1rst time using hijackthis........
-
1rst time using hijackthis........
umm I recognize 
some of these files.... but im really not sure which ones are good files and which one actually are bugs. 
..... the adware and spyware slowing my connection to a halt at times 
...any help would be greatly appreciated........
Logfile of HijackThis v1.99.1
Scan saved at 9:06:51 PM, on 7/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\dfndrd_5.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\{20DDFB92-0A1E-1033-1016-030224200001}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\COMMON~1\zmmf\zmmfa.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\IA\command.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\OWNER~1.JOH\LOCALS~1\Temp\~AceTemp\hij ackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uskqp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fortadl. exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [zmmf] C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: msconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151378723015
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\d6j00g1me6.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Welcome, I bet you are banging your head on your keyboard, that is one infected computer. So let's get started and see if we can save it.
Please download Look2Me-Remover.exe by Atribune to your desktop.- Close all windows before continuing.
- Double-click Look2Me-Remover.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
- When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX
-
in between the looktome scan and removal i got an error75? and then it wouldnt ley me copy the log..... but heres the highjackthis log......btw... my taskmanager just stoppped working...and i cant access it through alt-ctrl-delete or anywhere else.......
Logfile of HijackThis v1.99.1
Scan saved at 11:51:36 PM, on 7/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\dfndrd_5.exe
C:\nwnmd_5.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\{20DDFB92-0A1E-1033-1016-030224200001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\IA\command.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\COMMON~1\zmmf\zmmfa.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\cfg32a.exe
C:\DOCUME~1\OWNER~1.JOH\LOCALS~1\Temp\~AceTemp\hij ackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uskqp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fortadl. exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [zmmf] C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: msconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151378723015
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Next Step:
Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C
or whatever your primary drive is - Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
- Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
- Place qoofix.bat in your C:\BFU - folder. (Important!)
- Doubleclick qooFix.bat, Close all browsers and explorer folders.
- Choose option 1 (Qoolfix autofix) and follow the prompts.
- Please be patient, it will take about five minutes.
- After the PC has restarted please post another hijackthis log.
-
hope i got it all..
heres the log....
btw thanx for all the help man...
Logfile of HijackThis v1.99.1
Scan saved at 4:48:15 PM, on 7/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\dfndrd_5.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\nwnmd_5.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\{20DDFB92-0A1E-1033-1016-030224200001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\zmmf\zmmfa.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\IA\command.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\temp\ADSpywareRemovalDestruction\HijackThis.exe
C:\WINDOWS\System32\WgaTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fortadl. exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [dbxepv] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [zmmf] C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [axefq] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: msconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151378723015
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
ok this is getting really frustrating.. thoguth i had it cleaned out but apparently the trojans and adware persist...
i know ive got a the project1 trojan.... c:\dfndrd_5.exe but it says access is denied to delete the file??.. and i was trying to customize my settings on zone alarm and im trying to figure out what the heck the following file are.. ive searched the net and cant fins info on them..
zmmfl.exe
zmmfa.exe
mptft.exe
ejtmpx.exe
and
command.exe
ive already cleaned so heres my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 2:46:57 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\dfndrd_5.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\nwnmd_5.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\{20DDFB92-0A1E-1033-1016-030224200001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\zmmf\zmmfa.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\IA\command.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\temp\ADSpywareRemovalDestruction\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uskqp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fortadl. exe
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [dbxepv] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [zmmf] C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [axefq] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151378723015
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
my heads starting to get sore....
but the plus side is my keyboard is now ergonomic..........
-
Everything is still there so something is preventing us cleaning.
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:- Run Spybot-S&D
- Go to the Mode menu, and make sure "Advanced Mode" is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.
Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
Download and install
Ewido anti-spyware
4.0 (uninstall any previous version first).- Click the Download BUTTON. On the next page click the
Download now BUTTON. - Save and then install (Run) from the save location.
- Open/Run ewido anti-spyware
- Wait a few moments and Ewido should Auto update itself (note date of last
update). If it doesn't update, click the update ICON at top of
screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST
updates
- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive
(ONLY consider activation of that feature once you are
clean)
- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions
and choose Quarantine
Close ALL open Windows / Programs / Folders. Please start
Ewido, and run a full scan:
- Click on the default Status ICON and select
the Scan now LINK.
OR
- Click on the Scanner ICON . Select the Scan
TAB.
- Select Complete System Scan. Ewido will now begin to scan your
system.
- If Ewido finds anything it will list them in the Preview WINDOW:
- Make sure that Set all elements to: shows
Quarantine, if not click on the link and choose
Quarantine from the popup menu. - Select Apply all actions at the bottom of the window (and the
items found will be quarantined - and recoverable, if any items are needed
back).
