iv got problems with my computer cant get norton to work at all and lots of other stuff plus that anoying www.v73.us thing as well please help here is my hijackthis log

Logfile of HijackThis v1.99.0
Scan saved at 23:44:21, on 27/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Documents and Settings\phil\Desktop\true crime la\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 62.252.192.10:8080
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msxmidi.exe
O1 - Hosts: 65.125.226.82 www.cnn.com
O1 - Hosts: 65.125.226.82 www.infospace.com
O1 - Hosts: 65.125.226.82 www.mail.com
O1 - Hosts: 65.125.226.82 www.hotmail.com
O1 - Hosts: 65.125.226.82 www.gg.com
O1 - Hosts: 65.125.226.82 www.gmail.com
O1 - Hosts: 65.125.226.82 www.icq.com
O1 - Hosts: 65.125.226.82 www.norton.com
O1 - Hosts: 65.125.226.85 www.worldsex.com
O1 - Hosts: 65.125.226.85 www.al4a.com
O1 - Hosts: 65.125.226.85 www.book-mark.net
O1 - Hosts: 65.125.226.85 www.call-kelly.com
O1 - Hosts: 65.125.226.85 www.sleazydream.com
O1 - Hosts: 65.125.226.85 www.amplandmovies.com
O1 - Hosts: 65.125.226.85 www.mature-post.com
O1 - Hosts: 65.125.226.82 lycos.com
O1 - Hosts: 65.125.226.82 cnn.com
O1 - Hosts: 65.125.226.82 infospace.com
O1 - Hosts: 65.125.226.82 mail.com
O1 - Hosts: 65.125.226.82 hotmail.com
O1 - Hosts: 65.125.226.82 gg.com
O1 - Hosts: 65.125.226.82 gmail.com
O1 - Hosts: 65.125.226.82 icq.com
O1 - Hosts: 65.125.226.82 norton.com
O1 - Hosts: 65.125.226.82 microsoft.com
O1 - Hosts: 65.125.226.85 book-mark.net
O1 - Hosts: 65.125.226.85 call-kelly.com
O1 - Hosts: 65.125.226.85 sleazydream.com
O1 - Hosts: 65.125.226.85 amplandmovies.com
O1 - Hosts: 65.125.226.85 mature-post.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: hpdj - Unknown - C:\DOCUME~1\phil\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj3500 - Unknown - C:\DOCUME~1\phil\LOCALS~1\Temp\hpdj3500.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Create a folder on the C: drive called C:\HJT
Go to My Computer (Windows key+e)
Double click on C:
then right click and select New > Folder
Name it HJT and unzip your copy of HJT to it for future use.


Please download Crap Cleaner for use later on.

Download and run CWShredder.
Close all windows & browsers
click Fix (not just 'Scan Only'),
Let it fix everything it finds.


Download and run Ad-Aware SE (for best results, configure as per tutorial link in my signature).


Close all windows and browsers, run HJT again and check mark the following:-

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/sarch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.htm

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msxmidi.exe
O1 - Hosts: 65.125.226.82 www.cnn.com
O1 - Hosts: 65.125.226.82 www.infospace.com
O1 - Hosts: 65.125.226.82 www.mail.com
O1 - Hosts: 65.125.226.82 www.hotmail.com
O1 - Hosts: 65.125.226.82 www.gg.com
O1 - Hosts: 65.125.226.82 www.gmail.com
O1 - Hosts: 65.125.226.82 www.icq.com
O1 - Hosts: 65.125.226.82 www.norton.com
O1 - Hosts: 65.125.226.85 www.worldsex.com
O1 - Hosts: 65.125.226.85 www.al4a.com
O1 - Hosts: 65.125.226.85 www.book-mark.net
O1 - Hosts: 65.125.226.85 www.call-kelly.com
O1 - Hosts: 65.125.226.85 www.sleazydream.com
O1 - Hosts: 65.125.226.85 www.amplandmovies.com
O1 - Hosts: 65.125.226.85 www.mature-post.com
O1 - Hosts: 65.125.226.82 lycos.com
O1 - Hosts: 65.125.226.82 cnn.com
O1 - Hosts: 65.125.226.82 infospace.com
O1 - Hosts: 65.125.226.82 mail.com
O1 - Hosts: 65.125.226.82 hotmail.com
O1 - Hosts: 65.125.226.82 gg.com
O1 - Hosts: 65.125.226.82 gmail.com
O1 - Hosts: 65.125.226.82 icq.com
O1 - Hosts: 65.125.226.82 norton.com
O1 - Hosts: 65.125.226.82 microsoft.com
O1 - Hosts: 65.125.226.85 book-mark.net
O1 - Hosts: 65.125.226.85 call-kelly.com
O1 - Hosts: 65.125.226.85 sleazydream.com
O1 - Hosts: 65.125.226.85 amplandmovies.com
O1 - Hosts: 65.125.226.85 mature-post.com
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O23 - Service: hpdj - Unknown - C:\DOCUME~1\phil\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj3500 - Unknown - C:\DOCUME~1\phil\LOCALS~1\Temp\hpdj3500.exe (file missing


