[Jayu]

Hi Dave,

I see the New Thread button now....sorry, I must have in the panic mode right now! Do you think the malware/ spyware/ whatever ware affects the Outlook as well (cannot send/ receive emails and too long then crash) and also cannot open webpage (error must be closed kinda thing). What should I delete from the logfile? Thx & God bless.

[Hybr!d]

Please post the log file here.

[Jayu]

Hi Dave,

This is for the comp that has Outlook problem...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.3721.com/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SideStep Browser Helper - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: 3721CMail - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - C:\PROGRA~1\3721\Ces\cesweb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A1626E66-B26B-C628-A1DF-BDACCFA26EE1} - C:\Program Files\Common Files\Relive.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll
O2 - BHO: (no name) - {D7515C61-A66C-4319-A0E0-D416CB8059E3} - C:\Program Files\Common Files\Relive.dll
O2 - BHO: (no name) - {E3616E66-C13B-2628-2CDF-EDABCFA235E1} - C:\Program Files\Common Files\Relive.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [ztsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\ztso.exe
O4 - HKLM\..\Run: [mhsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\mhso.exe
O4 - HKLM\..\Run: [fysa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\fyso.exe
O4 - HKLM\..\Run: [jtsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\jtso.exe
O4 - HKLM\..\Run: [wlsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wlso.exe
O4 - HKLM\..\Run: [wgsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wgso.exe
O4 - HKLM\..\Run: [wmsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wmso.exe
O4 - HKLM\..\Run: [qjsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\qjso.exe
O4 - HKLM\..\Run: [rxsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\rxso.exe
O4 - HKLM\..\Run: [wdsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wdso.exe
O4 - HKLM\..\Run: [tlsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\tlso.exe
O4 - HKLM\..\Run: [dasa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\daso.exe
O4 - HKLM\..\Run: [zxsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\zxso.exe
O4 - HKLM\..\Run: [aslkgadlkgsl1] C:\WINDOWS\system32\oigdfgdfl1.exe
O4 - HKLM\..\Run: [asgfdjs2] C:\WINDOWS\system32\vbsdaas2.exe
O4 - HKLM\..\Run: [askasdkcl3] C:\WINDOWS\system32\faskflxld3.exe
O4 - HKLM\..\Run: [asfkafsk4] C:\WINDOWS\system32\fdaolfdos4.exe
O4 - HKLM\..\Run: [sakdasksd5] C:\WINDOWS\system32\eksdlfs5.exe
O4 - HKLM\..\Run: [daskaskfsak6] C:\WINDOWS\system32\dsfids6.exe
O4 - HKLM\..\Run: [xcxdsaa7] C:\WINDOWS\system32\slcskxsdl7.exe
O4 - HKLM\..\Run: [afskfask8] C:\WINDOWS\system32\fsfjasj8.exe
O4 - HKLM\..\Run: [akgkagaksad9] C:\WINDOWS\system32\fsakfask9.exe
O4 - HKLM\..\Run: [xzkadsfk10] C:\WINDOWS\system32\afslkfasl10.exe
O4 - HKLM\..\Run: [faslkakj11] C:\WINDOWS\system32\kjgagklj11.exe
O4 - HKLM\..\Run: [gadkgak12] C:\WINDOWS\system32\fsafsakx12.exe
O4 - HKLM\..\Run: [asdsaxcxz13] C:\WINDOWS\system32\dasxcsx13.exe
O4 - HKLM\..\Run: [dsadlsa14] C:\WINDOWS\system32\dsakfsak14.exe
O4 - HKLM\..\Run: [daskgfkkcx15] C:\WINDOWS\system32\dasdsaads15.exe
O4 - HKLM\..\Run: [sakdasj6ksd5] C:\WINDOWS\system32\e656lklfs5.exe
O4 - HKLM\..\Run: [apadslasla13] C:\WINDOWS\system32\alsdlaslx13.exe
O4 - HKLM\..\Run: [gajklgasjlkga] C:\WINDOWS\system32\aglajgkd16.exe
O4 - HKLM\..\Run: [AVPMH] C:\WINDOWS\system32\AVPMH.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\Program Files\Internet Explorer\RAVQJMON.exe
O4 - HKLM\..\Run: [RAVZTMON] C:\Program Files\Internet Explorer\RAVZTMON.exe
O4 - HKLM\..\Run: [AVPZX] C:\WINDOWS\Fonts\AVPZX.exe
O4 - HKLM\..\Run: [AVPDH] C:\WINDOWS\system32\AVPDH.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [AVPWD] C:\WINDOWS\system32\AVPWD.exe
O4 - HKLM\..\Run: [AVPWL] C:\WINDOWS\system32\AVPWL.exe
O4 - HKLM\..\Run: [RAVJZMON] C:\Program Files\Internet Explorer\RAVJZMON.exe
O4 - HKLM\..\Run: [WinForm] C:\WINDOWS\WinForm.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [RAVWDMON] C:\Program Files\Internet Explorer\RAVWDMON.exe
O4 - HKLM\..\Run: [RAV00A0] C:\WINDOWS\system32\RAV00A0.exe
O4 - HKLM\..\Run: [RAVWLMON] C:\Program Files\Internet Explorer\RAVWLMON.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: 3721CMail - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://sterlingstone.dipmap.com:85/c...ecker_6100.cab
O16 - DPF: {538FDFF9-E76D-490A-96E6-DC5BE86E27CA} (Export.ctlExport) - http://intra.strongjewel.com/strong/.../prjExport.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094063150316
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://sterlingstone.dipmap.com:85/c...dFile_6100.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?319
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mydpri.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Jayu]

Hi Dave,

Howcome the logfile doesn't show here? Another comp is having problem with webpages...they all push me to the edge. I want to bury my head in the sand right now actually. Do I have to notify the admin why the logfile doesn't show up?

[evilfantasy]

Incomplete log.

[Hybr!d]

New users cannot post live links to combat spam.

I am the admin here, i have just validated the post.

Also, calm down mate, these things take time and I'd advise to do one PC at a time.

How many PCs do you have?

[Jayu]

Hi evilFantasy,

Finally the logfile showed up...what do you mean incomplete? That's from the HJT logfile....the problem is with outlook (cannot receive/ send emails, very very long then crash). The other comp problem is with opening webpages (error must be closed program). Thx so much, please let me know what to do....

[Jayu]

O sorry Dave,

It's because they call me up & down the stair....one problem after another, I just got here (for God sake). Well, I think there're about 12 maybe 3 more, but the network not stable, so I could not see all of them right now. Thx a bunch guys, my fingers r sweating a bit.

[Hybr!d]

12 PCs?

Yikes.

Looks like you have a few busy days EF!

On another note feel free to make a donation.

This site is primarily intended to help the standalone home user, not big business.

Fixing 12 machines is pushing it a bit.

[evilfantasy]

The log is missing the top part. It should start with Logfile of Trend Micro HijackThis v2.0.2

Also, HijackThis (HJT) logs are a tool to help identify potential problems. It is not a cure for spyware and virus. Simply deleting the entries is the first step in getting rid of the problem. Your other two posts are not completed and the problems are likely to come right back unless followed through with additional instruction. I understand your at work and time is at at premium. But unless all steps are followed through the problems will continue.