0

Upon startup I get a message saying "bridge.dll cannot be found" I know it is spyware, but im not sure on how to fix it. Here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:32:55 PM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesOlympusDeviceDetectorDM1Service.exe
C:WINDOWSsystem32LxrSII1s.exe
C:Program FilesAutodesk3dsMax8mentalraysatelliteraysat_3dsmax8server.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesSoftexOmniPassOmniserv.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSoftexOmniPassOPXPApp.exe
C:WINDOWSExplorer.EXE
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
C:WINDOWSSystem32hphmon05.exe
C:HPKBDKBD.EXE
C:Program FilesMultimedia Card Readershwicon2k.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSALCXMNTR.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesAOL1146686412eeAOLSoftware.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesJavajre1.5.0_03binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpqtra08.exe
C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmim.exe
C:Program FilesMUSICMATCHMUSICMATCH JukeboxMMDiag.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsOwnerMy DocumentsGTA San Andreas User FilesMod toolshijackthisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://us9.hpwis.com/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.frontiernet.net/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://us9.hpwis.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://us9.hpwis.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: arch.com
O1 - Hosts: search.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:WINDOWScfgmgr51.dll (file missing)
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:DOCUME~1OwnerLOCALS~1Tempslmx.dat (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:DOCUME~1OwnerLOCALS~1Tempcbv.dat (file missing)
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:WINDOWSsystem32hpB339.tmp
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:Program FilesHewlett-PackardDigital Imagingbinhpdtlk02.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar2.binMYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [CamMonitor] c:Program FilesHewlett-PackardDigital Imaging\Unloadhpqcmon.exe
O4 - HKLM..Run: [HPHUPD05] c:Program FilesHewlett-Packard{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe
O4 - HKLM..Run: [HPHmon05] C:WINDOWSSystem32hphmon05.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [AutoTKit] C:hpbinAUTOTKIT.EXE
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM..Run: [Sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe
O4 - HKLM..Run: [Reminder] "C:WindowsCreatorRemind_XP.exe"
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..Run: [QuickFinder Scheduler] "c:Program FilesWordPerfect Office 11ProgramsQFSCHD110.EXE"
O4 - HKLM..Run: [updater] C:Program FilesCommon filesupdaterwupdater.exe
O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSSystem32bridge.dll",Load
O4 - HKLM..Run: [efudvftrm] C:WINDOWSSystem32uemzlhm.exe
O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 - HKLM..Run: [ClrSchLoader] C:Program FilesClearSearchLoader.exe
O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe
O4 - HKLM..Run: [Win Server Updt] C:WINDOWSwupdt.exe
O4 - HKLM..Run: [WebRebates] javaw -cp "C:Program FilesWebRebatesSystemCode" Main lp: "C:Program FilesWebRebates"
O4 - HKLM..Run: [vbc] C:WINDOWSrepairvbc.exe
O4 - HKLM..Run: [*vbc] C:WINDOWSrepairvbc.exe
O4 - HKLM..Run: [*ssrv] C:WINDOWSjavassrv.exe
O4 - HKLM..Run: [catinfo] C:WINDOWSinfcatinfo.exe
O4 - HKLM..Run: [*basdll] C:WINDOWSsystembasdll.exe
