Post #1 HJT Log (too long for one post)

354 · 08-15-2005, 09:01 AM

Here is my HJT log. I have the SearchClick malware and Ad_Aware SE won't remove it.

Logfile of HijackThis v1.99.1
Scan saved at 2:43:24 AM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ipaj32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {FDC8ED78-97D9-350C-2852-74C9718542E6} - C:\WINDOWS\system32\d3vu.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\todd\LOCALS~1\Temp\app2.tmp
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ipoz.exe] C:\WINDOWS\system32\ipoz.exe
O4 - HKLM\..\Run: [mfcgi.exe] C:\WINDOWS\mfcgi.exe
O4 - HKLM\..\Run: [addkm32.exe] C:\WINDOWS\addkm32.exe
O4 - HKLM\..\Run: [sdkjz32.exe] C:\WINDOWS\sdkjz32.exe
O4 - HKLM\..\Run: [mfcda32.exe] C:\WINDOWS\mfcda32.exe
O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe
O4 - HKLM\..\Run: [sdkhc32.exe] C:\WINDOWS\sdkhc32.exe
O4 - HKLM\..\Run: [sysdo32.exe] C:\WINDOWS\sysdo32.exe
O4 - HKLM\..\Run: [ipaj32.exe] C:\WINDOWS\system32\ipaj32.exe
O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINDOWS\ipya.exe
O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\d3ki32.exe
O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\winmp.exe
O4 - HKLM\..\RunOnce: [sysao.exe] C:\WINDOWS\sysao.exe
O4 - HKLM\..\RunOnce: [ieyz.exe] C:\WINDOWS\system32\ieyz.exe
O4 - HKLM\..\RunOnce: [sysqf32.exe] C:\WINDOWS\system32\sysqf32.exe
O4 - HKLM\..\RunOnce: [netzn32.exe] C:\WINDOWS\system32\netzn32.exe
O4 - HKLM\..\RunOnce: [sdkmp.exe] C:\WINDOWS\sdkmp.exe
O4 - HKLM\..\RunOnce: [winkm32.exe] C:\WINDOWS\winkm32.exe
O4 - HKLM\..\RunOnce: [javajq.exe] C:\WINDOWS\javajq.exe
O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe
O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\ielg32.exe
O4 - HKLM\..\RunOnce: [sdkgv32.exe] C:\WINDOWS\sdkgv32.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\d3zs.exe
O4 - HKLM\..\RunOnce: [appso.exe] C:\WINDOWS\appso.exe
O4 - HKLM\..\RunOnce: [winny32.exe] C:\WINDOWS\system32\winny32.exe
O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\system32\mfcwl32.exe
O4 - HKLM\..\RunOnce: [appzo32.exe] C:\WINDOWS\appzo32.exe
O4 - HKLM\..\RunOnce: [msyc32.exe] C:\WINDOWS\system32\msyc32.exe
O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe
O4 - HKLM\..\RunOnce: [javaxf32.exe] C:\WINDOWS\javaxf32.exe
O4 - HKLM\..\RunOnce: [ntbh.exe] C:\WINDOWS\system32\ntbh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Moaa] C:\Documents and Settings\todd\Application Data\leea.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Reboot.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

354 · 08-15-2005, 09:02 AM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...etaStream3.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4c3f3c73/enter.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\chris.TCTI\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcti.org
O17 - HKLM\Software\..\Telephony: DomainName = tcti.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcti.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcti.org
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipya.exe" /s (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

**Buzz1927** · 08-15-2005, 09:23 AM

Use Internet Explorer once to download Firefox. Use Firefox to get online, as every time you use IE you'll get infected more and the log won't fit. I need to go out for a while, I'll post the fix later.

354 · 08-15-2005, 09:24 AM

Thanks, I'm going to bed now. I will look tomarrow. Thanks in advance.
Todd

**Buzz1927** · 08-15-2005, 02:45 PM

Hi Todd.

Download these programs.

CWShredder.
Aboutbuster.
Ewido.
Ccleaner.

Unzip them all to the desktop. Open Aboutbuster and check for updates, then close the program.
Then update Ewido. Don't run it yet.

Boot into safemode by tapping f8 on startup.

Once in safemode, hit start>run, type "services.msc". Scroll down to this service (make sure it has "helper" in it).
Remote Procedure Call (RPC) Helper

Hit "stop" and change the startup type to "disabled". Hit "apply" then "ok". Close the window.

Then run CWShredder and hit "Fix".

Then run Aboutbuster 2 times.

Then do a complete scan with Ewido. Remove all it finds.

Then run Hijackthis and put a check next to these lines (there may be more lines starting with "O4 - HKLM\..\RunOnce:", check them as well)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {FDC8ED78-97D9-350C-2852-74C9718542E6} - C:\WINDOWS\system32\d3vu.dll
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\todd\LOCALS~1\Temp\app2.tmp
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ipoz.exe] C:\WINDOWS\system32\ipoz.exe
O4 - HKLM\..\Run: [mfcgi.exe] C:\WINDOWS\mfcgi.exe
O4 - HKLM\..\Run: [addkm32.exe] C:\WINDOWS\addkm32.exe
O4 - HKLM\..\Run: [sdkjz32.exe] C:\WINDOWS\sdkjz32.exe
O4 - HKLM\..\Run: [mfcda32.exe] C:\WINDOWS\mfcda32.exe
O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe
O4 - HKLM\..\Run: [sdkhc32.exe] C:\WINDOWS\sdkhc32.exe
O4 - HKLM\..\Run: [sysdo32.exe] C:\WINDOWS\sysdo32.exe
O4 - HKLM\..\Run: [ipaj32.exe] C:\WINDOWS\system32\ipaj32.exe
O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINDOWS\ipya.exe
O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\d3ki32.exe
O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\winmp.exe
O4 - HKLM\..\RunOnce: [sysao.exe] C:\WINDOWS\sysao.exe
O4 - HKLM\..\RunOnce: [ieyz.exe] C:\WINDOWS\system32\ieyz.exe
O4 - HKLM\..\RunOnce: [sysqf32.exe] C:\WINDOWS\system32\sysqf32.exe
O4 - HKLM\..\RunOnce: [netzn32.exe] C:\WINDOWS\system32\netzn32.exe
O4 - HKLM\..\RunOnce: [sdkmp.exe] C:\WINDOWS\sdkmp.exe
O4 - HKLM\..\RunOnce: [winkm32.exe] C:\WINDOWS\winkm32.exe
O4 - HKLM\..\RunOnce: [javajq.exe] C:\WINDOWS\javajq.exe
O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe
O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\ielg32.exe
O4 - HKLM\..\RunOnce: [sdkgv32.exe] C:\WINDOWS\sdkgv32.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\d3zs.exe
O4 - HKLM\..\RunOnce: [appso.exe] C:\WINDOWS\appso.exe
O4 - HKLM\..\RunOnce: [winny32.exe] C:\WINDOWS\system32\winny32.exe
O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\system32\mfcwl32.exe
O4 - HKLM\..\RunOnce: [appzo32.exe] C:\WINDOWS\appzo32.exe
O4 - HKLM\..\RunOnce: [msyc32.exe] C:\WINDOWS\system32\msyc32.exe
O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe
O4 - HKLM\..\RunOnce: [javaxf32.exe] C:\WINDOWS\javaxf32.exe
O4 - HKLM\..\RunOnce: [ntbh.exe] C:\WINDOWS\system32\ntbh.exe
O4 - HKCU\..\Run: [Moaa] C:\Documents and Settings\todd\Application Data\leea.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipya.exe" /s (file missing).

Close all open windows and hit "Fix Checked".

Enable viewing of hidden files, and find and delete these files.

C:\WINDOWS\system32\ipaj32.exe
C:\Documents and Settings\todd\Application Data\leea.exe

Finally, run Ccleaner (under Internet Explorer and Firefox, uncheck "cookies", then in "Options>Advanced, uncheck "only delete files in windows temp folders older than 48 hours).

Then reboot to normal mode and post the new Hijackthis log.

354 · 08-15-2005, 08:19 PM

Hello Grim/Buzz,

I followed your directions best I could. My roomates printer is broken and I had to save screen shots of this post to MSWord and read it from there.

Anway ther is the new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 2:15:08 PM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe
C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\todd\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Reboot.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...etaStream3.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4c3f3c73/enter.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\chris.TCTI\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcti.org
O17 - HKLM\Software\..\Telephony: DomainName = tcti.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcti.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcti.org
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

**Buzz1927** · 08-15-2005, 08:29 PM

Hi Todd.

It's just Buzz, Grim\Buzz makes it sound like I'm miserable or something.

You done good, one last thing to clear up. Run Hijackthis and check this line.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

Close all open windows and hit "Fix Checked".

Reboot and check that it's gone, if so, you're good to go!

354 · 08-15-2005, 10:56 PM

Buzz,

Thank you very much!!! Things on my computer are looking much better. I also downloaded a firewall - Zonealarm pro 4. Do you think this is better than Windows (service pak 2) firewall?

Here is the final HJT Log. Thank you for all your help. I have this forum bookmarked and will tell my friends how helpful you and this forurm is!

Todd

Logfile of HijackThis v1.99.1
Scan saved at 4:49:23 PM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe
C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\Documents and Settings\todd\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Reboot.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...etaStream3.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4c3f3c73/enter.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\chris.TCTI\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcti.org
O17 - HKLM\Software\..\Telephony: DomainName = tcti.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcti.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcti.org
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**Buzz1927** · 08-15-2005, 11:01 PM

Hi Todd.

Looks good. Anything is better than the Windows firewall, Zonealarm is very good, there's a few more here in case you don't like it, as well as a few other programs you should use.

Take care.
Buzz.

08-15-2005, 09:01 AM	#1 (permalink)
354 New Member Join Date: Aug 2005 Age: 42 Posts: 12	Post #1 HJT Log (too long for one post) Here is my HJT log. I have the SearchClick malware and Ad_Aware SE won't remove it. Logfile of HijackThis v1.99.1 Scan saved at 2:43:24 AM, on 8/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\ipaj32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {FDC8ED78-97D9-350C-2852-74C9718542E6} - C:\WINDOWS\system32\d3vu.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\todd\LOCALS~1\Temp\app2.tmp O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [ipoz.exe] C:\WINDOWS\system32\ipoz.exe O4 - HKLM\..\Run: [mfcgi.exe] C:\WINDOWS\mfcgi.exe O4 - HKLM\..\Run: [addkm32.exe] C:\WINDOWS\addkm32.exe O4 - HKLM\..\Run: [sdkjz32.exe] C:\WINDOWS\sdkjz32.exe O4 - HKLM\..\Run: [mfcda32.exe] C:\WINDOWS\mfcda32.exe O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe O4 - HKLM\..\Run: [sdkhc32.exe] C:\WINDOWS\sdkhc32.exe O4 - HKLM\..\Run: [sysdo32.exe] C:\WINDOWS\sysdo32.exe O4 - HKLM\..\Run: [ipaj32.exe] C:\WINDOWS\system32\ipaj32.exe O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINDOWS\ipya.exe O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\d3ki32.exe O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\winmp.exe O4 - HKLM\..\RunOnce: [sysao.exe] C:\WINDOWS\sysao.exe O4 - HKLM\..\RunOnce: [ieyz.exe] C:\WINDOWS\system32\ieyz.exe O4 - HKLM\..\RunOnce: [sysqf32.exe] C:\WINDOWS\system32\sysqf32.exe O4 - HKLM\..\RunOnce: [netzn32.exe] C:\WINDOWS\system32\netzn32.exe O4 - HKLM\..\RunOnce: [sdkmp.exe] C:\WINDOWS\sdkmp.exe O4 - HKLM\..\RunOnce: [winkm32.exe] C:\WINDOWS\winkm32.exe O4 - HKLM\..\RunOnce: [javajq.exe] C:\WINDOWS\javajq.exe O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\ielg32.exe O4 - HKLM\..\RunOnce: [sdkgv32.exe] C:\WINDOWS\sdkgv32.exe O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\d3zs.exe O4 - HKLM\..\RunOnce: [appso.exe] C:\WINDOWS\appso.exe O4 - HKLM\..\RunOnce: [winny32.exe] C:\WINDOWS\system32\winny32.exe O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\system32\mfcwl32.exe O4 - HKLM\..\RunOnce: [appzo32.exe] C:\WINDOWS\appzo32.exe O4 - HKLM\..\RunOnce: [msyc32.exe] C:\WINDOWS\system32\msyc32.exe O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe O4 - HKLM\..\RunOnce: [javaxf32.exe] C:\WINDOWS\javaxf32.exe O4 - HKLM\..\RunOnce: [ntbh.exe] C:\WINDOWS\system32\ntbh.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Moaa] C:\Documents and Settings\todd\Application Data\leea.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe O4 - Global Startup: Reboot.exe O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

