cturnbow
asked on
connect to internet after running AntiSpyware
This past weekend I was in a location where dial-up was the only option...doing so blasted my PC with spyware. I have Microsoft AntiSpyware, Symantec and WinPatrol running and they seemed to catch all of them before they started running, however I had lots of clean up to do after disconnecting. Now that I'm home with high speed, I cannot connect to the internet. I've tried to do a System Restore (btw, I'm running XP), but they all fail. When I startup my PC I get a pop-up "Windows cannot find 'smsse.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
Can anyone help?
Can anyone help?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here's the Hijackthis log. Thank you for your help!!
Logfile of HijackThis v1.99.1
Scan saved at 6:46:57 AM, on 3/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\userin
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
C:\Documents and Settings\Cole.D.Turnbow\De
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
F2 - REG:system.ini: UserInit=userinit.exe,user
O1 - Hosts: 199.200.22.97 AMRXM1105
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Secu
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPA
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.e
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSui
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\zvrlm.
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\W
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Groove Virtual Office.lnk = C:\Program Files\Groove Networks\Groove\Bin\Groove
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.accenture.com (HKLM)
O16 - DPF: PowerBuilder DW Control & JDBC - https://directaccess.billing.com/daweb/downloads/Psdwc80.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-C
O16 - DPF: {2E28242B-A689-11D4-80F2-0
O16 - DPF: {2F175895-5819-4014-83BF-3
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-7
O16 - DPF: {640B39C1-D713-464F-92C3-7
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {82774781-8F4E-11D1-AB1C-0
O16 - DPF: {AF9A1421-E128-4D5F-A37E-0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLog
O21 - SSODL: mtklefap - {C815FA9D-1B7C-463B-F3AB-7
O21 - SSODL: mtkle - {636EF064-658D-4574-20AA-5
O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.e
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMAN
O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\Groove
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\Groove
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\
O23 - Service: Accenture Media Viewer (MediaViewer) - - c:\program files\firm applications\media viewer\services\streamview
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMAN
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv3
Logfile of HijackThis v1.99.1
Scan saved at 6:46:57 AM, on 3/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\userin
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
C:\Documents and Settings\Cole.D.Turnbow\De
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
F2 - REG:system.ini: UserInit=userinit.exe,user
O1 - Hosts: 199.200.22.97 AMRXM1105
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Secu
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPA
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.e
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSui
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\zvrlm.
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\W
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Groove Virtual Office.lnk = C:\Program Files\Groove Networks\Groove\Bin\Groove
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtrac
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.accenture.com (HKLM)
O16 - DPF: PowerBuilder DW Control & JDBC - https://directaccess.billing.com/daweb/downloads/Psdwc80.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-C
O16 - DPF: {2E28242B-A689-11D4-80F2-0
O16 - DPF: {2F175895-5819-4014-83BF-3
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-7
O16 - DPF: {640B39C1-D713-464F-92C3-7
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {82774781-8F4E-11D1-AB1C-0
O16 - DPF: {AF9A1421-E128-4D5F-A37E-0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLog
O21 - SSODL: mtklefap - {C815FA9D-1B7C-463B-F3AB-7
O21 - SSODL: mtkle - {636EF064-658D-4574-20AA-5
O23 - Service: ACNUSvc - - c:\program files\acnu\acnupdatersvc.e
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMAN
O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\Groove
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\Groove
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\
O23 - Service: Accenture Media Viewer (MediaViewer) - - c:\program files\firm applications\media viewer\services\streamview
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMAN
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv3
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran the winsock fix and that didn't do the trick. The strange thing is that sometimes when I reboot...AIM will be able to startup, but then after the rest of my startup programs get running, AIM and the internet are not accessable. I'll go post the log. Please let me know if you have any other thoughts on what in the startup could be cutting off my internet.
Thanks!
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Spybot = several hits...most were fixed, those registry items that couldn't be fixed, I deleted
reran Spybot = clean
MS AntiSpyware = clean
Ad-Aware = lots of items, all cleaned
CWshredder = found nothing
sscan on Trendmicro = several things that are now cleaned
Still not able to get to internet out of Safe mode. Will run Hijackthis and submit log next.