- When the scan has completed, click on the Save Scan Report button
and save the scan to your Desktop where it can be easily found. - Copy and paste the EWIDO scan results into your next
post. - Close Ewido.
Then go back to post #4 and do that again please.
-
grrr.... well its better then reformatting.. i dont have that many discs or that much time....
again thank you for the help.... 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:03:05 AM 7/13/2006
+ Scan result:
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : No action taken.
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32r.dll -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32s.dll -> Adware.BookedSpace : No action taken.
C:\Program Files\CSBB\CSBB.DLL -> Adware.ClearSearch : No action taken.
C:\Program Files\CSBB\csAOLldr.exe -> Adware.ClearSearch : No action taken.
C:\WINDOWS\IA\__delete_on_reboot__a_s_a_p_p_s_r_v_ ._d_l_l_ -> Adware.CommAd : No action taken.
C:\WINDOWS\IA\__delete_on_reboot__c_o_m_m_a_n_d_._ e_x_e_ -> Adware.CommAd : No action taken.
[1196] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1260] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1544] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1552] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1560] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1568] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1576] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1600] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1608] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1628] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1652] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1660] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1700] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1728] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1736] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1744] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1752] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1928] C:\WINDOWS\IA\command.exe -> Adware.CommAd : No action taken.
[1956] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[232] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[4048] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\dkw79E6.tmp.tst -> Adware.EliteBar : No action taken.
C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll -> Adware.Gator : No action taken.
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\mitE9.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\mitE9.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temporary Internet Files\Content.IE5\0TI7W9AJ\mirar[1].exe -> Adware.NetNucleus : No action taken.
C:\WINDOWS\mirar.exe -> Adware.NetNucleus : No action taken.
C:\NNSCAA638.EXE -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
C:\Program Files\SearchRelevancy -> Adware.Relevance : No action taken.
C:\Program Files\SearchRelevancy\SearchRelevancy.xml -> Adware.Relevance : No action taken.
C:\Program Files\SearchRelevancy\uninstall.exe -> Adware.Relevance : No action taken.
C:\Program Files\SideFind -> Adware.SideFind : No action taken.
C:\Program Files\SideFind\update -> Adware.SideFind : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Local Settings\Temp\da561.tmp -> Adware.SurfSide : No action taken.
C:\Program Files\TV Media\TvmCore.dll -> Adware.TotalVelocity : No action taken.
C:\Documents and Settings\jody\Local Settings\Temporary Internet Files\Content.IE5\09EBWH2N\whCC-GIANT[1].exe/WhAgent.exe -> Adware.WebHancer : No action taken.
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : No action taken.
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : No action taken.
C:\Program Files\Windows TaskAd\Info.txt -> Adware.WinTaskAd : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\rpootsoq.exe -> Downloader.Small.cpg : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\tweitzni.exe -> Downloader.Small.cpg : No action taken.
C:\nj.exe -> Downloader.Small.cpg : No action taken.
C:\626_101new.exe -> Dropper.Agent.mu : No action taken.
C:\counter.cab/counter.exe -> Dropper.Small.ls : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Local Settings\Temp\C6A553.tmp/mptft.exe -> Hijacker.StartPage.ajj : No action taken.
C:\Documents and Settings\jody\Local Settings\Temporary Internet Files\Content.IE5\0HAJCDAJ\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : No action taken.
C:\Documents and Settings\jody\Cookies\jody@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@pch.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tahitiannoniintl.122.2o 7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@7search[1].txt -> TrackingCookie.7search : No action taken.
C:\Documents and Settings\jody\Cookies\jody@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\jody\Cookies\jody@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\jody\Cookies\jody@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\jody\Cookies\jody@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\jody\Cookies\jody@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\jody\Cookies\jody@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\jody\Cookies\jody@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\jody\Cookies\jody@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\jody\Cookies\jody@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\jody\Cookies\jody@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\jody\Cookies\jody@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\jody\Cookies\jody@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\jody\Cookies\jody@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\jody\Cookies\jody@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
C:\Documents and Settings\jody\Cookies\jody@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\jody\Cookies\jody@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\jody\Cookies\jody@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-ads.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-atariinc.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-boltmedia.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-rr.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-stampsdotcom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-vonage.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-wizardsofthecoast.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@hotlog[2].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\jody\Cookies\jody@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\jody\Cookies\jody@linksynergy[2].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\jody\Cookies\jody@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\jody\Cookies\jody@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\jody\Cookies\jody@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Cookies\owner@overtu re[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\jody\Cookies\jody@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\jody\Cookies\jody@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\jody\Cookies\jody@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\jody\Cookies\jody@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\jody\Cookies\jody@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\jody\Cookies\jody@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ads1.revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\jody\Cookies\jody@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\jody\Cookies\jody@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\jody\Cookies\jody@sexlist[1].txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@spylog[2].txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\jody\Cookies\jody@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\jody\Cookies\jody@try.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\jody\Cookies\jody@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\jody\Cookies\jody@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\jody\Cookies\jody@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\jody\Cookies\jody@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\jody\Cookies\jody@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\jody\Cookies\jody@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\jody\Cookies\jody@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\jody\Cookies\jody@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : No action taken.
