submitting hijack this log for perusal - please advise

here is my latest hijack this log - please let me know what to delete. i've deleted cws (i've run s&d, adaware, and cwshredder) but it keeps coming back - how do i get rid of it once and for all? thank you for your help.

Logfile of HijackThis v1.97.7
Scan saved at 2:29:33 AM, on 6/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://go.microsoft.com/fwlink/?prd=10920&pver=5.1&plcid=0x409&ar=AppCompatVendors&sar=AppHelpVendor&o1=304
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Owner\Application Data\sysad\sysad32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultChk] C:\WINDOWS\System32\sms.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0a\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/threatinfo/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8407C494-8069-4EEC-B4A0-4ACFFD88B9F7}: NameServer = 216.194.28.33 216.194.28.69

(end log)

 

Hmmm, looks like you've got the about:blank hijack. I can't personally vouch for this removal procedure but I trust the site completely. Go thru this 1st and then rerun HJT and do the lines below if they're still there.
http://www.spywareinfo.com/forums/index.php?showtopic=43492&st=30&#entry219322


If you don't recognize this fix it:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://go.microsoft.com/fwlink/?prd...lpVendor&o1=304

I don't know what 'sysad' is, if you recognize it as something you want/need leave it alone, otherwise fix it:
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Owner\Application Data\sysad\sysad32.dll

Fix these unless you've set Spybot to lock your settings:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

And you might consider dumping Roxio for Nero, Easy CD Creator can cause all kinds of problems in XP

Post back and let us know how the about:blank fix worked, and welcome to MG

 

oops, I almost missed this:
O4 - HKLM\..\Run: [KernelFaultChk] C:\WINDOWS\System32\sms.exe

That's from the Deadhat worm. Is your McAfee AV updated to the latest definitions? The online scanner here should kill it:
http://housecall.trendmicro.com

Or there are manual removal instructions here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html

 

Good catch on the Wild Tangent, chas. Agree completely. He can remove it but if he visits the same online gaming site again he will just have to reinstall it to play. Your call on that one houndog.


On the ps2 I think it's harmless since he's got an HP comp, going on this info:
http://www.liutilities.com/products/wintaskspro/processlibrary/ps2/

 

No prob

 

hi, and thank you for your help

i had ht fix the files you reccomended:
O4 - HKLM\..\Run: [KernelFaultChk] C:\WINDOWS\System32\sms.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://go.microsoft.com/fwlink/?prd...lpVendor&o1=304

IO2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Owner\Application Data\sysad\sysad32.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

i also started to follow the instructions at:
http://www.spywareinfo.com/forums/i...30&#entry219322

i downloaded reglite and looked in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
as they suggested, but applinit_dlls did not show up - so i don't know which dll file to delete.

i also tried having ht delete/fix all the about blank files, but they mysteriously reappear after reboot, and my browser still points to: res://mshp.dll/index.html#37049 when i open it. is the mshp.dll the dll i need to delete? and do i need to do that in safe mode (i've never run in safe mode before...don't know how...) it seems to reside in my c:/windows directory

i've been getting pop ups from 'only the best' recently as well - they seem to have found a way around my google pop up blocker.

so, not sure what my next step is - please advise.

thank you,

houndog


http://www.majorgeeks.com/vb/images/buttons/reply_small.gif http://www.majorgeeks.com/vb/images/buttons/quickreply.gif
alancView Public ProfileChallenge alanc in the ArcadeSend a private message to alancFind all posts by alancAdd alanc to Your Buddy List

#2 http://www.majorgeeks.com/vb/images/buttons/report.gif
http://www.majorgeeks.com/vb/images/statusicon/post_new.gif Today, 02:59
http://www.majorgeeks.com/vb/image.php?u=8323&dateline=1069925198alanc http://www.majorgeeks.com/vb/images/statusicon/user_offline.gif vbmenu_register("postmenu_359409", true);
Major Geek
Join Date: Sep 2003
Location: Dark side of the moon
Posts: 1,959


http://www.majorgeeks.com/vb/images/icons/icon1.gif Re: submitting hijack this log for perusal - please advise
Hmmm, looks like you've got the about:blank hijack. I can't personally vouch for this removal procedure but I trust the site completely. Go thru this 1st and then rerun HJT and do the lines below if they're still there.
http://www.spywareinfo.com/forums/i...30&#entry219322


If you don't recognize this fix it:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://go.microsoft.com/fwlink/?prd...lpVendor&o1=304

I don't know what 'sysad' is, if you recognize it as something you want/need leave it alone, otherwise fix it:
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Owner\Application Data\sysad\sysad32.dll

Fix these unless you've set Spybot to lock your settings:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

And you might consider dumping Roxio for Nero, Easy CD Creator can cause all kinds of problems in XP

Post back and let us know how the about:blank fix worked, and welcome to MG


​

 

Then those directions obviously don't work, must be multiple flavors of that hijack.
Have you updated Ad-aware and Spybot? If not do that, Ad-aware recently added about:blank to it's ref file database.

There are directions here for that:
http://www.pchell.com/support/lookfor.shtml

Go thru that and then post another HJT log, and make sure you disable System Restore and reboot to get rid of infected restore points.

 

i updated Ad-aware and followed the instrucitons at: http://www.pchell.com/support/lookfor.shtml

and all seems popup free and browser unhijacked! thank you so much!

houndog

 

Way to go houndog, glad you got it sorted
Recommend using SpywareBlaster, Spybot's immunize feature, and visiting Windows Update for all critical updates to prevent it from happening again.


Pretty alarming stuff at that link Chas, if it's true...

 

Help please. I feel like you all have given me a degree, but I am still obviuosly missing something.

I have ran all the programs as suggested:

hijachthis
spybot
cwshredder

I am attaching logs after running hijack this. I delete everything and then it seems as though when I run google or just even go to ie options to change default page (and don't even do anything) I get reset back to a *.dll page. If I leave it "about:blank" and surf it is fine. WHen I go back in and do another hijack run I get *.dll files and a BOH that I think is killing me. I cannot get rid of the BOH file and I think it is the culprit. Tried renaming and that did not work either.

Here is before file:

Logfile of HijackThis v1.97.7
Scan saved at 1:29:46 PM, on 6/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\mspf32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXMOD32.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lime_Shop\Limeshop0.exe
C:\WINDOWS\System32\xiznvw.exe
C:\WINDOWS\system32\sdkic32.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Lime_Shop\Limeshop1.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Jeff\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\System32\avicap.exe
O2 - BHO: (no name) - {F0E2EB4B-54D0-6F5F-BFD0-1254D3F4D787} - C:\WINDOWS\system32\ntlm.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [sdkic32.exe] C:\WINDOWS\system32\sdkic32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [avicap] C:\WINDOWS\System32\avicap.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


then I after going back to google or just going to ie options page here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 1:33:03 PM, on 6/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\mspf32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXMOD32.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lime_Shop\Limeshop0.exe
C:\WINDOWS\System32\xiznvw.exe
C:\WINDOWS\system32\sdkic32.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Lime_Shop\Limeshop1.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Jeff\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\System32\avicap.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vsilc.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vsilc.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vsilc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vsilc.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vsilc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vsilc.dll/sp.html#96676
O2 - BHO: (no name) - {F0E2EB4B-54D0-6F5F-BFD0-1254D3F4D787} - C:\WINDOWS\system32\ntlm.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [sdkic32.exe] C:\WINDOWS\system32\sdkic32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [avicap] C:\WINDOWS\System32\avicap.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


Help PLEASE!!!!!