[ZenoZatch]

Well, when I go to edit the Windows Firewall Settings it says for your security some settings are controlled by Group Policy and all the options are grayed out so I can't click to edit the options. Well, the problem with that is the firewall is off and I have no protection. I'm running on Wingdows XP Home. So please if you have any information please, help because I have to get the firewall on. Malware and Ad-Ware has already entered my computer, and I'm currently getting rid of it now.

[Abarbarian]

http://www.personalfirewall.comodo.com/

http://www.avast.com/

Those above are good in my opinion or look below for further advice .

http://www.pcreview.co.uk/forums/thread-2697599.php

[ZenoZatch]

So you're saying I should just get a 3rd Party Firewall instead of fixing mine?

Thanks for the links, and I'll put one up for now. But, could someone help me restore my Firewall so I can turn is on.

[muckshifter]

Quote:

Malware and Ad-Ware has already entered my computer, and I'm currently getting rid of it now.

I suspect that, until you can eradicate your infection, you will find it hard to turn on any firewall.


What measures are you taking to eradicate your infection? ie: what software are you using.

[ZenoZatch]

Quote:

Originally Posted by muckshifter

I suspect that, until you can eradicate your infection, you will find it hard to turn on any firewall.


What measures are you taking to eradicate your infection? ie: what software are you using.

I've used Killbox, Ad-Aware 2007(Free), Yahoo Toolbar(Norton Spyware Scan and Yahoo Anti-Spy). That's what I use now.

[muckshifter]

Quote:

Originally Posted by ZenoZatch

I've used Killbox, Ad-Aware 2007(Free), Yahoo Toolbar(Norton Spyware Scan and Yahoo Anti-Spy). That's what I use now.

Hmmm, err, not criticizing, but I would like to see a HijackThis log if you don't mind.

I would suggest something stronger ... at least try the online scanner at KAV I would go as far as suggesting you install their Trial version of KAV6

As for an excellent anti-nastie program, give SUPERAntiSpyware a go also ... I'll lay you odds-on, it will find other stuff on your system.

Good Luck!

[ZenoZatch]

HiJack This Log-

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:14:57 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {2DD1D35F-96FD-4F09-B29D-E7D1EA9FF00e} - C:\WINDOWS\system32\uftouuqs.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {38F97444-9735-43FE-A6A9-AFA72EA46D7f} - C:\WINDOWS\system32\tnbfphkg.dll
O2 - BHO: (no name) - {3CF75190-4A54-496B-98FF-A65049A9C7BC} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\fngxuedb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {956942F5-C2B9-4A0C-809C-AD03EB883D40} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C8F3BFCE-EC9B-4C31-ACEB-1AACF92EAFE6} - C:\WINDOWS\system32\xonalcys.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: PsapiAnalyzer Object - {CB8B69CF-31AF-40D0-A119-5A8435BC1534} - c:\windows\fonts\wabr.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jnfjhdnc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\stdrun2.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [hvbncfj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hvbncfj.dll,cgovpob (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [cjlocaj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cjlocaj.dll,acbgykg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\NETWOR~1\LOCALS~1\Temp\stdrun2.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: nnnnlmk - nnnnlmk.dll (file missing)
O20 - Winlogon Notify: p4reg - p432.dll (file missing)
O20 - Winlogon Notify: wabr - c:\windows\fonts\wabr.dll (file missing)
O20 - Winlogon Notify: wvusrrs - wvusrrs.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (iyfiadyeis5) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - C:\WINDOWS\system32\mpreg.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.planet-megaman.com/visual...e_1024x768.jpg
O24 - Desktop Component 1: (no name) - http://www.pokemon.com/0Images/Events/0400055902.jpg
O24 - Desktop Component 2: (no name) - http://www.kimaera.net/gpics/ropesc.jpg

--
End of file - 12374 bytes

There's the log. You want me to do a KAV online scan too, right?

[muckshifter]

Quote:

There's the log. You want me to do a KAV online scan too, right?

Yep ... it may show up stuff that HJT could miss ...


I would, after having a quick look at your log, strongly suggest you also go get superantispyware ... install, update it, and run it.

In the meantime I'll take a closer look at your log and report back my advice ... your PC is badly infected.

Give me some time here ...

[ZenoZatch]

Take your time. I'm using KAV Online Scanner as we speak, and I'll post that up when its done.

[muckshifter]

Please get HJT to fix the following ... if you ran the above programs as suggested, they may have already been fixed.

I cannot see an active antivirus program ... more reason to install KAV

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe
I do not like this, but I'm reluctent to suggest fixing ... for now leave it.

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
Must be fixed! Unnecessary (deactivated) entry that can be fixed. Trojan Downloader. We do not want it reactivated.

O2 - BHO: (no name) - {2DD1D35F-96FD-4F09-B29D-E7D1EA9FF00e} - C:\WINDOWS\system32\uftouuqs.dll (file missing)
Unnecessary (deactivated) entry that can be fixed

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
Must be fixed!
Unnecessary (deactivated) entry that can be fixed. Adware.BetterInternet

O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {38F97444-9735-43FE-A6A9-AFA72EA46D7f} - C:\WINDOWS\system32\tnbfphkg.dll
I do not know what this is ... but I would get HJT to fix it

O2 - BHO: (no name) - {3CF75190-4A54-496B-98FF-A65049A9C7BC} - C:\WINDOWS\system32\awtqq.dll
Nasty

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
Must be fixed!
Unnecessary (deactivated) entry that can be fixed. 2020Search.dll, ‚0SE~1.DLL - 2020Search

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
Must be fixed!
Unnecessary (deactivated) entry that can be fixed. Malware

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\fngxuedb.dll
Unknown ... but I would get HJT to fix it

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
ouch!! Must be fixed!
Unnecessary (deactivated) entry that can be fixed. saiemod.dll - 180Solutions.com SurfAssistant ... this is a bugger!!

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
Extremely Nastie

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
Extremely Nastie

O2 - BHO: (no name) - {956942F5-C2B9-4A0C-809C-AD03EB883D40} - C:\WINDOWS\system32\vtsqp.dll (file missing)
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
Nastie (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {C8F3BFCE-EC9B-4C31-ACEB-1AACF92EAFE6} - C:\WINDOWS\system32\xonalcys.dll
Unknown ... but I would get HJT to fix it

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
Extremely Nastie (deactivated) entry that can be fixed. Pbar.dll - 4Arcade PBar ... ugh!!

O2 - BHO: PsapiAnalyzer Object - {CB8B69CF-31AF-40D0-A119-5A8435BC1534} - c:\windows\fonts\wabr.dll (file missing)
Nasty!!

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
Unnecessary (deactivated) entry that can be fixed. saIE.dll - SiteAdvisor

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jnfjhdnc.dll",realset
Dunno, but I don't want it running here, should be fixed

O4 - HKUS\S-1-5-19\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\stdrun2.exe (User 'LOCAL SERVICE')
Not sure, but I'm suspect as it should NOT be running from the Temp folder, should be fixed

O4 - HKUS\S-1-5-19\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe (User 'LOCAL SERVICE')
??? lost on this one too ... I would fix it

O4 - HKUS\S-1-5-19\..\Run: [hvbncfj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hvbncfj.dll,cgovpob (User 'LOCAL SERVICE')
Nastie

O4 - HKUS\S-1-5-19\..\Run: [cjlocaj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cjlocaj.dll,acbgykg (User 'LOCAL SERVICE')
Nastie

O4 - HKUS\S-1-5-20\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\NETWOR~1\LOCALS~1\Temp\stdrun2.exe (User 'NETWORK SERVICE')
Not sure, but I'm suspect as it should NOT be running from the Temp folder, should be fixed

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
Extremely Nastie, fortunatly (deactivated) entry that can be fixed

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
Extremely Nastie Should be fixed. Affiliate.Adware

O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
Nasty

O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: nnnnlmk - nnnnlmk.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: p4reg - p432.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: wabr - c:\windows\fonts\wabr.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: wvusrrs - wvusrrsalldll (file missing)
Nastie (deactivated) entry that can be fixed

O23 - Service: Print Spooler Service (iyfiadyeis5) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O24 - Desktop Component 0: (no name) - http://www.planet-megaman.com/visua...le_1024x768.jpg
Dunno ... your call

O24 - Desktop Component 1: (no name) - http://www.pokemon.com/0Images/Events/0400055902.jpg
dunno ... your call

O24 - Desktop Component 2: (no name) - http://www.kimaera.net/gpics/ropesc.jpg
dunno ... your call


Usual Disclaimer; I cannot be held responsible if any suggested fixes by me screw up your PC

As I said ... if you already ran the programs I suggest, please check the log and get HJT to fix anything left over


Please post another Log when done ...