:scratch:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:05 PM, on 4/29/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dcmhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\scvhost.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\System32\svchozt.exe
C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 203.186.128.56 lloydstsb.co.uk
O1 - Hosts: 203.186.128.56 online.lloydstsb.co.uk
O1 - Hosts: 203.186.128.56 www.lloydstsb.co.uk (http://www.lloydstsb.co.uk)
O1 - Hosts: 203.186.128.56 www.lloydstsb.com (http://www.lloydstsb.com)
O1 - Hosts: 203.186.128.56 www.lloydstsb.com (http://www.lloydstsb.com)
O1 - Hosts: 203.186.128.56 personal.barclays.co.uk
O1 - Hosts: 203.186.128.56 barclays.co.uk
O1 - Hosts: 203.186.128.56 ibank.barclays.co.uk
O1 - Hosts: 203.186.128.56 www.barclays.co.uk (http://www.barclays.co.uk)
O1 - Hosts: 203.186.128.56 www.nwolb.com (http://www.nwolb.com)
O1 - Hosts: 203.186.128.56 nwolb.com
O1 - Hosts: 203.186.128.56 hsbc.co.uk
O1 - Hosts: 203.186.128.56 www.hsbc.co.uk (http://www.hsbc.co.uk)
O1 - Hosts: 203.186.128.56 abbey.com
O1 - Hosts: 203.186.128.56 www.abbey.com (http://www.abbey.com)
O1 - Hosts: 203.186.128.56 www.abbey.co.uk (http://www.abbey.co.uk)
O1 - Hosts: 203.186.128.56 abbey.co.uk
O1 - Hosts: 203.186.128.56 cahoot.com
O1 - Hosts: 203.186.128.56 www.cahoot.com (http://www.cahoot.com)
O1 - Hosts: 203.186.128.56 www.cahoot.co.uk (http://www.cahoot.co.uk)
O1 - Hosts: 203.186.128.56 cahoot.co.uk
O1 - Hosts: 203.186.128.56 www.co-operativebank.co.uk (http://www.co-operativebank.co.uk)
O1 - Hosts: 203.186.128.56 co-operativebank.co.uk
O1 - Hosts: 203.186.128.56 www.co-operativebank.com (http://www.co-operativebank.com)
O1 - Hosts: 203.186.128.56 co-operativebank.com
O1 - Hosts: 203.186.128.56 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 203.186.128.56 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 203.186.128.56 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 203.186.128.56 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 203.186.128.56 www.cajamar.es (http://www.cajamar.es)
O1 - Hosts: 203.186.128.56 cajamar.es
O1 - Hosts: 203.186.128.56 www.cajamar.com (http://www.cajamar.com)
O1 - Hosts: 203.186.128.56 cajamar.com
O1 - Hosts: 203.186.128.56 www.unicaja.es (http://www.unicaja.es)
O1 - Hosts: 203.186.128.56 unicaja.es
O1 - Hosts: 203.186.128.56 www.unicaja.com (http://www.unicaja.com)
O1 - Hosts: 203.186.128.56 unicaja.com
O1 - Hosts: 203.186.128.56 www.caixagalicia.es (http://www.caixagalicia.es)
O1 - Hosts: 203.186.128.56 caixagalicia.es
O1 - Hosts: 203.186.128.56 www.caixagalicia.com (http://www.caixagalicia.com)
O1 - Hosts: 203.186.128.56 caixagalicia.com
O1 - Hosts: 203.186.128.56 activa.caixagalicia.es
O1 - Hosts: 203.186.128.56 www.caixapenedes.es (http://www.caixapenedes.es)
O1 - Hosts: 203.186.128.56 caixapenedes.es
O1 - Hosts: 203.186.128.56 www.caixapenedes.com (http://www.caixapenedes.com)
O1 - Hosts: 203.186.128.56 caixapenedes.com
O1 - Hosts: 203.186.128.56 bancae.caixapenedes.com
O1 - Hosts: 203.186.128.56 www.caixasabadell.es (http://www.caixasabadell.es)
O1 - Hosts: 203.186.128.56 caixasabadell.es
O1 - Hosts: 203.186.128.56 www.caixasabadell.net (http://www.caixasabadell.net)
O1 - Hosts: 203.186.128.56 caixasabadell.net
O1 - Hosts: 203.186.128.56 www.cajamadrid.es (http://www.cajamadrid.es)
O1 - Hosts: 203.186.128.56 cajamadrid.es
O1 - Hosts: 203.186.128.56 www.cajamadrid.com (http://www.cajamadrid.com)
O1 - Hosts: 203.186.128.56 cajamadrid.com
O1 - Hosts: 203.186.128.56 oi.cajamadrid.es
O1 - Hosts: 203.186.128.56 www.ccm.es (http://www.ccm.es)
O1 - Hosts: 203.186.128.56 ccm.es
O1 - Hosts: 203.186.128.56 www.haspa.de (http://www.haspa.de)
O1 - Hosts: 203.186.128.56 haspa.de
O1 - Hosts: 203.186.128.56 ssl2.haspa.de
O1 - Hosts: 203.186.128.56 www.dresdner-bank.de (http://www.dresdner-bank.de)
O1 - Hosts: 203.186.128.56 dresdner-bank.de
O1 - Hosts: 203.186.128.56 www.dresdner-privat.de (http://www.dresdner-privat.de)
O1 - Hosts: 203.186.128.56 postbank.de
O1 - Hosts: 203.186.128.56 www.postbank.de (http://www.postbank.de)
O1 - Hosts: 203.186.128.56 banking.postbank.de
O1 - Hosts: 203.186.128.56 www.sparda-b.de (http://www.sparda-b.de)
O1 - Hosts: 203.186.128.56 sparda-b.de
O1 - Hosts: 203.186.128.56 www.bankingonline.de (http://www.bankingonline.de)
O1 - Hosts: 203.186.128.56 www.raiffeisenbank-erding.de (http://www.raiffeisenbank-erding.de)
O1 - Hosts: 203.186.128.56 raiffeisenbank-erding.de
O1 - Hosts: 203.186.128.56 www.vr-networld-ebanking.de (http://www.vr-networld-ebanking.de)
O1 - Hosts: 203.186.128.56 vr-networld-ebanking.de
O1 - Hosts: 203.186.128.56 www.bnhof.de (http://www.bnhof.de)
O1 - Hosts: 203.186.128.56 bnhof.de
O1 - Hosts: 203.186.128.56 www.deutsche-bank.de (http://www.deutsche-bank.de)
O1 - Hosts: 203.186.128.56 deutsche-bank.de
O1 - Hosts: 203.186.128.56 meine.deutsche-bank.de
O1 - Hosts: 203.186.128.56 www.citibank.de (http://www.citibank.de)
O1 - Hosts: 203.186.128.56 citibank.de
O1 - Hosts: 203.186.128.56 www.dkb.de (http://www.dkb.de)
O1 - Hosts: 203.186.128.56 dkb.de
O1 - Hosts: 203.186.128.56 www.sparkasse-regensburg.de (http://www.sparkasse-regensburg.de)
O1 - Hosts: 203.186.128.56 sparkasse-regensburg.de
O1 - Hosts: 203.186.128.56 www.berliner-bank.de (http://www.berliner-bank.de)
O1 - Hosts: 203.186.128.56 berliner-bank.de
O1 - Hosts: 203.186.128.56 www.berliner-sparkasse.de (http://www.berliner-sparkasse.de)
O1 - Hosts: 203.186.128.56 berliner-sparkasse.de
O1 - Hosts: 203.186.128.56 www.wellsfargo.com (http://www.wellsfargo.com)
O1 - Hosts: 203.186.128.56 wellsfargo.com
O1 - Hosts: 203.186.128.56 www.bankofamerica.com (http://www.bankofamerica.com)
O1 - Hosts: 203.186.128.56 bankofamerica.com
O1 - Hosts: 203.186.128.56 www.usbank.com (http://www.usbank.com)
O1 - Hosts: 203.186.128.56 usbank.com
O1 - Hosts: 203.186.128.56 www.bankone.com (http://www.bankone.com)
O1 - Hosts: 203.186.128.56 bankone.com
O1 - Hosts: 203.186.128.56 www.citibank.com (http://www.citibank.com)
O1 - Hosts: 203.186.128.56 citibank.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F8C97E3-ADD5-47F8-BE18-A54DCDB76693} - C:\Program Files\DirectX\megoqa.dll
O2 - BHO: (no name) - {37D36E70-4652-43B0-A34B-9F5163DB8E1F} - \
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Internet Explorer Helper] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\Run: [Windows Services] spoolsvc.exe
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [Windows Helper] C:\WINDOWS\System32\svchozt.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Windows Services] spoolsvc.exe
O4 - HKCU\..\Run: [Windows Services] spoolsvc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Windows Services] spoolsvc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143869873109
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17071E2A-79B3-4B93-BA8D-AED342B28225}: NameServer = 216.139.64.16 216.139.64.17
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Hello and sorry for the wait.
If you are still in need of assistance please go here and post a link back to this topic to flag a helper.

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

Thank you for the response but I have been recieving assitance from MajorGeeks.com for the last few days.
If they are unable to resolve the issue I will create a new post.


Thank you
Roadcaptain

Hi
You dont appear to have an antivirus program, is there a reason ?

Since its been a few days we need to see a fresh hjt log.

Merged Roadcaptain's post from the waiting for help stickie.

As we do not encourage multi-forum posters requesting assistance for the same problem, I will close this topic to avoid further dilution of volunteer resources. ;)