08-15-2005, 09:02 AM	#2 (permalink)
354 New Member Join Date: Aug 2005 Age: 42 Posts: 12	Post #2 The rest of the log O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...etaStream3.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4c3f3c73/enter.cab O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\chris.TCTI\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcti.org O17 - HKLM\Software\..\Telephony: DomainName = tcti.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcti.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcti.org O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipya.exe" /s (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

08-15-2005, 09:23 AM	#3 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,077	Use Internet Explorer once to download Firefox. Use Firefox to get online, as every time you use IE you'll get infected more and the log won't fit. I need to go out for a while, I'll post the fix later. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

08-15-2005, 02:45 PM	#5 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,077	Hi Todd. Download these programs. CWShredder. Aboutbuster. Ewido. Ccleaner. Unzip them all to the desktop. Open Aboutbuster and check for updates, then close the program. Then update Ewido. Don't run it yet. Boot into safemode by tapping f8 on startup. Once in safemode, hit start>run, type "services.msc". Scroll down to this service (make sure it has "helper" in it). Remote Procedure Call (RPC) Helper Hit "stop" and change the startup type to "disabled". Hit "apply" then "ok". Close the window. Then run CWShredder and hit "Fix". Then run Aboutbuster 2 times. Then do a complete scan with Ewido. Remove all it finds. Then run Hijackthis and put a check next to these lines (there may be more lines starting with "O4 - HKLM\..\RunOnce:", check them as well) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jpwkf.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R3 - Default URLSearchHook is missing O2 - BHO: Class - {FDC8ED78-97D9-350C-2852-74C9718542E6} - C:\WINDOWS\system32\d3vu.dll O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\todd\LOCALS~1\Temp\app2.tmp O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [ipoz.exe] C:\WINDOWS\system32\ipoz.exe O4 - HKLM\..\Run: [mfcgi.exe] C:\WINDOWS\mfcgi.exe O4 - HKLM\..\Run: [addkm32.exe] C:\WINDOWS\addkm32.exe O4 - HKLM\..\Run: [sdkjz32.exe] C:\WINDOWS\sdkjz32.exe O4 - HKLM\..\Run: [mfcda32.exe] C:\WINDOWS\mfcda32.exe O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe O4 - HKLM\..\Run: [sdkhc32.exe] C:\WINDOWS\sdkhc32.exe O4 - HKLM\..\Run: [sysdo32.exe] C:\WINDOWS\sysdo32.exe O4 - HKLM\..\Run: [ipaj32.exe] C:\WINDOWS\system32\ipaj32.exe O4 - HKLM\..\RunOnce: [ipya.exe] C:\WINDOWS\ipya.exe O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\d3ki32.exe O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\winmp.exe O4 - HKLM\..\RunOnce: [sysao.exe] C:\WINDOWS\sysao.exe O4 - HKLM\..\RunOnce: [ieyz.exe] C:\WINDOWS\system32\ieyz.exe O4 - HKLM\..\RunOnce: [sysqf32.exe] C:\WINDOWS\system32\sysqf32.exe O4 - HKLM\..\RunOnce: [netzn32.exe] C:\WINDOWS\system32\netzn32.exe O4 - HKLM\..\RunOnce: [sdkmp.exe] C:\WINDOWS\sdkmp.exe O4 - HKLM\..\RunOnce: [winkm32.exe] C:\WINDOWS\winkm32.exe O4 - HKLM\..\RunOnce: [javajq.exe] C:\WINDOWS\javajq.exe O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\ielg32.exe O4 - HKLM\..\RunOnce: [sdkgv32.exe] C:\WINDOWS\sdkgv32.exe O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe O4 - HKLM\..\RunOnce: [d3zs.exe] C:\WINDOWS\d3zs.exe O4 - HKLM\..\RunOnce: [appso.exe] C:\WINDOWS\appso.exe O4 - HKLM\..\RunOnce: [winny32.exe] C:\WINDOWS\system32\winny32.exe O4 - HKLM\..\RunOnce: [mfcwl32.exe] C:\WINDOWS\system32\mfcwl32.exe O4 - HKLM\..\RunOnce: [appzo32.exe] C:\WINDOWS\appzo32.exe O4 - HKLM\..\RunOnce: [msyc32.exe] C:\WINDOWS\system32\msyc32.exe O4 - HKLM\..\RunOnce: [ntee.exe] C:\WINDOWS\ntee.exe O4 - HKLM\..\RunOnce: [javaxf32.exe] C:\WINDOWS\javaxf32.exe O4 - HKLM\..\RunOnce: [ntbh.exe] C:\WINDOWS\system32\ntbh.exe O4 - HKCU\..\Run: [Moaa] C:\Documents and Settings\todd\Application Data\leea.exe O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipya.exe" /s (file missing). Close all open windows and hit "Fix Checked". Enable viewing of hidden files, and find and delete these files. C:\WINDOWS\system32\ipaj32.exe C:\Documents and Settings\todd\Application Data\leea.exe Finally, run Ccleaner (under Internet Explorer and Firefox, uncheck "cookies", then in "Options>Advanced, uncheck "only delete files in windows temp folders older than 48 hours). Then reboot to normal mode and post the new Hijackthis log. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

08-15-2005, 08:29 PM	#7 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,077	Hi Todd. It's just Buzz, Grim\Buzz makes it sound like I'm miserable or something. You done good, one last thing to clear up. Run Hijackthis and check this line. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank Close all open windows and hit "Fix Checked". Reboot and check that it's gone, if so, you're good to go! __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

08-15-2005, 09:24 AM	#4 (permalink)
354 New Member Join Date: Aug 2005 Age: 42 Posts: 12	Thanks, I'm going to bed now. I will look tomarrow. Thanks in advance. Todd

08-15-2005, 08:19 PM	#6 (permalink)
354 New Member Join Date: Aug 2005 Age: 42 Posts: 12	Hello Grim/Buzz, I followed your directions best I could. My roomates printer is broken and I had to save screen shots of this post to MSWord and read it from there. Anway ther is the new HJT Log Logfile of HijackThis v1.99.1 Scan saved at 2:15:08 PM, on 8/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\todd\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe O4 - Global Startup: Reboot.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...etaStream3.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4c3f3c73/enter.cab O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\chris.TCTI\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcti.org O17 - HKLM\Software\..\Telephony: DomainName = tcti.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcti.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcti.org O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

08-15-2005, 10:56 PM	#8 (permalink)
354 New Member Join Date: Aug 2005 Age: 42 Posts: 12	Buzz, Thank you very much!!! Things on my computer are looking much better. I also downloaded a firewall - Zonealarm pro 4. Do you think this is better than Windows (service pak 2) firewall? Here is the final HJT Log. Thank you for all your help. I have this forum bookmarked and will tell my friends how helpful you and this forurm is! Todd Logfile of HijackThis v1.99.1 Scan saved at 4:49:23 PM, on 8/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe C:\Documents and Settings\todd\Desktop\HijackThis.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\EPSONREG.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe O4 - Global Startup: Reboot.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...etaStream3.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4c3f3c73/enter.cab O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\chris.TCTI\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcti.org O17 - HKLM\Software\..\Telephony: DomainName = tcti.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcti.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcti.org O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\todd\Desktop\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

08-15-2005, 11:01 PM	#9 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,077	Hi Todd. Looks good. Anything is better than the Windows firewall, Zonealarm is very good, there's a few more here in case you don't like it, as well as a few other programs you should use. Take care. Buzz. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode