0

Problem #1
I have Windows XP Service pack 1. I need help on how to fix this problem. I did a scan with spybot, ad-aware, CWShredder, and Norton Anti-Virus. I think this happened right after the installation of the google toolbar. I uninstalled it of course by now, but I need help. Please help me, the homepage keeps changing back no matter what.

Problem #2
Well, usually you have to type yahoo.com without www or http://, but now I have to type www before the name of the website. I never had this problem before, can somebody help me. I have tried everything.

Below is my Saved Log File:

Logfile of HijackThis v1.98.0
Scan saved at 5:11:03 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ntvl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MoreResults\MoreResults.exe
C:\WINDOWS\System32\oiqpkqp.exe
C:\WINDOWS\System32\wintsvsu.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\mfcwx32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bilal\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxusk.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxusk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jxusk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jxusk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxusk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxusk.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34600972-BEC0-C0B6-E120-5AB9C0D60124} - C:\WINDOWS\javavs32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [MoreResults] C:\Program Files\MoreResults\MoreResults.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [xbnjtberp] C:\WINDOWS\System32\oiqpkqp.exe
O4 - HKLM\..\Run: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
O4 - HKLM\..\RunOnce: [ntvl.exe] C:\WINDOWS\ntvl.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [d3bm32.exe] C:\WINDOWS\system32\d3bm32.exe
O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\sdksc32.exe
O4 - HKLM\..\RunOnce: [ipon.exe] C:\WINDOWS\ipon.exe
O4 - HKLM\..\RunOnce: [syszo.exe] C:\WINDOWS\syszo.exe
O4 - HKLM\..\RunOnce: [atlwu.exe] C:\WINDOWS\atlwu.exe
O4 - HKLM\..\RunOnce: [winba32.exe] C:\WINDOWS\system32\winba32.exe
O4 - HKLM\..\RunOnce: [javaoc32.exe] C:\WINDOWS\javaoc32.exe
O4 - HKLM\..\RunOnce: [winbk.exe] C:\WINDOWS\winbk.exe
O4 - HKLM\..\RunOnce: [appuj32.exe] C:\WINDOWS\appuj32.exe
O4 - HKLM\..\RunOnce: [atlbj32.exe] C:\WINDOWS\system32\atlbj32.exe
O4 - HKLM\..\RunOnce: [winpi.exe] C:\WINDOWS\winpi.exe
O4 - HKLM\..\RunOnce: [appbj.exe] C:\WINDOWS\appbj.exe
O4 - HKLM\..\RunOnce: [winss.exe] C:\WINDOWS\system32\winss.exe
O4 - HKLM\..\RunOnce: [ntge.exe] C:\WINDOWS\ntge.exe
O4 - HKLM\..\RunOnce: [mfcsi.exe] C:\WINDOWS\mfcsi.exe
O4 - HKLM\..\RunOnce: [apizg.exe] C:\WINDOWS\system32\apizg.exe
O4 - HKLM\..\RunOnce: [javasc.exe] C:\WINDOWS\javasc.exe
O4 - HKLM\..\RunOnce: [sysvl32.exe] C:\WINDOWS\system32\sysvl32.exe
O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\atlzp.exe
O4 - HKLM\..\RunOnce: [winap.exe] C:\WINDOWS\system32\winap.exe
O4 - HKLM\..\RunOnce: [d3xy32.exe] C:\WINDOWS\system32\d3xy32.exe
O4 - HKLM\..\RunOnce: [ipdt.exe] C:\WINDOWS\system32\ipdt.exe
O4 - HKLM\..\RunOnce: [d3oe.exe] C:\WINDOWS\d3oe.exe
O4 - HKLM\..\RunOnce: [addbl32.exe] C:\WINDOWS\addbl32.exe
O4 - HKLM\..\RunOnce: [apibm32.exe] C:\WINDOWS\system32\apibm32.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintsvsu.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0631ccf5b9fa43f55e22/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: icoo - {2CC63CCE-A945-4D6A-9FA0-3669D7C3C22C} - C:\Program Files\ICOO Loader\addons7\icoourl.dll

2
Contributors
3
Replies
4
Views
13 Years
Discussion Span
Last Post by bill786
0
  1. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders".
  2. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for "ntvl.exe" & "oiqpkqp.exe" & "wintsvsu.exe". If you find the files, click on them, and then click End Process => Exit the Task Manager.
  3. Next, go to Start->Run and type "Services.msc" (without quotes) then hit OK.
  4. Scroll down and find the service called "Network Security Service".
  5. When you find it, double-click on it. In the next window that opens, click the Stop button, then change the Startup Type to Disabled. Now hit Apply and then OK and close any open windows.
  6. Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxusk.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxusk.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jxusk.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jxusk.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxusk.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxusk.dll/index.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*

    O2 - BHO: (no name) - {34600972-BEC0-C0B6-E120-5AB9C0D60124} - C:\WINDOWS\javavs32.dll

    O4 - HKLM\..\Run: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
    O4 - HKLM\..\RunOnce: [ntvl.exe] C:\WINDOWS\ntvl.exe
    O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
    O4 - HKLM\..\RunOnce: [d3bm32.exe] C:\WINDOWS\system32\d3bm32.exe
    O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\sdksc32.exe
    O4 - HKLM\..\RunOnce: [ipon.exe] C:\WINDOWS\ipon.exe
    O4 - HKLM\..\RunOnce: [syszo.exe] C:\WINDOWS\syszo.exe
    O4 - HKLM\..\RunOnce: [atlwu.exe] C:\WINDOWS\atlwu.exe
    O4 - HKLM\..\RunOnce: [winba32.exe] C:\WINDOWS\system32\winba32.exe
    O4 - HKLM\..\RunOnce: [javaoc32.exe] C:\WINDOWS\javaoc32.exe
    O4 - HKLM\..\RunOnce: [winbk.exe] C:\WINDOWS\winbk.exe
    O4 - HKLM\..\RunOnce: [appuj32.exe] C:\WINDOWS\appuj32.exe
    O4 - HKLM\..\RunOnce: [atlbj32.exe] C:\WINDOWS\system32\atlbj32.exe
    O4 - HKLM\..\RunOnce: [winpi.exe] C:\WINDOWS\winpi.exe
    O4 - HKLM\..\RunOnce: [appbj.exe] C:\WINDOWS\appbj.exe
    O4 - HKLM\..\RunOnce: [winss.exe] C:\WINDOWS\system32\winss.exe
    O4 - HKLM\..\RunOnce: [ntge.exe] C:\WINDOWS\ntge.exe
    O4 - HKLM\..\RunOnce: [mfcsi.exe] C:\WINDOWS\mfcsi.exe
    O4 - HKLM\..\RunOnce: [apizg.exe] C:\WINDOWS\system32\apizg.exe
    O4 - HKLM\..\RunOnce: [javasc.exe] C:\WINDOWS\javasc.exe
    O4 - HKLM\..\RunOnce: [sysvl32.exe] C:\WINDOWS\system32\sysvl32.exe
    O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\atlzp.exe
    O4 - HKLM\..\RunOnce: [winap.exe] C:\WINDOWS\system32\winap.exe
    O4 - HKLM\..\RunOnce: [d3xy32.exe] C:\WINDOWS\system32\d3xy32.exe
    O4 - HKLM\..\RunOnce: [ipdt.exe] C:\WINDOWS\system32\ipdt.exe
    O4 - HKLM\..\RunOnce: [d3oe.exe] C:\WINDOWS\d3oe.exe
    O4 - HKLM\..\RunOnce: [addbl32.exe] C:\WINDOWS\addbl32.exe
    O4 - HKLM\..\RunOnce: [apibm32.exe] C:\WINDOWS\system32\apibm32.exe

  7. Reboot into Safe Mode - How do I boot into "Safe" mode? , and delete the following files:

    C:\WINDOWS\jxusk.dll< file

    C:\WINDOWS\javavs32.dll< file

    C:\WINDOWS\mfcwx32.exe
    C:\WINDOWS\ntvl.exe
    C:\WINDOWS\system32\addse32.exe
    C:\WINDOWS\system32\d3bm32.exe
    C:\WINDOWS\sdksc32.exe
    C:\WINDOWS\ipon.exe
    C:\WINDOWS\syszo.exe
    C:\WINDOWS\atlwu.exe
    C:\WINDOWS\system32\winba32.exe
    C:\WINDOWS\javaoc32.exe
    C:\WINDOWS\winbk.exe
    C:\WINDOWS\appuj32.exe
    C:\WINDOWS\system32\atlbj32.exe
    C:\WINDOWS\winpi.exe
    C:\WINDOWS\appbj.exe
    C:\WINDOWS\system32\winss.exe
    C:\WINDOWS\ntge.exe
    C:\WINDOWS\mfcsi.exe
    C:\WINDOWS\system32\apizg.exe
    C:\WINDOWS\javasc.exe
    C:\WINDOWS\system32\sysvl32.exe
    C:\WINDOWS\atlzp.exe
    C:\WINDOWS\system32\winap.exe
    C:\WINDOWS\system32\d3xy32.exe
    C:\WINDOWS\system32\ipdt.exe
    C:\WINDOWS\d3oe.exe
    C:\WINDOWS\addbl32.exe
    C:\WINDOWS\system32\apibm32.exe
    C:\WINDOWS\System32\wintsvsu.exe

    Reboot in Normal Mode.
    Download the file attached to this post and rename it to cwsuninst.reg
    Doubleclick it and confirm you want to merge it with the registry.
    Run HijackThis again and post a new log.

    File Attachment

    Extra notes
    If given full internet access this variant will delete:
    - your hosts file (good replacements can be found here or here )
    - Spybot S&D's BHO (download SDHelper.dll, put it in the Spybot folder (default is: C:\Program Files\Spybot - Search & Destroy\) and click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" > OK
    - control.exe: follow instructions here: http://www.spywareinfo.com/~merijn/...es.html#control

0

Thanks for trying to help, but none of my problems were fixed. Both problems are still there, but now I am my IE has been hi jacked by
res://gdbia.dll/index.html#37049. Need Help !!!!!!!!

Below is my Log File:

Logfile of HijackThis v1.98.0
Scan saved at 12:57:39 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ntvl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MoreResults\MoreResults.exe
C:\WINDOWS\System32\automove.exe
C:\WINDOWS\System32\oiqpkqp.exe
C:\WINDOWS\system32\apiny32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Bilal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gdbia.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gdbia.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gdbia.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gdbia.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gdbia.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gdbia.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3643DD64-94B4-5743-9B71-A41AC1605F6F} - C:\WINDOWS\ipzq.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [MoreResults] C:\Program Files\MoreResults\MoreResults.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [xbnjtberp] C:\WINDOWS\System32\oiqpkqp.exe
O4 - HKLM\..\Run: [apiny32.exe] C:\WINDOWS\system32\apiny32.exe
O4 - HKLM\..\RunOnce: [ntnr32.exe] C:\WINDOWS\ntnr32.exe
O4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\sdkwb32.exe
O4 - HKLM\..\RunOnce: [d3de32.exe] C:\WINDOWS\system32\d3de32.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintsvsu.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0631ccf5b9fa43f55e22/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: icoo - {2CC63CCE-A945-4D6A-9FA0-3669D7C3C22C} - C:\Program Files\ICOO Loader\addons7\icoourl.dll

0

Anyone got any other suggestions, because I really need help.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.