O4 - HKLM..Run: [*acrun] C:WINDOWSFontsacrun.exe
O4 - HKLM..Run: [*mp3hard] C:WINDOWSmsagentmp3hard.exe
O4 - HKLM..Run: [*wnet] C:WINDOWSRegistrationwnet.exe
O4 - HKLM..Run: [*expas] C:WINDOWSHelpSBSIexpas.exe
O4 - HKLM..Run: [*taskdisk] C:WINDOWSAppPatchtaskdisk.exe
O4 - HKLM..Run: [*ipc] C:WINDOWSHelpipc.exe
O4 - HKLM..Run: [*vgadb] C:WINDOWSServicePackFilesvgadb.exe
O4 - HKLM..Run: [*infobin] C:WINDOWSinfinfobin.exe
O4 - HKLM..Run: [*webdrv] C:WINDOWSsystem32raswebdrv.exe
O4 - HKLM..Run: [*eulamp3] C:WINDOWSeulamp3.exe
O4 - HKLM..Run: [*acw] C:WINDOWSrepairacw.exe
O4 - HKLM..Run: [*raslib] C:WINDOWSHelpraslib.exe
O4 - HKLM..Run: [*netcmd] C:WINDOWSaddinsnetcmd.exe
O4 - HKLM..Run: [*webinfo] C:WINDOWSWebwebinfo.exe
O4 - HKLM..Run: [*utildns] C:WINDOWSServicePackFilesutildns.exe
O4 - HKLM..Run: [*rasnet] C:WINDOWSinfrasnet.exe
O4 - HKLM..Run: [*kbdos] C:WINDOWSCursorskbdos.exe
O4 - HKLM..Run: [*baktcp] C:WINDOWSaddinsbaktcp.exe
O4 - HKLM..Run: [*dllkey] C:WINDOWSMicrosoft.NETdllkey.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [UpdateManager] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [MimBoot] C:PROGRA~1MUSICM~1MUSICM~1mimboot.exe
O4 - HKLM..Run: [MMTray] "C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe"
O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 - HKLM..Run: [PSoft1] C:WINDOWSsystem32psoft1.exe
O4 - HKLM..Run: [exp.exe] C:WINDOWSsystem32exp.exe
O4 - HKLM..Run: [WinTask driver] C:WINDOWSsystem32wintask.exe
O4 - HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkbinbargains.exe
O4 - HKLM..Run: [VBundleOuterDL] C:Program FilesVBouncerBundleOuter.EXE
O4 - HKLM..Run: [cfgmgr51] RunDLL32.EXE C:WINDOWScfgmgr51.dll,DllRun
O4 - HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1146686412eeAOLSoftware.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_03binjusched.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [BackupNotify] c:Program FilesHewlett-PackardDigital Imagingbinbackupnotify.exe
O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ClockSync] C:PROGRA~1CLOCKS~1Sync.exe /q
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Device Detector 2.lnk = C:Program FilesOlympusDeviceDetectorDevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHewlett-PackardDigital Imagingbinhpqtra08.exe
O4 - Global Startup: Personal Coach.lnk = C:Program FilesBroderbundMavis Beacon Teaches Typing 15MiniMavis.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:Program FilesQuickenbagent.exe
O4 - Global Startup: Updates from HP.lnk = C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWebRebatesSystemTemptopr1150_script0.htm
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:Program FilesLycosSidesearchsidesearch1400.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135796376906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - file://C:x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:Program FilesSoftexOmniPassopxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O20 - Winlogon Notify: windmi32 - windmi32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesNorton Internet SecuritycomHost.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:Program FilesOlympusDeviceDetectorDM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:WINDOWSSYSTEM32LxrSII1s.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:Program FilesAutodesk3dsMax8mentalraysatelliteraysat_3dsmax8server.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:Program FilesSoftexOmniPassOmniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:WINDOWSzeta.exe (file missing)

2
Contributors
3
Replies
4
Views
11 Years
Discussion Span
Last Post by swatkat
0

Hi,
Download CCleaner and install it. Do not run it now!

Download and install Ewido Security Suite v3.5. After download, double click on the file to launch the install process. During installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido by double-clicking the "e" icon on your desktop. The program will prompt you to update - click the "OK" button. On the left side of the main screen, click on "Update" and then click "Start Update". The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see "Update Successful" in the lower left corner.
If you are having problems with the updater, use this link to manually update. Exit Ewido when done - DO NOT perform a scan yet.


Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run CCleaner, click the "Options" button in the left pane of CCleaner. Here, click "Settings" and then click "Advanced" button. Here, Uncheck the options "Only delete files in Windows Temp folder older than 48 hours" and "Show prompt to backup registry issues". After unchecking them, click the "Issues" button in the left pane. Here, click "Scan for issues". It takes some time to scan. Once it finishes the scan, click "Fix selected issues". This opens up a new window, here click "Fix all selected issues" button to remove all the detected issues.
After this, click the "Cleaner" button in the left pane and click "Run Cleaner" to clean the temp files.


Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.

0

I did everything except for the kapersky scan, I ran CCleaner, and edwido. I also did a scan with Spybot S&D, then did a Hijack this scan. Here it is, please reply quickly.

Logfile of HijackThis v1.99.1
Scan saved at 9:49:37 PM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1146686412\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Owner\My Documents\GTA San Andreas User Files\Mod tools\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: arch.com
O1 - Hosts: search.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [efudvftrm] C:\WINDOWS\System32\uemzlhm.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [vbc] C:\WINDOWS\repair\vbc.exe
O4 - HKLM\..\Run: [*vbc] C:\WINDOWS\repair\vbc.exe
O4 - HKLM\..\Run: [*ssrv] C:\WINDOWS\java\ssrv.exe
O4 - HKLM\..\Run: [catinfo] C:\WINDOWS\inf\catinfo.exe
O4 - HKLM\..\Run: [*basdll] C:\WINDOWS\system\basdll.exe
O4 - HKLM\..\Run: [*acrun] C:\WINDOWS\Fonts\acrun.exe
O4 - HKLM\..\Run: [*mp3hard] C:\WINDOWS\msagent\mp3hard.exe
O4 - HKLM\..\Run: [*wnet] C:\WINDOWS\Registration\wnet.exe
O4 - HKLM\..\Run: [*expas] C:\WINDOWS\Help\SBSI\expas.exe
O4 - HKLM\..\Run: [*taskdisk] C:\WINDOWS\AppPatch\taskdisk.exe
O4 - HKLM\..\Run: [*ipc] C:\WINDOWS\Help\ipc.exe
O4 - HKLM\..\Run: [*vgadb] C:\WINDOWS\ServicePackFiles\vgadb.exe
O4 - HKLM\..\Run: [*infobin] C:\WINDOWS\inf\infobin.exe
O4 - HKLM\..\Run: [*webdrv] C:\WINDOWS\system32\ras\webdrv.exe
O4 - HKLM\..\Run: [*eulamp3] C:\WINDOWS\eulamp3.exe
O4 - HKLM\..\Run: [*acw] C:\WINDOWS\repair\acw.exe
O4 - HKLM\..\Run: [*raslib] C:\WINDOWS\Help\raslib.exe
O4 - HKLM\..\Run: [*netcmd] C:\WINDOWS\addins\netcmd.exe
O4 - HKLM\..\Run: [*webinfo] C:\WINDOWS\Web\webinfo.exe
O4 - HKLM\..\Run: [*utildns] C:\WINDOWS\ServicePackFiles\utildns.exe
O4 - HKLM\..\Run: [*rasnet] C:\WINDOWS\inf\rasnet.exe
O4 - HKLM\..\Run: [*kbdos] C:\WINDOWS\Cursors\kbdos.exe
O4 - HKLM\..\Run: [*baktcp] C:\WINDOWS\addins\baktcp.exe
O4 - HKLM\..\Run: [*dllkey] C:\WINDOWS\Microsoft.NET\dllkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\system32\psoft1.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146686412\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135796376906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windmi32 - windmi32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

0

Hi,

Uninstall (remove) these Software from Add/Remove Programs in Control Panel, if found:-
Virtual Bouncer
Web Rebates


Please download The Avenger by Swandog46 to your Desktop.

  • Double click on Avenger.zip to open the file and extract avenger.exe to your Desktop.
  • Copy the below quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing CTRL C keys:-

