0

i'm new on this site and i need some serious help with the hsa/se/sw problem, i've tried spyware, adaware, xoft, nothing is working. here's my hijack log:

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\ieav32.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\MSN\MSNIA\dslmon.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\LXSUPMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\d3wi.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Kathy1\Local Settings\Temporary Internet Files\Content.IE5\1SWRTP4L\SearchExtender[1].exe
C:\Documents and Settings\Kathy1\Local Settings\Temporary Internet Files\Content.IE5\1SWRTP4L\SearchExtender[1].exe
C:\Documents and Settings\Kathy1\Local Settings\Temporary Internet Files\Content.IE5\1SWRTP4L\SearchExtender[1].exe
C:\Documents and Settings\Kathy1\Local Settings\Temporary Internet Files\Content.IE5\1SWRTP4L\SearchExtender[1].exe
C:\Documents and Settings\Kathy1\Local Settings\Temporary Internet Files\Content.IE5\Y7V2W3OG\HomeSearchAssistant[1].exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Kathy1\My Documents\My Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\eduud.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\eduud.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\eduud.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\eduud.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\eduud.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\eduud.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\eduud.dll/sp.html#37049
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8241C446-FEC4-8D1A-8CBE-2C7CF34A9313} - C:\WINNT\d3dx32.dll
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINNT\wines.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ieqm32.exe] C:\WINNT\system32\ieqm32.exe
O4 - HKLM\..\Run: [ntvt.exe] C:\WINNT\system32\ntvt.exe
O4 - HKLM\..\Run: [ntqp32.exe] C:\WINNT\system32\ntqp32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ntrh32.exe] C:\WINNT\system32\ntrh32.exe
O4 - HKLM\..\Run: [d3wi.exe] C:\WINNT\system32\d3wi.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0985d813337773d16618/netzip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.dot.pima.gov/gis/mapguide/viewer/ver65/mgaxctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\ieav32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE


please help, i don't know much about computers, or how to spot bad files so please try to be pretty specific, much appreciated

2
Contributors
1
Reply
2
Views
11 Years
Discussion Span
Last Post by dlh6213
0

Hi Robbob, welcome to DaniWeb :D

I've split your post into its own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the links below to help prevent reinfection during and after the cleanup process, help you do some basic cleanup yourself, and give you some general advice on the use of HijackThis.

When you get to the last one, follow the instructions in Post #6.

If you need help with any of this, please don't hesitate to ask :)

When you're done, post a new HijackThis log, and please include the header information this time (HijackThis version, Operating System, date scanned, etc.).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.