKEU32.EXE
C:\WINDOWS\SYSTEM\MFCNC32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPQP32.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\IEMV32.EXE
C:\WINDOWS\SYSTEM\WINGM32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\SYSTEM\CRRI32.EXE
C:\WINDOWS\SYSTEM\IPES32.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\SYSPJ32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\SYSTEM\MFCHD32.EXE
C:\WINDOWS\SYSTEM\IPOY32.DLL

C:\S-MONEY
C:\Program Files\AVEO

Do a search for hpfsched and delete any instances found.

Empty your Recycle Bin.

Run about:Buster and CWShredder again.

Post a new HijackThis log and let us know if you are now able to access the internet.

Please do not restart your computer.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jul 23rd, 2005
0

Re: Search assitant/Shopping Wizard Search Extender

dlh6213:

Thanks for all your help to date. I am back to a degree. Still looks like Home Search Assistant, Shoopping Wizard, and Search Extender are still on my computer. Still getting about blank taking over as the default browser, and only the best pop-ups. After all the deletes, I can't use optonline. When I click icon, I get the an error message saying windows can't find Program.exe. I am computer novice so not sure what I need to now do. I am leaving computer and won't shut down until I hear back from you.

Thanks so much for your help so far.

Here is the most recent Hijack file:


Logfile of HijackThis v1.99.1
Scan saved at 11:42:57 PM, on 7/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTUQ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\IPZT32.EXE
C:\WINDOWS\IPZT32.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {A0114348-958C-3797-ED04-B855B86EDEE6} - C:\WINDOWS\SYSTEM\ADDBY32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [NTUQ.EXE] C:\WINDOWS\SYSTEM\NTUQ.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [IPZT32.EXE] C:\WINDOWS\IPZT32.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\BLOCKER.DLL/MENUSEARCH.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/








Quote originally posted by dlh6213 ...
Please don't restart your computer until instructed to do so (leave it on -- Standby is okay).

