windycitymj
2006-08-05, 05:30
Current Problem
Norton anti-virus alerted me that my computer is infected.
My computer is constantly catching adware, spyware, and malware. I have used hijackthis, spybot, killbox, and all spyware and malware removers.... After repeatedly tried to remove malwares and spyware using removal software, jump to safe mode, run, log..... I spent last 9 days to remove this malware.
How can I remove this damn thing?
Any HELP you could provide would be great.
Here is a current hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:45 PM, on 8/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\SYSTEM32\ZoneLabs\minilog.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\xpupdate.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\mju.WINDYCITYMJ\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.
html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9BFFEEF5-33FD-19DD-7469-FFDE3A1246FD} - C:\WINNT\fiphp1.dll (file
missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program
Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia
Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec
Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MyD] C:\Program Files\Daum\Messenger\dtcore.exe /BOOTRUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [ADScan] C:\Program Files\ADScan\ADScan.exe /hidescan
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network
Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger
3.5\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar
Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar
Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZNxdm801YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN
Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4d661a4c69ce46a6b859a99ba0a49df6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN
Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4d661a4c69ce46a6b859a99ba0a49df6
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\WINNT\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: º¸³Ê½ºÆÑ - {C85D0F76-88E4-4239-8BB4-1B6F33B55835} -
C:\WINNT\SYSTEM32\bonuspack.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.bmw.com/generi
c/com/en/products/highlights/5series/sedan/phase_5/vet.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.
cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) -
http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) -
http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation -
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program
Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software
Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. -
C:\WINNT\SYSTEM32\ZoneLabs\minilog.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program
Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINNT\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB
Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)
Norton anti-virus alerted me that my computer is infected.
My computer is constantly catching adware, spyware, and malware. I have used hijackthis, spybot, killbox, and all spyware and malware removers.... After repeatedly tried to remove malwares and spyware using removal software, jump to safe mode, run, log..... I spent last 9 days to remove this malware.
How can I remove this damn thing?
Any HELP you could provide would be great.
Here is a current hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:45 PM, on 8/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\SYSTEM32\ZoneLabs\minilog.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\xpupdate.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\mju.WINDYCITYMJ\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.
html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9BFFEEF5-33FD-19DD-7469-FFDE3A1246FD} - C:\WINNT\fiphp1.dll (file
missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program
Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia
Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec
Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MyD] C:\Program Files\Daum\Messenger\dtcore.exe /BOOTRUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [ADScan] C:\Program Files\ADScan\ADScan.exe /hidescan
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network
Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger
3.5\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar
Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar
Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZNxdm801YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN
Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4d661a4c69ce46a6b859a99ba0a49df6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN
Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4d661a4c69ce46a6b859a99ba0a49df6
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\WINNT\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: º¸³Ê½ºÆÑ - {C85D0F76-88E4-4239-8BB4-1B6F33B55835} -
C:\WINNT\SYSTEM32\bonuspack.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.bmw.com/generi
c/com/en/products/highlights/5series/sedan/phase_5/vet.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.
cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) -
http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) -
http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation -
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program
Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software
Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. -
C:\WINNT\SYSTEM32\ZoneLabs\minilog.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program
Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINNT\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB
Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)