Click FIX CHECKED



Set Windows to 'Show all files & folders'.
Click Start > My Computer> Tools> Folder Options>
On the View tab make sure that you:-
Select 'Show Hidden Files & Folders'
Uncheck 'Hide file extensions for known file types'.
Uncheck 'Hide protected operating system files'.
Click OK.


Reboot into Safe Mode.
Tap F8 repeatedly when your machine starts to boot up.
Select 'Safe Mode' from the options that appear.


Go to C:\WINDOWS and delete msxmidi.exe


Open HijackThis again
Click on 'Config' (bottom right) > Misc Tools > Open Host Files Manager
Then click on 'Open in Notepad'
Delete everything inside apart from 127.0.0.1 Localhost
Then on the notepad menu click File > Save
Exit HijackThis.


Now run Crap Cleaner with the default settings.
This will clean out all your cache, temp files, temporary internet files, cookies and more.


Reboot your machine normally.


Please go to
Windows Updates and download Service Pack 2 and ALL Critical Updates.


Then post a fresh log letting me know how things are running.

thanks hjm for helping iv done everything you said but the crazywinnings entry wont go away from hijack this log no mater haw many times i fix it and also i cant get winxp sp2 becouse it just blue screen crashes my computer when ever i install it but how is this log looking

Logfile of HijackThis v1.99.0
Scan saved at 01:38:00, on 30/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Y!TunnelBasic V1.3 Build 244\YTunnelBasic.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 62.252.192.10:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

also hjm i not sure about these two ip adresses thay are not in the range of my ntl ip adress


O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)

Could you please download DelDomains.zip and unzip it to your desktop.

Right click the DelDomains.inf file inside and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute then reboot your PC and post a fresh Hijack This log.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

thanks again for helping hjm here is my new hijackthis log


Logfile of HijackThis v1.99.0
Scan saved at 23:17:44, on 30/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 62.252.192.10:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

That's a clean log now.

Go to Windows Update and download Service Pack 2 and ALL New Critical Updates.



I recommend you also download these free progams to protect yourself in the future:


SpywareBlaster
Protects against bad ActiveX and prevents Spyware being installed in the first place.
Check for updates once a fortnight.

SpywareGuard
Will alert you to any attempted change to your browser settings and acts like an
anti-virus program but for Spyware. It will also alert you if you download anything
untoward.

IE-SPYAD
Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.


* Keep your anti virus software updated and scan weekly with Spybot and Ad-Aware.

**Once SP2 is installed, remember to switch off the new SP2 firewall which comes bundled with it. Otherwise it may conflict with Zone Alarm if left activated (Control Panel> Security Centre).


Happy New Year

thanks again hjm but xp sp2 will not install and stay stable it allways crashess my computer out to the blue screen of death so is there any other way of protecting what ever xp sp2 protects i was told that sp2 was just a securty update if so then there should be better programs that can do that job and dont for get we all have to get sp2 becouse microsoft left so many holes in sp1 then how can we relie on them again i know id rather in stall alternative software please let me know what to down load im not botherd if its free or not i will get it if it does the job and thanks again for helping me also how can we normal people know what are bad files that hijack this list for next time im infected is there some kind of refrence list or something

No matter what you do, there is nothing that can replace Windows security updates.

Other software you install protects your system, but its useless without the Operating System being patched with the latest updates. You see these patches or service packs will replace Windows files with flaws in them. These files are usually constantly loaded and crucial for ensure your OS runs correctly and will not run without them. It is therefore a great security risk because they are always there.

becouse microsoft left so many holes in sp1 then how can we relie on them again i know id rather in stall alternative software

I'm afraid if you want alternative software, then uninstall Windows and download Linux or Mac or another Operating Systen because thats the only alternative software you'll get if you can't rely on Microsoft for this case.