Go to Add/Remove Programs in your Control Panel and remove AVEO or ATTUNE, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dbxpi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\S-MONEY\CASM2ALR.EXE
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {2C0D521E-03FF-663F-35E8-69905A28B2CF} - C:\WINDOWS\SYSTEM\IPOY32.DLL
O2 - BHO: Class - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - C:\WINDOWS\MFCDL32.DLL
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\NTJY.DLL
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [NTES.EXE] C:\WINDOWS\NTES.EXE /s
O4 - HKLM\..\RunServices: [ATLUO.EXE] C:\WINDOWS\SYSTEM\ATLUO.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [SYSPJ32.EXE] C:\WINDOWS\SYSTEM\SYSPJ32.EXE /s
O4 - HKLM\..\RunServices: [SDKGX.EXE] C:\WINDOWS\SDKGX.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [WINQJ.EXE] C:\WINDOWS\SYSTEM\WINQJ.EXE /s
O4 - HKLM\..\RunServices: [IPAN.EXE] C:\WINDOWS\SYSTEM\IPAN.EXE /s
O4 - HKLM\..\RunServices: [APPKX.EXE] C:\WINDOWS\SYSTEM\APPKX.EXE /s
O4 - HKLM\..\RunServices: [WINJB.EXE] C:\WINDOWS\SYSTEM\WINJB.EXE /s
O4 - HKLM\..\RunServices: [MFCIM.EXE] C:\WINDOWS\MFCIM.EXE /s
O4 - HKLM\..\RunServices: [ADDJF.EXE] C:\WINDOWS\ADDJF.EXE /s
O4 - HKLM\..\RunServices: [CRHZ32.EXE] C:\WINDOWS\CRHZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE /s
O4 - HKLM\..\RunServices: [NTDL32.EXE] C:\WINDOWS\NTDL32.EXE /s
O4 - HKLM\..\RunServices: [IPNP.EXE] C:\WINDOWS\SYSTEM\IPNP.EXE /s
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\SYSTEM\IPQP32.EXE /s
O4 - HKLM\..\RunServices: [IPTE32.EXE] C:\WINDOWS\SYSTEM\IPTE32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPZ32.EXE] C:\WINDOWS\JAVAPZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWW32.EXE] C:\WINDOWS\SYSTEM\SYSWW32.EXE /s
O4 - HKLM\..\RunServices: [MFCMZ32.EXE] C:\WINDOWS\MFCMZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKEU32.EXE] C:\WINDOWS\SYSTEM\SDKEU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZJ32.EXE] C:\WINDOWS\JAVAZJ32.EXE /s
O4 - HKLM\..\RunServices: [APIHX32.EXE] C:\WINDOWS\APIHX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB.EXE] C:\WINDOWS\APPLB.EXE /s
O4 - HKLM\..\RunServices: [MFCCM.EXE] C:\WINDOWS\SYSTEM\MFCCM.EXE /s
O4 - HKLM\..\RunServices: [MSZI32.EXE] C:\WINDOWS\MSZI32.EXE /s
O4 - HKLM\..\RunServices: [NTKH32.EXE] C:\WINDOWS\NTKH32.EXE /s
O4 - HKLM\..\RunServices: [IEAO32.EXE] C:\WINDOWS\IEAO32.EXE /s
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE /s
O4 - HKLM\..\RunServices: [SYSZF.EXE] C:\WINDOWS\SYSZF.EXE /s
O4 - HKLM\..\RunServices: [SYSNL.EXE] C:\WINDOWS\SYSTEM\SYSNL.EXE /s
O4 - HKLM\..\RunServices: [MSSW32.EXE] C:\WINDOWS\SYSTEM\MSSW32.EXE /s
O4 - HKLM\..\RunServices: [SDKBD.EXE] C:\WINDOWS\SDKBD.EXE /s
O4 - HKLM\..\RunServices: [MFCNC32.EXE] C:\WINDOWS\SYSTEM\MFCNC32.EXE /s
O4 - HKLM\..\RunServices: [WINQU.EXE] C:\WINDOWS\WINQU.EXE /s
O4 - HKLM\..\RunServices: [D3EK32.EXE] C:\WINDOWS\D3EK32.EXE /s
O4 - HKLM\..\RunServices: [NETUS32.EXE] C:\WINDOWS\SYSTEM\NETUS32.EXE /s
O4 - HKLM\..\RunServices: [IPHS32.EXE] C:\WINDOWS\IPHS32.EXE /s
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE /s
O4 - HKLM\..\RunServices: [APIEI.EXE] C:\WINDOWS\APIEI.EXE /s
O4 - HKLM\..\RunServices: [APPFN32.EXE] C:\WINDOWS\APPFN32.EXE /s
O4 - HKLM\..\RunServices: [SYSLA32.EXE] C:\WINDOWS\SYSLA32.EXE /s
O4 - HKLM\..\RunServices: [WINSA32.EXE] C:\WINDOWS\WINSA32.EXE /s
O4 - HKLM\..\RunServices: [MFCMV.EXE] C:\WINDOWS\SYSTEM\MFCMV.EXE /s
O4 - HKLM\..\RunServices: [NTNU32.EXE] C:\WINDOWS\SYSTEM\NTNU32.EXE /s
O4 - HKLM\..\RunServices: [IEMV32.EXE] C:\WINDOWS\SYSTEM\IEMV32.EXE /s
O4 - HKLM\..\RunServices: [WINGM32.EXE] C:\WINDOWS\SYSTEM\WINGM32.EXE /s
O4 - HKLM\..\RunServices: [MFCNQ32.EXE] C:\WINDOWS\MFCNQ32.EXE /s
O4 - HKLM\..\RunServices: [WINKC32.EXE] C:\WINDOWS\WINKC32.EXE /s
O4 - HKLM\..\RunServices: [CRRI32.EXE] C:\WINDOWS\SYSTEM\CRRI32.EXE /s
O4 - HKLM\..\RunServices: [IPES32.EXE] C:\WINDOWS\SYSTEM\IPES32.EXE /s
O4 - HKLM\..\RunServices: [APPPI32.EXE] C:\WINDOWS\APPPI32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWY32.EXE] C:\WINDOWS\JAVAWY32.EXE /s
O4 - HKLM\..\RunServices: [NTEN.EXE] C:\WINDOWS\SYSTEM\NTEN.EXE /s
O4 - HKLM\..\RunServices: [MFCHD32.EXE] C:\WINDOWS\SYSTEM\MFCHD32.EXE /s
O4 - HKLM\..\RunServices: [SYSJG.EXE] C:\WINDOWS\SYSJG.EXE /s
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Close any open windows, other then HijackThis, and hit Fix checked.

In order to view some of the files and folders mentioned here, you will need to set your system to show hidden files and folders. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Go to the following locations and delete the highlighted files and folders:

C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\SYSJG.EXE
C:\WINDOWS\dbxpi.dll
C:\WINDOWS\APPPI32.EXE
C:\WINDOWS\JAVAWY32.EXE
C:\WINDOWS\MFCDL32.DLL
C:\WINDOWS\NTJY.DLL
C:\WINDOWS\NTES.EXE
C:\WINDOWS\MFCNQ32.EXE
C:\WINDOWS\WINKC32.EXE
C:\WINDOWS\SDKGX.EXE
C:\WINDOWS\SYSAL32.EXE
C:\WINDOWS\APIEI.EXE
C:\WINDOWS\APPFN32.EXE
C:\WINDOWS\SYSLA32.EXE
C:\WINDOWS\WINSA32.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\ADDJF.EXE
C:\WINDOWS\CRHZ32.EXE
C:\WINDOWS\IPHS32.EXE
C:\WINDOWS\NTDL32.EXE
C:\WINDOWS\WINQU.EXE
C:\WINDOWS\D3EK32.EXE
C:\WINDOWS\JAVAPZ32.EXE
C:\WINDOWS\SDKBD.EXE
C:\WINDOWS\MFCMZ32.EXE
C:\WINDOWS\MSZI32.EXE
C:\WINDOWS\NTKH32.EXE
C:\WINDOWS\IEAO32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\SYSZF.EXE
C:\WINDOWS\JAVAZJ32.EXE
C:\WINDOWS\APIHX32.EXE
C:\WINDOWS\APPLB.EXE
C:\WINDOWS\SYSTEM\MFCCM.EXE
C:\WINDOWS\SYSTEM\SYSNL.EXE
C:\WINDOWS\SYSTEM\MSSW32.EXE
C:\WINDOWS\SYSTEM\SDKEU32.EXE
C:\WINDOWS\SYSTEM\MFCNC32.EXE
C:\WINDOWS\SYSTEM\SYSWW32.EXE
C:\WINDOWS\SYSTEM\NETUS32.EXE
C:\WINDOWS\SYSTEM\IPNP.EXE
C:\WINDOWS\SYSTEM\IPQP32.EXE
C:\WINDOWS\SYSTEM\IPTE32.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\MFCMV.EXE
C:\WINDOWS\SYSTEM\NTNU32.EXE
C:\WINDOWS\SYSTEM\IEMV32.EXE
C:\WINDOWS\SYSTEM\WINGM32.EXE
C:\WINDOWS\SYSTEM\WINQJ.EXE
C:\WINDOWS\SYSTEM\IPAN.EXE
C:\WINDOWS\SYSTEM\APPKX.EXE
C:\WINDOWS\SYSTEM\WINJB.EXE
C:\WINDOWS\SYSTEM\CRRI32.EXE
C:\WINDOWS\SYSTEM\IPES32.EXE
C:\WINDOWS\SYSTEM\ATLUO.EXE
C:\WINDOWS\SYSTEM\SYSMP.EXE
C:\WINDOWS\SYSTEM\SYSPJ32.EXE
C:\WINDOWS\SYSTEM\NTEN.EXE
C:\WINDOWS\SYSTEM\MFCHD32.EXE
C:\WINDOWS\SYSTEM\IPOY32.DLL

C:\S-MONEY
C:\Program Files\AVEO

Do a search for hpfsched and delete any instances found.

Empty your Recycle Bin.

Run about:Buster and CWShredder again.

Post a new HijackThis log and let us know if you are now able to access the internet.

Please do not restart your computer.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bubba is offline Offline
13 posts
since Jul 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: HJT log - bridge.dll & others..?
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Blue screen, and Trojans that I can't delete





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC