Hello again,
Finally I was able to load, run and save "HijackThis". The results as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:17 PM, on 11/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.att.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://welcome.bellsouth.net/asp/dsl_welcome.aspO1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 osawarepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 osawarepro2009.com
O1 - Hosts: 91.212.127.227
http://www.osawarepro2009.comO2 - BHO: C:\WINDOWS\system32\t2xuzhw908.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\t2xuzhw908.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [pibqbsnc] C:\Documents and Settings\Administrator\Local Settings\Application Data\dctvjl\yvjvsysguard.exe
O4 - HKLM\..\Run: [48072728] C:\DOCUME~1\ALLUSE~1\APPLIC~1\48072728\48072728.exe
O4 - HKLM\..\Run: [vunusatih] Rundll32.exe "c:\windows\system32\soziredo.dll",a
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [91861126] C:\Documents and Settings\All Users\Application Data\91861126\91861126.exe
O4 - HKLM\..\Run: [59414831] C:\DOCUME~1\ALLUSE~1\APPLIC~1\59414831\59414831.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [A00FCEAF50.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00FCEAF50.exe
O4 - HKCU\..\Run: [A00F8D1D0F.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F8D1D0F.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [A00FC49215.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00FC49215.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [streamsp60] rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\streamsp60\streamsp60.dll", DllInit
O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\x2bnuk8.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\login.exe
O4 - HKCU\..\Run: [pibqbsnc] C:\Documents and Settings\Administrator\Local Settings\Application Data\dctvjl\yvjvsysguard.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/stunt-driver/en/"
O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\WINDOWS\TEMP\mdm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\WINDOWS\TEMP\mdm.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://echat.bellsouth.net/sdccommon/do ... gctlcm.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 4959171109O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} -
http://pbells.broadjump.com/wizlet/Stan ... _4-2-0.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{1540F201-ADE6-4689-9699-020EA2D6BA7B}: NameServer = 77.74.48.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{72201C63-3B6B-4146-A9B9-4BF9C0FE4D0F}: NameServer = 77.74.48.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{1540F201-ADE6-4689-9699-020EA2D6BA7B}: NameServer = 77.74.48.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{1540F201-ADE6-4689-9699-020EA2D6BA7B}: NameServer = 77.74.48.113
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/html - {254fc5b0-f81c-45a0-a518-4fef37aac39d} - C:\WINDOWS\batmeter16.dll
O20 - AppInit_DLLs: c:\windows\system32\soziredo.dll,bofofevu.dll
O20 - Winlogon Notify: __c007BAB9 - C:\WINDOWS\system32\__c007BAB9.dat (file missing)
O20 - Winlogon Notify: __c00B3FC5 - C:\WINDOWS\system32\__c00B3FC5.dat
O21 - SSODL: wogirukep - {32b4e0f9-eac6-4290-9851-77b080be565d} - c:\windows\system32\rudajeki.dll (file missing)
O21 - SSODL: sojadozin - {1a7edc2f-19c6-4876-aa07-4428b5aa6f7e} - c:\windows\system32\soziredo.dll
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\t2xuzhw908.dll
O22 - SharedTaskScheduler: jugezatag - {32b4e0f9-eac6-4290-9851-77b080be565d} - c:\windows\system32\rudajeki.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1a7edc2f-19c6-4876-aa07-4428b5aa6f7e} - c:\windows\system32\soziredo.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O24 - Desktop Component 0: (no name) -
http://i.pbase.com/t6/21/571721/4/71473965.1YtZC2HD.jpgO24 - Desktop Component 1: (no name) -
http://www.johnnydeppfan.com/people9152008thumb.jpgO24 - Desktop Component 2: (no name) -
http://www.horse-races.net/horsecard/hialeahls.jpg--
End of file - 10055 bytes
Clearly I have no idea what any of this means or what I need to do next. Help please.
James L. Peacock