Bit Defender Question

I just tried using BitDefender free online scan, and it found numerous problems, but my question is how do I fix those problems? I was told not choose autoclean option, so I do I clean myself after I am aware of where the problems are?
I will give the report:

C:\_RESTORE\TEMP\A0119420.CPY=>(ZIP Sfx s)=>whieshm.dll: infected with Application.Spyware.WebHancer
C:\_RESTORE\TEMP\A0119420.CPY=>(ZIP Sfx s)=>nrpr.exe: infected with Trojan.Premeter.A
C:\_RESTORE\TEMP\A0119429.CPY=>(ZIP Sfx s)=>wbhshare.dll: infected with Application.Spyware.WebHancer
C:\_RESTORE\TEMP\A0119429.CPY=>(ZIP Sfx s)=>Webhdll.dll: infected with Application.Spyware.WebHancer
C:\_RESTORE\TEMP\A0119429.CPY=>(ZIP Sfx s)=>whiehlpr.dll: infected with Application.Spyware.WebHancer
C:\_RESTORE\TEMP\A0119429.CPY=>(ZIP Sfx s)=>whieshm.dll: infected with Application.Spyware.WebHancer
C:\_RESTORE\TEMP\A0119429.CPY=>(ZIP Sfx s)=>nrpr.exe: infected with Trojan.Premeter.A

 

Also just tried autoclean and disenfection failed???

What can I do, please help. Thank you!

 

Looks like you're using Windows ME?? Those would be in the System Restore folder, which is inaccessible. You need to Disable System Restore, reboot and re-enable it to clear those out.

 

I am running XP and I accessed the folder and delted, however I still have this annoying toolbar that has things like "gambling, internet, pharmacy, adult, etc) I have no clue how to get rid of it, it seems my toolbar options are deactivated so i can't just unclick that toolbar, any help?

 

Download HijackThis.exe from here. Save it to a permanent folder (I create a new folder in C:\ named HJT). Open and click scan, then save log. Once it is saved it will open in notepad. Select all from the edit button, copy and paste the results here. Don't fix anything with it yet!

 

ok did what you said, here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:52:14 AM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\COMMON~1\AOL\110373~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110373~1\EE\AOLServiceHost.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IE SP2 AddOn - {8C004B61-F3E3-4FA0-AFC9-9FD0F2DBB1DA} - C:\WINDOWS\System32\spvwh.dll
O2 - BHO: (no name) - {A4C85654-BBB3-8C68-BA81-E09B1EAC3EE7} - C:\WINDOWS\System32\pzzdmoj.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ActiveX Control - {F266D070-6B9D-475E-9557-F4D8BF53C23C} - C:\WINDOWS\System32\msqid.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [SetupWizard] D:\SetupWizard.exe reboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103731076\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Qdg] C:\WINDOWS\System32\Crs.exe
O4 - HKLM\..\Run: [Acv] C:\WINDOWS\Cjq.exe
O4 - HKLM\..\Run: [Neu] C:\WINDOWS\System32\Mem.exe
O4 - HKLM\..\Run: [Etr] C:\WINDOWS\System32\Tlb.exe
O4 - HKLM\..\Run: [Eli] C:\WINDOWS\Vub.exe
O4 - HKLM\..\Run: [Jnb] C:\WINDOWS\System32\Con.exe
O4 - HKLM\..\Run: [Egn] C:\WINDOWS\Dkv.exe
O4 - HKLM\..\Run: [Mfu] C:\WINDOWS\Fml.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll ",cdaEngineMain
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [Qdg] C:\WINDOWS\System32\Crs.exe
O4 - HKCU\..\Run: [Lvo] C:\WINDOWS\Let.exe
O4 - HKCU\..\Run: [Nuh] C:\WINDOWS\The.exe
O4 - HKCU\..\Run: [Fcv] C:\WINDOWS\Hls.exe
O4 - HKCU\..\Run: [Mko] C:\WINDOWS\System32\Ftu.exe
O4 - HKCU\..\Run: [Fpq] C:\WINDOWS\Jnf.exe
O4 - HKCU\..\Run: [Cmh] C:\WINDOWS\System32\Tml.exe
O4 - HKCU\..\Run: [Ahn] C:\WINDOWS\Ouf.exe
O4 - HKCU\..\Run: [Hkk] C:\WINDOWS\Rpk.exe
O4 - HKCU\..\Run: [Mmi] C:\WINDOWS\System32\Jtb.exe
O4 - HKCU\..\Run: [Bsm] C:\WINDOWS\Pgu.exe
O4 - HKCU\..\Run: [Soc] C:\WINDOWS\System32\Rhe.exe
O4 - HKCU\..\Run: [Heb] C:\WINDOWS\System32\Tej.exe
O4 - HKCU\..\Run: [Jrc] C:\WINDOWS\System32\Nuv.exe
O4 - HKCU\..\Run: [Lpg] C:\WINDOWS\System32\Pac.exe
O4 - HKCU\..\Run: [Eau] C:\WINDOWS\Nel.exe
O4 - HKCU\..\Run: [Doh] C:\WINDOWS\Cbt.exe
O4 - HKCU\..\Run: [Neq] C:\WINDOWS\Sis.exe
O4 - HKCU\..\Run: [Rfp] C:\WINDOWS\Mrv.exe
O4 - HKCU\..\Run: [Abl] C:\WINDOWS\Ctn.exe
O4 - HKCU\..\Run: [Rvj] C:\WINDOWS\System32\Epb.exe
O4 - HKCU\..\Run: [Tbp] C:\WINDOWS\System32\Ukk.exe
O4 - HKCU\..\Run: [Rgv] C:\WINDOWS\Jjp.exe
O4 - HKCU\..\Run: [Mbn] C:\WINDOWS\Men.exe
O4 - HKCU\..\Run: [Npb] C:\WINDOWS\System32\Jps.exe
O4 - HKCU\..\Run: [Lmt] C:\WINDOWS\System32\Fte.exe
O4 - HKCU\..\Run: [Vrl] C:\WINDOWS\System32\Sbo.exe
O4 - HKCU\..\Run: [Sqv] C:\WINDOWS\Qru.exe
O4 - HKCU\..\Run: [Kur] C:\WINDOWS\Ltv.exe
O4 - HKCU\..\Run: [Otu] C:\WINDOWS\System32\Vls.exe
O4 - HKCU\..\Run: [Fma] C:\WINDOWS\System32\Pbm.exe
O4 - HKCU\..\Run: [Scu] C:\WINDOWS\Kea.exe
O4 - HKCU\..\Run: [Bia] C:\WINDOWS\Phj.exe
O4 - HKCU\..\Run: [Cit] C:\WINDOWS\System32\Itd.exe
O4 - HKCU\..\Run: [Pld] C:\WINDOWS\Cif.exe
O4 - HKCU\..\Run: [Fgl] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Cds] C:\WINDOWS\System32\Qis.exe
O4 - HKCU\..\Run: [Amn] C:\WINDOWS\Ubv.exe
O4 - HKCU\..\Run: [Mop] C:\WINDOWS\Ljk.exe
O4 - HKCU\..\Run: [Qln] C:\WINDOWS\Eri.exe
O4 - HKCU\..\Run: [Hdk] C:\WINDOWS\Foq.exe
O4 - HKCU\..\Run: [Fbe] C:\WINDOWS\System32\Sig.exe
O4 - HKCU\..\Run: [Bqt] C:\WINDOWS\System32\Sgt.exe
O4 - HKCU\..\Run: [Tch] C:\WINDOWS\Hit.exe
O4 - HKCU\..\Run: [Jcu] C:\WINDOWS\Hgl.exe
O4 - HKCU\..\Run: [Vlk] C:\WINDOWS\System32\Gpa.exe
O4 - HKCU\..\Run: [Loh] C:\WINDOWS\Ldp.exe
O4 - HKCU\..\Run: [Jml] C:\WINDOWS\Gll.exe
O4 - HKCU\..\Run: [Kqn] C:\WINDOWS\Qie.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\Uvf.exe
O4 - HKCU\..\Run: [Uib] C:\WINDOWS\Let.exe
O4 - HKCU\..\Run: [Hts] C:\WINDOWS\Hdp.exe
O4 - HKCU\..\Run: [Jht] C:\WINDOWS\System32\Ufe.exe
O4 - HKCU\..\Run: [Hoo] C:\WINDOWS\System32\Vge.exe
O4 - HKCU\..\Run: [Mvs] C:\WINDOWS\System32\Rbj.exe
O4 - HKCU\..\Run: [Lrr] C:\WINDOWS\Jfb.exe