C:\Documents and Settings\jody\Cookies\jody@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Cookies\owner@ad.yie ldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\jody\Cookies\jody@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\jody\Cookies\jody@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\System32ssec.exe -> Trojan.Runner.h : No action taken.
::Report end
and heres the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 1:07:04 AM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\{20DDFB92-0A1E-1033-1016-030224200001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\IA\command.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\temp\ADSpywareRemovalDestruction\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uskqp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fortadl. exe
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dbxepv] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [zmmf] C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - HKCU\..\Run: [axefq] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151378723015
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Go to Start > Run and type in Services.msc then click OK
Click the Extended tab.
Scroll down until you find Command Service (cmdService).
Click once on the service to highlight it.
Click Stop
Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on 'Disabled'
Click the 'Apply' tab, then click 'OK'
Next:
Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type Command Service (cmdService) and press OK. OK any prompts, close HijackThis, and restart your computer.
Please follow instructions for Ewido and quarantine everything it finds from safe mode below.
Did you do post#4 again? If not do that plese.
Remove Bearshare from add/remove program, reboot afterwards and p2p networking
After the above do this below:
Create a folder such as C:\HJT or C:\Program Files\HJT and move HJT.exe into the newly created folder so we can have avaiable backups in case you fix the wrong thing or I make a mistake. Very important.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"
Please download Brute Force Uninstaller to your desktop.- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not run the Uninstaller and the Remover yet.
Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.
- Launch ewido anti-spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system. Make sure to remember where you save that file.
Now close ewido anti-spyware..
Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press execute and let it do its job.
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Please run HijackThis, click Scan, and check the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uskqp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,fortadl. exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [dbxepv] C:\WINDOWS\System32\ejtmpx.exe reg_run
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [zmmf] C:\PROGRA~1\COMMON~1\zmmf\zmmfm.exe
O4 - HKCU\..\Run: [axefq] C:\WINDOWS\System32\ejtmpx.exe reg_run
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
Nothing open but hijackthis and click on fix checked.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
ALCXMNTR.EXE
p2pnetworking.exe
dfndrd_5.exe
kybrdd_5.exe
w57dc90a.dll
C:\WINDOWS\System32\ejtmpx.exe
C:\WINDOWS\System32\x3cqp0.dll
C:\WINDOWS\IA\command.exe
DELETE FOLDERS
C:\Program Files\BearShare
C:\PROGRAM files\COMMON Files\zmmf
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
Last edited by Neal; 13-07-2006 at 06:18 PM.
-
all right all steps were followed except for using safe mode.... for some reason my computer wont start in safe mode??
i rebooted several times in an attempt to get it to load but it seemed to freeze in safe mood at the bootscreen...
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:03:05 AM 7/13/2006
+ Scan result:
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : No action taken.
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32r.dll -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32s.dll -> Adware.BookedSpace : No action taken.
C:\Program Files\CSBB\CSBB.DLL -> Adware.ClearSearch : No action taken.
C:\Program Files\CSBB\csAOLldr.exe -> Adware.ClearSearch : No action taken.
C:\WINDOWS\IA\__delete_on_reboot__a_s_a_p_p_s_r_v_ ._d_l_l_ -> Adware.CommAd : No action taken.
C:\WINDOWS\IA\__delete_on_reboot__c_o_m_m_a_n_d_._ e_x_e_ -> Adware.CommAd : No action taken.
[1196] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1260] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1544] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1552] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1560] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1568] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1576] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1600] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1608] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1628] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1652] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1660] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1700] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1728] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1736] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1744] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1752] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[1928] C:\WINDOWS\IA\command.exe -> Adware.CommAd : No action taken.
[1956] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[232] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
[4048] C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\dkw79E6.tmp.tst -> Adware.EliteBar : No action taken.
C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll -> Adware.Gator : No action taken.
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\mitE9.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temp\mitE9.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\jody\Local Settings\Temporary Internet Files\Content.IE5\0TI7W9AJ\mirar[1].exe -> Adware.NetNucleus : No action taken.
C:\WINDOWS\mirar.exe -> Adware.NetNucleus : No action taken.
C:\NNSCAA638.EXE -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
C:\Program Files\SearchRelevancy -> Adware.Relevance : No action taken.
C:\Program Files\SearchRelevancy\SearchRelevancy.xml -> Adware.Relevance : No action taken.
C:\Program Files\SearchRelevancy\uninstall.exe -> Adware.Relevance : No action taken.
C:\Program Files\SideFind -> Adware.SideFind : No action taken.
C:\Program Files\SideFind\update -> Adware.SideFind : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Local Settings\Temp\da561.tmp -> Adware.SurfSide : No action taken.
C:\Program Files\TV Media\TvmCore.dll -> Adware.TotalVelocity : No action taken.
C:\Documents and Settings\jody\Local Settings\Temporary Internet Files\Content.IE5\09EBWH2N\whCC-GIANT[1].exe/WhAgent.exe -> Adware.WebHancer : No action taken.
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : No action taken.
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : No action taken.
C:\Program Files\Windows TaskAd\Info.txt -> Adware.WinTaskAd : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\rpootsoq.exe -> Downloader.Small.cpg : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\tweitzni.exe -> Downloader.Small.cpg : No action taken.
C:\nj.exe -> Downloader.Small.cpg : No action taken.
C:\626_101new.exe -> Dropper.Agent.mu : No action taken.
C:\counter.cab/counter.exe -> Dropper.Small.ls : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Local Settings\Temp\C6A553.tmp/mptft.exe -> Hijacker.StartPage.ajj : No action taken.
C:\Documents and Settings\jody\Local Settings\Temporary Internet Files\Content.IE5\0HAJCDAJ\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : No action taken.
C:\Documents and Settings\jody\Cookies\jody@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@pch.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tahitiannoniintl.122.2o 7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@7search[1].txt -> TrackingCookie.7search : No action taken.
C:\Documents and Settings\jody\Cookies\jody@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\jody\Cookies\jody@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\jody\Cookies\jody@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\jody\Cookies\jody@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\jody\Cookies\jody@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\jody\Cookies\jody@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\jody\Cookies\jody@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\jody\Cookies\jody@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\jody\Cookies\jody@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\jody\Cookies\jody@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\jody\Cookies\jody@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\jody\Cookies\jody@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\jody\Cookies\jody@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\jody\Cookies\jody@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
C:\Documents and Settings\jody\Cookies\jody@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\jody\Cookies\jody@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\jody\Cookies\jody@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-ads.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-atariinc.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-boltmedia.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-rr.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-stampsdotcom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-vonage.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg-wizardsofthecoast.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\jody\Cookies\jody@hotlog[2].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\jody\Cookies\jody@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\jody\Cookies\jody@linksynergy[2].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\jody\Cookies\jody@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\jody\Cookies\jody@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\jody\Cookies\jody@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Cookies\owner@overtu re[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\jody\Cookies\jody@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\jody\Cookies\jody@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\jody\Cookies\jody@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\jody\Cookies\jody@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\jody\Cookies\jody@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\jody\Cookies\jody@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\jody\Cookies\jody@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ads1.revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\jody\Cookies\jody@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\jody\Cookies\jody@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\jody\Cookies\jody@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\jody\Cookies\jody@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\jody\Cookies\jody@sexlist[1].txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\jody\Cookies\jody@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@spylog[2].txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\jody\Cookies\jody@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\jody\Cookies\jody@try.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\jody\Cookies\jody@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\jody\Cookies\jody@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\jody\Cookies\jody@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\jody\Cookies\jody@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\jody\Cookies\jody@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\jody\Cookies\jody@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\jody\Cookies\jody@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\jody\Cookies\jody@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\jody\Cookies\jody@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\jody\Cookies\jody@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : No action taken.
C:\Documents and Settings\jody\Cookies\jody@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Owner.JOHNNYMNEMONIC\Cookies\owner@ad.yie ldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\jody\Cookies\jody@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\jody\Cookies\jody@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Thorn\Cookies\thorn@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\jody\Cookies\jody@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\System32ssec.exe -> Trojan.Runner.h : No action taken.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 4:00:26 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{20DDFB92-0A1E-1033-1016-030224200001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\explorer.exe
C:\HJT and logs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iodadec3] RUNDLL32.EXE w57dc90a.dll,n 001adec20000000357dc90a
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151378723015
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Last edited by BanginHeadOnKeyboard; 14-07-2006 at 12:18 AM.
Newbie