Files to delete:
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\uemzlhm.exe
C:\WINDOWS\alchem.exe
C:\WINDOWS\repair\vbc.exe
C:\WINDOWS\java\ssrv.exe
C:\WINDOWS\inf\catinfo.exe
C:\WINDOWS\system\basdll.exe
C:\WINDOWS\Fonts\acrun.exe
C:\WINDOWS\msagent\mp3hard.exe
C:\WINDOWS\Registration\wnet.exe
C:\WINDOWS\Help\SBSI\expas.exe
C:\WINDOWS\AppPatch\taskdisk.exe
C:\WINDOWS\Help\ipc.exe
C:\WINDOWS\ServicePackFiles\vgadb.exe
C:\WINDOWS\inf\infobin.exe
C:\WINDOWS\system32\ras\webdrv.exe
C:\WINDOWS\eulamp3.exe
C:\WINDOWS\repair\acw.exe
C:\WINDOWS\Help\raslib.exe
C:\WINDOWS\addins\netcmd.exe
C:\WINDOWS\Web\webinfo.exe
C:\WINDOWS\ServicePackFiles\utildns.exe
C:\WINDOWS\inf\rasnet.exe
C:\WINDOWS\Cursors\kbdos.exe
C:\WINDOWS\addins\baktcp.exe
C:\WINDOWS\Microsoft.NET\dllkey.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\cfgmgr51.dll

Folders to delete:
C:\Program Files\VBouncer
C:\Program Files\WebRebates
C:\WINDOWS\System32\P2P Networking

  • Now, run The Avenger program by double clicking its icon on your Desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script".
  • Paste the text copied to clipboard into this window by pressing Ctrl V keys.
  • Click Done.
  • Now click on the Green Light to begin execution of the script.
  • Answer "Yes" twice when prompted.

The Avenger will automatically do the following:-

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the reboot, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt

Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: arch.com
O1 - Hosts: search.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [efudvftrm] C:\WINDOWS\System32\uemzlhm.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [vbc] C:\WINDOWS\repair\vbc.exe
O4 - HKLM\..\Run: [*vbc] C:\WINDOWS\repair\vbc.exe
O4 - HKLM\..\Run: [*ssrv] C:\WINDOWS\java\ssrv.exe
O4 - HKLM\..\Run: [catinfo] C:\WINDOWS\inf\catinfo.exe
O4 - HKLM\..\Run: [*basdll] C:\WINDOWS\system\basdll.exe
O4 - HKLM\..\Run: [*acrun] C:\WINDOWS\Fonts\acrun.exe
O4 - HKLM\..\Run: [*mp3hard] C:\WINDOWS\msagent\mp3hard.exe
O4 - HKLM\..\Run: [*wnet] C:\WINDOWS\Registration\wnet.exe
O4 - HKLM\..\Run: [*expas] C:\WINDOWS\Help\SBSI\expas.exe
O4 - HKLM\..\Run: [*taskdisk] C:\WINDOWS\AppPatch\taskdisk.exe
O4 - HKLM\..\Run: [*ipc] C:\WINDOWS\Help\ipc.exe
O4 - HKLM\..\Run: [*vgadb] C:\WINDOWS\ServicePackFiles\vgadb.exe
O4 - HKLM\..\Run: [*infobin] C:\WINDOWS\inf\infobin.exe
O4 - HKLM\..\Run: [*webdrv] C:\WINDOWS\system32\ras\webdrv.exe
O4 - HKLM\..\Run: [*eulamp3] C:\WINDOWS\eulamp3.exe
O4 - HKLM\..\Run: [*acw] C:\WINDOWS\repair\acw.exe
O4 - HKLM\..\Run: [*raslib] C:\WINDOWS\Help\raslib.exe
O4 - HKLM\..\Run: [*netcmd] C:\WINDOWS\addins\netcmd.exe
O4 - HKLM\..\Run: [*webinfo] C:\WINDOWS\Web\webinfo.exe
O4 - HKLM\..\Run: [*utildns] C:\WINDOWS\ServicePackFiles\utildns.exe
O4 - HKLM\..\Run: [*rasnet] C:\WINDOWS\inf\rasnet.exe
O4 - HKLM\..\Run: [*kbdos] C:\WINDOWS\Cursors\kbdos.exe
O4 - HKLM\..\Run: [*baktcp] C:\WINDOWS\addins\baktcp.exe
O4 - HKLM\..\Run: [*dllkey] C:\WINDOWS\Microsoft.NET\dllkey.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\system32\psoft1.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: windmi32 - windmi32.dll (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Avenger log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.