hijackthis log

bubs · 03-30-2006, 11:06 PM

ok so i ran a few diffrent spyware and anti virus scans and my computers doign alot better but i still get a pop up here and there heres my hijackthis log what do i do from here?
Logfile of HijackThis v1.99.1
Scan saved at 2:45:51 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\WINDOWS\AccessL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win3206144553604.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\mousepad5.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\DOCUME~1\Matthew\LOCALS~1\Temp\cinfo.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\DOCUME~1\Matthew\APPLIC~1\MCROSO~1\notepad.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1139452959\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\w?nspool.exe
C:\Program Files\Arovax Shield\ArovaxShield.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1139452959\ee\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Matthew\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jcoel.exe
F2 - REG:system.ini: UserInit=userinit.exe,uwuivpp.exe
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhff.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [ALTOOLS] AccessL.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139452959\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [\\CALVIN\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P33 "\\CALVIN\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [7404] C:\windows\eee2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [{F5-54-43-30-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [win3206144553604] C:\WINDOWS\win3206144553604.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [ms05414455360] C:\WINDOWS\ms05414455360.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Ebc] "C:\DOCUME~1\Matthew\APPLIC~1\MCROSO~1\notepad.exe " -vt mt
O4 - HKCU\..\Run: [Har] C:\WINDOWS\system32\w?nspool.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinrrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\qqdsregk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/...er/Install.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\kqdsp.dll (file missing)
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe

thanks for any help guys

**magicman** · 03-31-2006, 10:33 AM

Please don't double post. See Forum Rules.

**Buzz1927** · 03-31-2006, 03:08 PM

That's a mess, let's clean up a bit first and get what's left after.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Then restart the computer and post a new Hijackthis log.

03-30-2006, 11:06 PM	#1 (permalink)
bubs New Member Join Date: Mar 2006 Location: sacramento CA Posts: 3	hijackthis log ok so i ran a few diffrent spyware and anti virus scans and my computers doign alot better but i still get a pop up here and there heres my hijackthis log what do i do from here? Logfile of HijackThis v1.99.1 Scan saved at 2:45:51 PM, on 3/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\system32\Pelmiced.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\WINDOWS\system32\SKDAEMON.EXE C:\WINDOWS\AccessL.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\win3206144553604.exe C:\WINDOWS\system32\wscntfy.exe C:\windows\mousepad5.exe C:\Program Files\Windows Defender\MSASCui.exe C:\DOCUME~1\Matthew\LOCALS~1\Temp\cinfo.exe C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe C:\DOCUME~1\Matthew\APPLIC~1\MCROSO~1\notepad.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AOL\1139452959\ee\aolsoftware.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\common files\installshield\updateservice\isuspm.exe c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\WINDOWS\system32\control.exe C:\WINDOWS\system32\w?nspool.exe C:\Program Files\Arovax Shield\ArovaxShield.exe C:\Program Files\Browser Hijack Blaster\bhblaster.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\common files\aol\1139452959\ee\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\msiexec.exe C:\DOCUME~1\Matthew\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...://www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jcoel.exe F2 - REG:system.ini: UserInit=userinit.exe,uwuivpp.exe O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhff.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE O4 - HKLM\..\Run: [ALTOOLS] AccessL.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139452959\ee\AOLSoftware.exe O4 - HKLM\..\Run: [\\CALVIN\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P33 "\\CALVIN\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe O4 - HKLM\..\Run: [7404] C:\windows\eee2.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [{F5-54-43-30-ZN}] c:\windows\system32\dwdsregt.exe FI002 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [win3206144553604] C:\WINDOWS\win3206144553604.exe O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe O4 - HKLM\..\Run: [ms05414455360] C:\WINDOWS\ms05414455360.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a O4 - HKCU\..\Run: [Ebc] "C:\DOCUME~1\Matthew\APPLIC~1\MCROSO~1\notepad.exe " -vt mt O4 - HKCU\..\Run: [Har] C:\WINDOWS\system32\w?nspool.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinrrag.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\qqdsregk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/...er/Install.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\kqdsp.dll (file missing) O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe thanks for any help guys

03-31-2006, 10:33 AM	#2 (permalink)
magicman Moderator - F@H Guru Join Date: Jan 2005 Location: Surrey, UK Posts: 3,063	Please don't double post. See Forum Rules. __________________ FOLDING FOR THE GOOD OF MANKIND :F@H Team 44358

03-31-2006, 03:08 PM	#3 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	That's a mess, let's clean up a bit first and get what's left after. Download the trial version of Spy Sweeper from Here Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper) You will be prompted to check for updated definitions, please do so. (This may take several minutes) Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box. Click on Sweep and allow it to fully scan your system. When the sweep has finished, click Remove. Click Select All and then Next From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient. Exit Spy Sweeper. Then restart the computer and post a new Hijackthis log. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode