hjt experts here my problems

Question

besides the one this might show i also get many pop ups and computer seems to be alot slower and freezes  Logfile of HijackThis v1.99.1 Scan saved at 4:26:47 AM, on 2/18/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32saenh.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NaviSearch\bin
ls.exe C:\WINDOWS\hodfef.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Rqxs\Livxbs.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxtray.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\WINDOWS\System32\vzisuyn.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\Messenger\YPAGER.EXE C:\Program Files\NavExcel\NavHelper\v2.0.4d
avapp.exe C:\PROGRA~1\Yahoo!\browser\ybrowser.exe c:\Program Files\Registry Cleaner Trial\soref_rcs.exe C:\PROGRA~1\REGIST~1\RegClean.exe C:\Documents and Settings\Laura\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000940 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media.fastclick.net/w/pop.cgi?sid=16765&m=2&CK=N&JS=N&c=118840517 R3 - URLSearchHook: (no name) - {3809F3C5-D1F1-6415-BD83-B133C63266B4} - C:\WINDOWS\Bvwpesbd.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing) O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {26909350-1061-7829-6E04-19CEFBEB71F9} - C:\WINDOWS\Bvwpesbd.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\00n6dix.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
vms.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: Search - {DA88D68A-F161-F626-F6CE-CBAE788D4C51} - C:\WINDOWS\Bvwpesbd.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\iokiri.exe reg_run O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin
ls.exe O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [¢‰¸u0ÔÁÐ]­ú'ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hodfef.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]­ú'ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hodfef.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]­ú'ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hodfef.exe O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d
avapp.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hodfef.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hodfef.exe O4 - HKLM\..\Run: [Bjzxgil] C:\Program Files\Rqxs\Livxbs.exe O4 - HKLM\..\Run: [Internet Optimizer] 'C:\Program Files\Internet Optimizer\optimize.exe' O4 - HKLM\..\Run: [rXeacFE] C:\WINDOWS\hodfef.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [IPInSightMonitor 01] 'C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe' O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Dell AIO Printer A940] 'C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe' O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [ktpzdd] C:\WINDOWS\System32\vzisuyn.exe r O4 - HKCU\..\Run: [198_150_ni_3] 'C:\Documents and Settings\Laura\198_150_ni_3.exe' O4 - HKCU\..\Run: [197_150_ni_3] C:\WINDOWS\System32\197_150_ni_3.exe O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe O4 - HKCU\..\Run: [ares] 'C:\Program Files\Ares\Ares.exe' -h O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [wintrust] C:\WINDOWS\System32\wintrust.exe O4 - HKCU\..\Run: [msnmsgr] 'C:\Program Files\MSN Messenger\msnmsgr.exe' /background O4 - HKCU\..\Run: [MoneyAgent] 'C:\Program Files\Microsoft Money\System\mnyexpr.exe' O4 - HKCU\..\Run: [kbdycc] C:\WINDOWS\System32\kbdycc.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [WinFixer2005] 'C:\Program Files\WinFixer2005\UWFX5.exe' /min O4 - HKCU\..\Run: [es] 'C:\WINDOWS\System32\es.exe' O4 - HKCU\..\Run: [esentprf] 'C:\WINDOWS\System32\esentprf.exe' O4 - HKCU\..\Run: [cic] 'C:\WINDOWS\System32\cic.exe' O4 - HKCU\..\Run: [mscpxl32] 'C:\WINDOWS\System32\mscpxl32.exe' O4 - HKCU\..\Run: [msvidc32] 'C:\WINDOWS\System32\msvidc32.exe' O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\RegClean.exe O4 - Startup: taskmgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\datadx.dll O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\datadx.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1137d9a9ac2947478918/netzip/RdxIE601.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - AppInit_DLLs: mad.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: rsaenh - Unknown owner - C:\WINDOWS\System32saenh.exe O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

ky331 · Answer

Your system is severely infected.   Be advised that I will only start the process of trying to repair things.   My goal is to remove two specific types of popups:   WinFixer, and NAIL (A Better Internet / The Best Offers Network).    After that, someone else will hopefully take-over to assist you with your remaining problems, of which there will be many.  Please be patient as we try to proceed. This is a rather long list of things to do.  I would strongly suggest you print all this out, and then, carefully proceed exactly as indicated. ********************** First: You're running HJT from a TEMP directory: C:\Documents and Settings\Laura\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe When you do so, either HJT will not create its log files and backup files; or if it does, you risk losing them when the TEMP's cache is cleared. It's important that you save these backup files, in case you have to 'undo' [restore] some of the things you 'FIX' incorrectly. So you need to move HJT into a separate, non-temporary, non-Desktop, directory of its own. We recommend using the directory C:\HJT , so that it will then appear in your log, under running processes, as C:\HJT\HiJackThis.exe ************************ Among other things, you have a NAIL/epolvy/SvcProc infection... I'm going to try to help you to remove this first [and then we can move on to other problems]. This fix involves using Ad-Aware, and its VX2-cleaner. It is critical that you use the current versions as indicated below... if you use an older/obsolete version, the fix will not work. If you don't already have it, download Ad-Aware SE Personal 1.06 from http://www.majorgeeks.com/Ad-Aware_SE_Personal_d506.html   [Note: If you have an older 'build' of Ad-Aware SE --- or even worse, if you're still using Ad-Aware 6 --- you must upgrade to this version/build, SE 1.06 ] Install the Ad-Aware program (following any indicated directions). [As part of the installation, it will check to see if you already have an older version of Ad-Aware installed, and if one is found, it will ask ('advise') you to allow the older one to be removed... so if asked, please allow it.] Open/start Ad-Aware SE. Click on Check for Updates Now, and Connect . if found, follow the directions to download/install the latest reference file, till you FINISH. After updating, from the STATUS screen, click on START. then make sure you have a RED X in front of 'Search for negligible risk entries' (if you see a GREEN CHECK, then CLICK on it, to change it to the RED X. ) then hit NEXT to perform a Smart Scan. Allow it to remove any problems founds. Close-down Ad-Aware. then download the VX2-cleaner add-on by clicking-on the link near the bottom of http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml This will download the file vx2cleaner_inst.exe ; click on it, and follow the directions to install the VX2-cleaner. Start Ad-Aware SE again. Click on the Add-Ons button. Click on the VX2-Cleaner. Click on Run Tool, and then click OK . If it finds any VX2 problems, follow all the directions to CLEAN things. (I believe this will include a reboot, and directions to run another smart scan. Follow all indicated directions [i.e., various/multiple scans] until it tells you you're clean of VX2. This should have removed all traces of NAIL/Aurora/epolvy/SvcProc. ********************************* Please note:  I am including two 'search engines' in the following list of suggested removals.    If you have knowingly and intentionally chosen either   couldnotfind.com   or   search-exe.com   , and wish to keep them, then you shouldn't  check them off. close your internet browser Run HJT. click on DO A SYSTEM SCAN ONLY Place a check-mark in the box in front of each of the lines:   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000940 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing) O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll O2 - BHO: (no name) - {26909350-1061-7829-6E04-19CEFBEB71F9} - C:\WINDOWS\Bvwpesbd.dllO2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\00n6dix.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
vms.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Search - {DA88D68A-F161-F626-F6CE-CBAE788D4C51} - C:\WINDOWS\Bvwpesbd.dll O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll   O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKCU\..\Run: [WinFixer2005] 'C:\Program Files\WinFixer2005\UWFX5.exe' /min   O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)   O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll Click on FIX CHECKED. Close HJT. Reboot.   ************ Please generate and post a new HiJackThis log, REPLYing to this thread.   Let me know if you've noticed any differences so far, especially in terms of popups. Message Edited by ky331 on 02-20-2006 09:09 AM

Virus & Spyware

Was this post helpful?