O4 - HKCU\..\Run: [Hsm] C:\WINDOWS\System32\Piq.exe
O4 - HKCU\..\Run: [Fop] C:\WINDOWS\Iqm.exe
O4 - HKCU\..\Run: [Hea] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Asr] C:\WINDOWS\System32\Ovu.exe
O4 - HKCU\..\Run: [Dpv] C:\WINDOWS\Nef.exe
O4 - HKCU\..\Run: [Uia] C:\WINDOWS\Vgq.exe
O4 - HKCU\..\Run: [Rsq] C:\WINDOWS\System32\Unq.exe
O4 - HKCU\..\Run: [Grd] C:\WINDOWS\Sle.exe
O4 - HKCU\..\Run: [Vot] C:\WINDOWS\System32\Lph.exe
O4 - HKCU\..\Run: [Eqa] C:\WINDOWS\Hks.exe
O4 - HKCU\..\Run: [Qto] C:\WINDOWS\Mdc.exe
O4 - HKCU\..\Run: [Ndb] C:\WINDOWS\Lnb.exe
O4 - HKCU\..\Run: [Nsp] C:\WINDOWS\System32\Aql.exe
O4 - HKCU\..\Run: [Upa] C:\WINDOWS\System32\Qbq.exe
O4 - HKCU\..\Run: [Fdi] C:\WINDOWS\System32\Ogk.exe
O4 - HKCU\..\Run: [Iig] C:\WINDOWS\System32\Drd.exe
O4 - HKCU\..\Run: [Ebl] C:\WINDOWS\Auq.exe
O4 - HKCU\..\Run: [Jui] C:\WINDOWS\Dti.exe
O4 - HKCU\..\Run: [Lfu] C:\WINDOWS\Vue.exe
O4 - HKCU\..\Run: [Cep] C:\WINDOWS\Plj.exe
O4 - HKCU\..\Run: [Ada] C:\WINDOWS\System32\Emi.exe
O4 - HKCU\..\Run: [Vge] C:\WINDOWS\Hlc.exe
O4 - HKCU\..\Run: [Jnc] C:\WINDOWS\System32\Vhu.exe
O4 - HKCU\..\Run: [Glm] C:\WINDOWS\System32\Kpv.exe
O4 - HKCU\..\Run: [Sif] C:\WINDOWS\Fhf.exe
O4 - HKCU\..\Run: [Dfc] C:\WINDOWS\Mef.exe
O4 - HKCU\..\Run: [Sbn] C:\WINDOWS\System32\Cpo.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Ggf] C:\WINDOWS\Cdj.exe
O4 - HKCU\..\Run: [Deg] C:\WINDOWS\System32\Obl.exe
O4 - HKCU\..\Run: [Vdd] C:\WINDOWS\System32\Tls.exe
O4 - HKCU\..\Run: [Dtn] C:\WINDOWS\System32\Bsm.exe
O4 - HKCU\..\Run: [Ofl] C:\WINDOWS\System32\Dki.exe
O4 - HKCU\..\Run: [Lto] C:\WINDOWS\Vtk.exe
O4 - HKCU\..\Run: [Csj] C:\WINDOWS\System32\Mkj.exe
O4 - HKCU\..\Run: [Fmp] C:\WINDOWS\Iaa.exe
O4 - HKCU\..\Run: [Tpd] C:\WINDOWS\System32\Dhl.exe
O4 - HKCU\..\Run: [Mve] C:\WINDOWS\Ggb.exe
O4 - HKCU\..\Run: [Bhl] C:\WINDOWS\System32\Ifi.exe
O4 - HKCU\..\Run: [Ugo] C:\WINDOWS\System32\Nsl.exe
O4 - HKCU\..\Run: [Cgs] C:\WINDOWS\Sga.exe
O4 - HKCU\..\Run: [Bij] C:\WINDOWS\System32\Fnn.exe
O4 - HKCU\..\Run: [Hbr] C:\WINDOWS\Ind.exe
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\Hjh.exe
O4 - HKCU\..\Run: [Idt] C:\WINDOWS\Upn.exe
O4 - HKCU\..\Run: [Tao] C:\WINDOWS\Idr.exe
O4 - HKCU\..\Run: [Dcu] C:\WINDOWS\Nsp.exe
O4 - HKCU\..\Run: [Fec] C:\WINDOWS\System32\Arm.exe
O4 - HKCU\..\Run: [Ero] C:\WINDOWS\System32\Ncu.exe
O4 - HKCU\..\Run: [Dcr] C:\WINDOWS\Dno.exe
O4 - HKCU\..\Run: [Que] C:\WINDOWS\Gnh.exe
O4 - HKCU\..\Run: [Rjj] C:\WINDOWS\Cio.exe
O4 - HKCU\..\Run: [Pnl] C:\WINDOWS\System32\Uql.exe
O4 - HKCU\..\Run: [Get] C:\WINDOWS\Msd.exe
O4 - HKCU\..\Run: [Tgh] C:\WINDOWS\System32\Efq.exe
O4 - HKCU\..\Run: [Odm] C:\WINDOWS\System32\Mio.exe
O4 - HKCU\..\Run: [Acv] C:\WINDOWS\Cjq.exe
O4 - HKCU\..\Run: [Fpf] C:\WINDOWS\System32\Mkj.exe
O4 - HKCU\..\Run: [Neu] C:\WINDOWS\System32\Mem.exe
O4 - HKCU\..\Run: [Etr] C:\WINDOWS\System32\Tlb.exe
O4 - HKCU\..\Run: [Eli] C:\WINDOWS\Vub.exe
O4 - HKCU\..\Run: [Sta] C:\WINDOWS\Eri.exe
O4 - HKCU\..\Run: [Lnm] C:\WINDOWS\Vgq.exe
O4 - HKCU\..\Run: [Tmf] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Aki] C:\WINDOWS\System32\Qbq.exe
O4 - HKCU\..\Run: [Jnb] C:\WINDOWS\System32\Con.exe
O4 - HKCU\..\Run: [Ujj] C:\WINDOWS\Upn.exe
O4 - HKCU\..\Run: [Fja] C:\WINDOWS\System32\Jps.exe
O4 - HKCU\..\Run: [Urp] C:\WINDOWS\System32\Piq.exe
O4 - HKCU\..\Run: [Egn] C:\WINDOWS\Dkv.exe
O4 - HKCU\..\Run: [Tkb] C:\WINDOWS\System32\Ogk.exe
O4 - HKCU\..\Run: [Mfu] C:\WINDOWS\Fml.exe
O4 - HKCU\..\Run: [Bei] C:\WINDOWS\Gnh.exe
O4 - HKCU\..\Run: [Sig] C:\WINDOWS\Cio.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - Startup: winupdate45543887[1].exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted IP range: 64.62.171.156
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110302967310
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF408247-0C62-4A80-9B82-3D6274F786E7}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

Please download Process Explorer, unzip and open, then click file>save as and put on your desktop. Open and copy/paste the log here.

 

Thought I should explain my last post.

All of those random three letter run entries in your log are signs of a fairly new infection being called Spywad, for which a well known and trusted malware fighter has written a removal tool. For the tool to work, we need to get one of those three letter executable names from the running processes (there will usually only be one). The problem here is that there isn't one in your log, so I'm hoping that it's hiding from HijackThis and Process Explorer will see it instead.

 

I d/l Process Explorer and used it, however, where do I find the log? All that comes up when I open the application is a type of system status window??

 

When you open PE, it should have a list of the processes currently running on your machine in the top pane. Click File on it's toolbar, then Save As. In the opening dialog box, click Desktop in the left pane (or navigate to it in the address window) then click Save. It will be named Procexp.txt on your desktop.

 

Thanks Dave, here is the report:




Process PID CPU Description Company Name
System Idle Process 0 75.96
Interrupts n/a 0.96 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.96
SMSS.EXE 420 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 476 0.96 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 500 Windows NT Logon Application Microsoft Corporation
SERVICES.EXE 544 0.96 Services and Controller app Microsoft Corporation
SVCHOST.EXE 712 Generic Host Process for Win32 Services Microsoft Corporation
naPrdMgr.exe 1696 NAI Product Manager Network Associates, Inc.
AOLHostManager.exe 2500 AOLHostManager Service America Online, Inc.
AOLServiceHost.exe 2540 AOLServiceHost Service America Online, Inc.
wmiprvse.exe 2872 WMI Microsoft Corporation
SVCHOST.EXE 768 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2364 Automatic Updates Microsoft Corporation
SVCHOST.EXE 872 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 924 Generic Host Process for Win32 Services Microsoft Corporation
SPOOLSV.EXE 1088 Spooler SubSystem App Microsoft Corporation
ccEvtMgr.exe 1116 Event Manager Service Symantec Corporation
NISUM.EXE 1128 Norton Internet Security NISUM Symantec Corporation
ALG.EXE 1368 Application Layer Gateway Service Microsoft Corporation
AOLacsd.exe 1380 AOL Connectivity Service America Online
AOLTSMON.EXE 1400 AOL TopSpeed(TM) Monitor America Online, Inc
AOLTPSPD.EXE 1484 AOL TopSpeed(TM) America Online Inc
CCPXYSVC.EXE 1440 Norton Internet Security Proxy Service Symantec Corporation
FrameworkService.exe 1476 Framework Service Network Associates, Inc.
VsTskMgr.exe 1600 Task Manager : scheduling and OAS alerting service Network Associates, Inc.
MDM.EXE 1808 Machine Debug Manager Microsoft Corporation
Navapsvc.exe 1824 Norton AntiVirus Auto-Protect Service Symantec Corporation
WANMPSVC.EXE 1960 Wan Miniport (ATW) Service America Online, Inc.
LSASS.EXE 556 LSA Shell (Export Version) Microsoft Corporation
Explorer.EXE 1252 1.92 Windows Explorer Microsoft Corporation
ccApp.exe 644 Common Client CC App Symantec Corporation
devldr32.exe 1848 DevLdr32 Creative Technology Ltd.
digstream.exe 204 DIGStream Cache Manager Walt Disney Internet Group
iTouch.exe 2056 iTouch Application Logitech Inc.
AOLDial.exe 2088 AOL Connectivity Service Dialer America Online
qttask.exe 2128 Apple Computer, Inc.
AOLSP Scheduler.exe 2148 AOLSP Scheduler
shstat.exe 2248 On-access scanner statistics Network Associates, Inc.
UpdaterUI.exe 2280 Common User Interface Network Associates, Inc.
rundll32.exe 2412 Run a DLL as an App Microsoft Corporation
Weather.exe 2476 WeatherBug AWS Convergence Technologies, Inc.
swdoctor.exe 2624 Spyware Doctor PCTools
ACCAgnt.exe 2656 AOL Computer Check-Up America Online Inc.
iexplore.exe 3464 2.88 Internet Explorer Microsoft Corporation
iexplore.exe 404 1.92 Internet Explorer Microsoft Corporation
procexp.exe 2212 13.46 Sysinternals Process Explorer Sysinternals
EM_EXEC.EXE 2112 Logitech Events Handler Application Logitech Inc.
PortAOL.exe 2324 Port Magic Application Pure Networks, Inc.
waol.exe 1188 America Online America Online, Inc.
shellmon.exe 1288 setupdb America Online, Inc.

Process: Procexp Pid: -2

Type Name

 

OK, nothing there either. Lets just fix these and take a look when done. Scan again with HijackThis, place a check next to the following entries, close all other windows and click fix.

*** All of the 04 entries with the random 3 letters in parentheses***
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
O2 - BHO: IE SP2 AddOn - {8C004B61-F3E3-4FA0-AFC9-9FD0F2DBB1DA} - C:\WINDOWS\System32\spvwh.dll
O2 - BHO: (no name) - {A4C85654-BBB3-8C68-BA81-E09B1EAC3EE7} - C:\WINDOWS\System32\pzzdmoj.dll
O2 - BHO: ActiveX Control - {F266D070-6B9D-475E-9557-F4D8BF53C23C} - C:\WINDOWS\System32\msqid.dll (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
O4 - HKLM\..\Run: [SetupWizard] D:\SetupWizard.exe reboot
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Qdg] C:\WINDOWS\System32\Crs.exe
O4 - HKLM\..\Run: [Acv] C:\WINDOWS\Cjq.exe
O4 - HKLM\..\Run: [Neu] C:\WINDOWS\System32\Mem.exe
O4 - HKLM\..\Run: [Etr] C:\WINDOWS\System32\Tlb.exe
O4 - HKLM\..\Run: [Eli] C:\WINDOWS\Vub.exe
O4 - HKLM\..\Run: [Jnb] C:\WINDOWS\System32\Con.exe
O4 - HKLM\..\Run: [Egn] C:\WINDOWS\Dkv.exe
O4 - HKLM\..\Run: [Mfu] C:\WINDOWS\Fml.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll ",cdaEngineMain
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [Qdg] C:\WINDOWS\System32\Crs.exe
O4 - HKCU\..\Run: [Lvo] C:\WINDOWS\Let.exe
O4 - HKCU\..\Run: [Nuh] C:\WINDOWS\The.exe
O4 - HKCU\..\Run: [Fcv] C:\WINDOWS\Hls.exe
O4 - HKCU\..\Run: [Mko] C:\WINDOWS\System32\Ftu.exe
O4 - HKCU\..\Run: [Fpq] C:\WINDOWS\Jnf.exe
O4 - HKCU\..\Run: [Cmh] C:\WINDOWS\System32\Tml.exe
O4 - HKCU\..\Run: [Ahn] C:\WINDOWS\Ouf.exe
O4 - HKCU\..\Run: [Hkk] C:\WINDOWS\Rpk.exe
O4 - HKCU\..\Run: [Mmi] C:\WINDOWS\System32\Jtb.exe
O4 - HKCU\..\Run: [Bsm] C:\WINDOWS\Pgu.exe
O4 - HKCU\..\Run: [Soc] C:\WINDOWS\System32\Rhe.exe
O4 - HKCU\..\Run: [Heb] C:\WINDOWS\System32\Tej.exe
O4 - HKCU\..\Run: [Jrc] C:\WINDOWS\System32\Nuv.exe
O4 - HKCU\..\Run: [Lpg] C:\WINDOWS\System32\Pac.exe
O4 - HKCU\..\Run: [Eau] C:\WINDOWS\Nel.exe
O4 - HKCU\..\Run: [Doh] C:\WINDOWS\Cbt.exe
O4 - HKCU\..\Run: [Neq] C:\WINDOWS\Sis.exe
O4 - HKCU\..\Run: [Rfp] C:\WINDOWS\Mrv.exe
O4 - HKCU\..\Run: [Abl] C:\WINDOWS\Ctn.exe
O4 - HKCU\..\Run: [Rvj] C:\WINDOWS\System32\Epb.exe
O4 - HKCU\..\Run: [Tbp] C:\WINDOWS\System32\Ukk.exe
O4 - HKCU\..\Run: [Rgv] C:\WINDOWS\Jjp.exe
O4 - HKCU\..\Run: [Mbn] C:\WINDOWS\Men.exe
O4 - HKCU\..\Run: [Npb] C:\WINDOWS\System32\Jps.exe
O4 - HKCU\..\Run: [Lmt] C:\WINDOWS\System32\Fte.exe
O4 - HKCU\..\Run: [Vrl] C:\WINDOWS\System32\Sbo.exe
O4 - HKCU\..\Run: [Sqv] C:\WINDOWS\Qru.exe
O4 - HKCU\..\Run: [Kur] C:\WINDOWS\Ltv.exe
O4 - HKCU\..\Run: [Otu] C:\WINDOWS\System32\Vls.exe
O4 - HKCU\..\Run: [Fma] C:\WINDOWS\System32\Pbm.exe
O4 - HKCU\..\Run: [Scu] C:\WINDOWS\Kea.exe
O4 - HKCU\..\Run: [Bia] C:\WINDOWS\Phj.exe
O4 - HKCU\..\Run: [Cit] C:\WINDOWS\System32\Itd.exe
O4 - HKCU\..\Run: [Pld] C:\WINDOWS\Cif.exe
O4 - HKCU\..\Run: [Fgl] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Cds] C:\WINDOWS\System32\Qis.exe
O4 - HKCU\..\Run: [Amn] C:\WINDOWS\Ubv.exe
O4 - HKCU\..\Run: [Mop] C:\WINDOWS\Ljk.exe
O4 - HKCU\..\Run: [Qln] C:\WINDOWS\Eri.exe
O4 - HKCU\..\Run: [Hdk] C:\WINDOWS\Foq.exe
O4 - HKCU\..\Run: [Fbe] C:\WINDOWS\System32\Sig.exe
O4 - HKCU\..\Run: [Bqt] C:\WINDOWS\System32\Sgt.exe
O4 - HKCU\..\Run: [Tch] C:\WINDOWS\Hit.exe
O4 - HKCU\..\Run: [Jcu] C:\WINDOWS\Hgl.exe
O4 - HKCU\..\Run: [Vlk] C:\WINDOWS\System32\Gpa.exe
O4 - HKCU\..\Run: [Loh] C:\WINDOWS\Ldp.exe
O4 - HKCU\..\Run: [Jml] C:\WINDOWS\Gll.exe
O4 - HKCU\..\Run: [Kqn] C:\WINDOWS\Qie.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\Uvf.exe
O4 - HKCU\..\Run: [Uib] C:\WINDOWS\Let.exe
O4 - HKCU\..\Run: [Hts] C:\WINDOWS\Hdp.exe
O4 - HKCU\..\Run: [Jht] C:\WINDOWS\System32\Ufe.exe
O4 - HKCU\..\Run: [Hoo] C:\WINDOWS\System32\Vge.exe
O4 - HKCU\..\Run: [Mvs] C:\WINDOWS\System32\Rbj.exe
O4 - HKCU\..\Run: [Lrr] C:\WINDOWS\Jfb.exe
O4 - HKCU\..\Run: [Hsm] C:\WINDOWS\System32\Piq.exe
O4 - HKCU\..\Run: [Fop] C:\WINDOWS\Iqm.exe
O4 - HKCU\..\Run: [Hea] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Asr] C:\WINDOWS\System32\Ovu.exe
O4 - HKCU\..\Run: [Dpv] C:\WINDOWS\Nef.exe
O4 - HKCU\..\Run: [Uia] C:\WINDOWS\Vgq.exe
O4 - HKCU\..\Run: [Rsq] C:\WINDOWS\System32\Unq.exe
O4 - HKCU\..\Run: [Grd] C:\WINDOWS\Sle.exe
O4 - HKCU\..\Run: [Vot] C:\WINDOWS\System32\Lph.exe
O4 - HKCU\..\Run: [Eqa] C:\WINDOWS\Hks.exe
O4 - HKCU\..\Run: [Qto] C:\WINDOWS\Mdc.exe
O4 - HKCU\..\Run: [Ndb] C:\WINDOWS\Lnb.exe
O4 - HKCU\..\Run: [Nsp] C:\WINDOWS\System32\Aql.exe
O4 - HKCU\..\Run: [Upa] C:\WINDOWS\System32\Qbq.exe
O4 - HKCU\..\Run: [Fdi] C:\WINDOWS\System32\Ogk.exe
O4 - HKCU\..\Run: [Iig] C:\WINDOWS\System32\Drd.exe
O4 - HKCU\..\Run: [Ebl] C:\WINDOWS\Auq.exe
O4 - HKCU\..\Run: [Jui] C:\WINDOWS\Dti.exe
O4 - HKCU\..\Run: [Lfu] C:\WINDOWS\Vue.exe
O4 - HKCU\..\Run: [Cep] C:\WINDOWS\Plj.exe
O4 - HKCU\..\Run: [Ada] C:\WINDOWS\System32\Emi.exe
O4 - HKCU\..\Run: [Vge] C:\WINDOWS\Hlc.exe
O4 - HKCU\..\Run: [Jnc] C:\WINDOWS\System32\Vhu.exe
O4 - HKCU\..\Run: [Glm] C:\WINDOWS\System32\Kpv.exe
O4 - HKCU\..\Run: [Sif] C:\WINDOWS\Fhf.exe
O4 - HKCU\..\Run: [Dfc] C:\WINDOWS\Mef.exe
O4 - HKCU\..\Run: [Sbn] C:\WINDOWS\System32\Cpo.exe
O4 - HKCU\..\Run: [Ggf] C:\WINDOWS\Cdj.exe
O4 - HKCU\..\Run: [Deg] C:\WINDOWS\System32\Obl.exe
O4 - HKCU\..\Run: [Vdd] C:\WINDOWS\System32\Tls.exe
O4 - HKCU\..\Run: [Dtn] C:\WINDOWS\System32\Bsm.exe
O4 - HKCU\..\Run: [Ofl] C:\WINDOWS\System32\Dki.exe
O4 - HKCU\..\Run: [Lto] C:\WINDOWS\Vtk.exe
O4 - HKCU\..\Run: [Csj] C:\WINDOWS\System32\Mkj.exe
O4 - HKCU\..\Run: [Fmp] C:\WINDOWS\Iaa.exe
O4 - HKCU\..\Run: [Tpd] C:\WINDOWS\System32\Dhl.exe
O4 - HKCU\..\Run: [Mve] C:\WINDOWS\Ggb.exe
O4 - HKCU\..\Run: [Bhl] C:\WINDOWS\System32\Ifi.exe
O4 - HKCU\..\Run: [Ugo] C:\WINDOWS\System32\Nsl.exe
O4 - HKCU\..\Run: [Cgs] C:\WINDOWS\Sga.exe
O4 - HKCU\..\Run: [Bij] C:\WINDOWS\System32\Fnn.exe
O4 - HKCU\..\Run: [Hbr] C:\WINDOWS\Ind.exe
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\Hjh.exe
O4 - HKCU\..\Run: [Idt] C:\WINDOWS\Upn.exe
O4 - HKCU\..\Run: [Tao] C:\WINDOWS\Idr.exe
O4 - HKCU\..\Run: [Dcu] C:\WINDOWS\Nsp.exe
O4 - HKCU\..\Run: [Fec] C:\WINDOWS\System32\Arm.exe
O4 - HKCU\..\Run: [Ero] C:\WINDOWS\System32\Ncu.exe
O4 - HKCU\..\Run: [Dcr] C:\WINDOWS\Dno.exe
O4 - HKCU\..\Run: [Que] C:\WINDOWS\Gnh.exe
O4 - HKCU\..\Run: [Rjj] C:\WINDOWS\Cio.exe
O4 - HKCU\..\Run: [Pnl] C:\WINDOWS\System32\Uql.exe
O4 - HKCU\..\Run: [Get] C:\WINDOWS\Msd.exe
O4 - HKCU\..\Run: [Tgh] C:\WINDOWS\System32\Efq.exe
O4 - HKCU\..\Run: [Odm] C:\WINDOWS\System32\Mio.exe
O4 - HKCU\..\Run: [Acv] C:\WINDOWS\Cjq.exe
O4 - HKCU\..\Run: [Fpf] C:\WINDOWS\System32\Mkj.exe
O4 - HKCU\..\Run: [Neu] C:\WINDOWS\System32\Mem.exe
O4 - HKCU\..\Run: [Etr] C:\WINDOWS\System32\Tlb.exe
O4 - HKCU\..\Run: [Eli] C:\WINDOWS\Vub.exe
O4 - HKCU\..\Run: [Sta] C:\WINDOWS\Eri.exe
O4 - HKCU\..\Run: [Lnm] C:\WINDOWS\Vgq.exe
O4 - HKCU\..\Run: [Tmf] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Aki] C:\WINDOWS\System32\Qbq.exe
O4 - HKCU\..\Run: [Jnb] C:\WINDOWS\System32\Con.exe
O4 - HKCU\..\Run: [Ujj] C:\WINDOWS\Upn.exe
O4 - HKCU\..\Run: [Fja] C:\WINDOWS\System32\Jps.exe
O4 - HKCU\..\Run: [Urp] C:\WINDOWS\System32\Piq.exe
O4 - HKCU\..\Run: [Egn] C:\WINDOWS\Dkv.exe
O4 - HKCU\..\Run: [Tkb] C:\WINDOWS\System32\Ogk.exe
O4 - HKCU\..\Run: [Mfu] C:\WINDOWS\Fml.exe
O4 - HKCU\..\Run: [Bei] C:\WINDOWS\Gnh.exe
O4 - HKCU\..\Run: [Sig] C:\WINDOWS\Cio.exe
O4 - Startup: winupdate45543887[1].exe
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted IP range: 64.62.171.156 <<<< fix unless you added this address to the trusted zone

Reboot.

Search for the file monitor.exe and check it's properties. Let us know any company/version info from the version tab.
Search for the files open32.conf and open32.exe (most likely C:\Windows\system32) and delete.
Delete the winupdate45543887[1].exe file from the Startup folder, available via Start>All Programs.
Delete the contents of C:\Windows\Prefetch.
Delete the contents of C:\Windows\Temp. Some may be in use. Delete as many as you can.
Click start>run and type %temp%, hit enter. Again, delete as many as you can.
Open Internet options in the control panel and delete the Temporary Internet Files.
Empty the recycle bin.

Reboot and do another HijackThis scan, then post the log.

Is D: another partition or a CD drive?

 

Ok I was able to delete most of what you said, however, my search feature on my computer hasn't worked for sometime, I believe I accidently deleted a file that is necissary to run this operation. Perhaps you could assist me in getting that function back. That is neither here nor there right now. When accesing the following folder: C:/Windows/system32 a window pops up from my Norton Antivirus saying a Virus has been detected this is what it shows:

Object Name: C:/WINDOWS/SYSTEM32/cithlper.exe
Virus Name: Bloodhound.W32.EP
Action Taken: Access to the file was denied

Ok, just wanted to bring that up, seems important and it may be a problem on my system

I will now post the most recent hjt log

**Note: I was unable to delete the following: open32.conf and open32.exe

 

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:25:40 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\110373~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110373~1\EE\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103731076\EE\AOLHostManager.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110302967310
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF408247-0C62-4A80-9B82-3D6274F786E7}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Extract the file to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:/WINDOWS/SYSTEM32/cithlper.exe

Check the box to delete on reboot and click the red X to the right. Click Yes, then NO to the reboot now prompt. Copy the next filepath, paste it in the box, and repeat the above steps. When all of the below filepaths are done, allow it to reboot.

C:/WINDOWS/SYSTEM32/open32.exe
C:/WINDOWS/SYSTEM32/open32.conf

Your log is otherwise clean.

Here's something you can try to fix the search function. Navigate to the C:\Windows\Inf folder. Locate the srchasst.inf file. Right click it and select Install. You will likely be prompted for the XP CD. **The inf folder is a hidden folder, so you will need to set Windows to show hidden files and folders.

 

I D/L KillBox, and when I pasted the path it gave me the following error box:

Error: 5. Invalid procedure call or arugment

I tried to type this path in as well, as soon as I finish typing "C:/WINDOWS " the error pops up, any thoughts??

 

Also, I was able to enter the last 2 paths and do as you said, I will reboot now...

 

If you typed the filepath exactly as you posted it, C:/Windows..........try it like this, C:\Windows.........all of the slashes in the filepath should be backslashes \ \ \

Sorry, I just looked back at my instructions and see I posted it that way.......the slashes going the wrong way. Odd, since I usually copy/paste those filepaths

Just looked back a bit further and see I did copy/paste that path......from your post previous to the HJT log. Sorry I didn't notice before.