Need to get rid of Google redirector and more

**bobkent** · 2007-01-11, 06:51

Thanks for looking at this:
After a Google search (and all other search engines) when I click on a result, I am redirected to other sites.
In addition, Tea Timer keeps giving me notice (constantly) that login value is being changed.
My Hijack This file is below.
Any help that you could give me would be greatly appricated!
Thanks!
Bob

Logfile of HijackThis v1.99.1
Scan saved at 12:56:19 AM, on 1/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
c:\Program Files\PestPatrol\ppmemcheck.exe
c:\Program Files\PestPatrol\ppcontrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Downloads\HiJack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://www.support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137974238274
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C4DAF3F-56B7-48B6-838E-C26A331DF78F}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBC96D2C-F13A-4FD5-BB6D-748D0B02AAA3}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{F21A6B45-DD7A-484A-AB6F-A858BC77C730}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Bob\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**illukka** · 2007-01-11, 07:11

Please download FixWareout from one of these sites:

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

**bobkent** · 2007-01-11, 08:39

Fixwareout
Last edited 1/1/2006
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINNT\system32\kdehe.exe will be moved to C:\WINNT\temp\kdehe.ren at reboot.
»»»»» System restarted
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»

**bobkent** · 2007-01-11, 08:41

Logfile of HijackThis v1.99.1
Scan saved at 2:46:03 AM, on 1/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Downloads\HiJack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js
O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://www.support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137974238274
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C4DAF3F-56B7-48B6-838E-C26A331DF78F}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBC96D2C-F13A-4FD5-BB6D-748D0B02AAA3}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{F21A6B45-DD7A-484A-AB6F-A858BC77C730}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Bob\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**bobkent** · 2007-01-11, 08:42

Thank You!
Bob

**illukka** · 2007-01-11, 09:15

hi

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

next:
open hijackthis, click do a system scan only
checkmark these lines if still there:
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C4DAF3F-56B7-48B6-838E-C26A331DF78F}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBC96D2C-F13A-4FD5-BB6D-748D0B02AAA3}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{F21A6B45-DD7A-484A-AB6F-A858BC77C730}: NameServer = 85.255.116.137,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.137 85.255.112.23

then close all explorer and browser windows
leaving only hijackthis running

and click fix checked

reboot

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

also post a new hijackthis log

Note:
If You have connection problems or those 017's ~ O17 - HKLM~ 85.255.116.103,85.255.112.198, return =>
Before doing this write down all the settings, Note that not all system/setups even have these settings, while some connection service's will require them.
In the windows control panel: If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available one some systems

**bobkent** · 2007-01-12, 05:14

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:28:13 PM 1/11/2007

+ Scan result:

C:\Downloads\PearlHarborZH-dm[1].exe -> Adware.Trymedia : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20050101211953.zip/Documents and Settings/Downloads/Norton Firewall/Meta-Norton.Internet.Security.Family.Editon.2001.(All.Versions)_CRK.exe -> Backdoor.Theef.111 : Cleaned.
C:\Program Files\Newhp\Cache\00000902_43683c1b_00000166 -> Downloader.IstBar.ai : Cleaned.
C:\Program Files\Newhp\Cache\0000187e_43683c1d_000910a8 -> Downloader.IstBar.ai : Cleaned.
C:\Program Files\Newhp\Cache\00001916_43683ed7_000377a3 -> Downloader.IstBar.ai : Cleaned.
C:\Program Files\Newhp\Cache\00000fbf_43683c78_0006c934 -> Downloader.IstBar.j : Cleaned.
C:\Program Files\Newhp\Cache\000033ea_43683c4b_00004bce -> Downloader.IstBar.j : Cleaned.
C:\Program Files\Newhp\Cache\0000440d_436837a7_000b5329 -> Downloader.IstBar.j : Cleaned.
C:\Program Files\Newhp\Cache\00004db7_436837c1_000861ae -> Downloader.IstBar.j : Cleaned.
C:\Program Files\Newhp\Cache\000023c9_43683c4b_0000e848 -> Downloader.IstBar.u : Cleaned.
C:\Program Files\Newhp\Cache\0000261e_43683e9a_000be81c -> Downloader.IstBar.u : Cleaned.
C:\Program Files\Common Files\wwwk\wwwkd\vocabulary -> Downloader.TSUpdate.j : Cleaned.
C:\Program Files\Newhp\Cache\00000124_43685c6d_0000162b -> Hijacker.Small.jf : Cleaned.
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3faba491-441d45ef.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3faba491-441d45ef.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv788.jar-7547e1a6-11c85d1b.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060226020348.zip/Documents and Settings/Michael/Application Data/Sun/Java/Deployment/cache/javapi/v1.0/jar/arc.zip-68f7ffc7-40d7984f.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Program Files\Newhp\Cache\00000677_43683f00_00014fe3 -> Not-A-Virus.Exploit.HTML.DialogArg : Cleaned.
C:\Program Files\Newhp\Cache\00003cd5_43683c39_000f0750 -> Not-A-Virus.Exploit.HTML.DialogArg : Cleaned.
C:\Program Files\Newhp\Cache\00006172_43683ed7_00085b70 -> Not-A-Virus.Exploit.HTML.DialogArg : Cleaned.
C:\Program Files\Newhp\Cache\00007bb9_43683c1b_00046fd8 -> Not-A-Virus.Exploit.HTML.DialogArg : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00096828.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00096829.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097433.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097441.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097546.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097547.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097548.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097676.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00097677.TXT -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@lovefreegames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@planetfungames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@reciperewards.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\NPROTECT\00096873.TXT -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\NPROTECT\00096503.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096504.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096517.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096780.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096781.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096782.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096787.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096788.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096874.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096875.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00096876.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097492.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097493.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097494.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097496.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097497.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097499.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00097500.TXT -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
C:\RECYCLER\NPROTECT\00096516.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00096570.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00096778.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00096822.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00096823.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097479.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097480.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097481.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097482.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097507.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097512.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00097995.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00098058.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00098059.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20051105004318.zip/Documents and Settings/Administrator/Cookies/administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096863.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096864.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096865.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096867.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096889.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096890.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096893.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00096824.TXT -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\RECYCLER\NPROTECT\00097511.TXT -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@www.fun.com.18345.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\RECYCLER\NPROTECT\00096532.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00096549.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00096550.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00096789.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00096809.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00096810.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00098032.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00098043.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00098044.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wfk4qhdpcfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjk4enc5aho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjk4sgazaeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjk4updpcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjkoajc5ebq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjkooiajifq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjkoqjc5ckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjl4akajeco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjl4wnc5abp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjlisnajako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjlowlcjsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjlygpc5ckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjmiglcpgap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjmisocpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjmygldjafq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjny-1sdzsg.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjnyalczkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjnyamcjmdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjnycjdzcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjnyqmdzsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@e-2dj6wjnyujdzobq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@s.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097487.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097488.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097489.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097490.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097491.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097495.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00097501.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00098001.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00098002.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00098003.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@ehg-hasbro.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\RECYCLER\NPROTECT\00096819.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00096820.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00096821.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00096825.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00096826.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@www.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20051105004318.zip/Documents and Settings/Administrator/Cookies/administrator@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.

See next post for 2 of 2 report

**bobkent** · 2007-01-12, 05:15

This is part 2 of 2 of Scan Report

C:\RECYCLER\NPROTECT\00097460.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097461.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097462.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097465.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097471.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097472.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097473.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00097474.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\NPROTECT\00097679.TXT -> TrackingCookie.Spylog : Cleaned.
C:\RECYCLER\NPROTECT\00097681.TXT -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\NPROTECT\00096878.TXT -> TrackingCookie.Targetnet : Cleaned.
C:\RECYCLER\NPROTECT\00096881.TXT -> TrackingCookie.Targetnet : Cleaned.
C:\RECYCLER\NPROTECT\00096882.TXT -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\RECYCLER\NPROTECT\00096883.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00096884.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00096885.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00096886.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00096887.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00096888.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00096894.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Michael\Cookies\michael@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\RECYCLER\NPROTECT\00097678.TXT -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Matthew\Cookies\matthew@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Nicole\Cookies\nicole@c7.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096510.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096511.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096512.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096513.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096514.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096515.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00096518.TXT -> TrackingCookie.Zedo : Cleaned.

::Report end

**bobkent** · 2007-01-12, 05:16

Logfile of HijackThis v1.99.1
Scan saved at 11:13:57 PM, on 1/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Documents and Settings\Downloads\HiJack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://www.support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137974238274
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Bob\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**bobkent** · 2007-01-12, 05:18

Thank You for your help!!!

Thread: Need to get rid of Google redirector and more

Thread Tools

Display

Need to get rid of Google redirector and more

Here is the Fixwareout log:

Here is the updated Hijack This Log

Thanks for your help!!!!!

Here is AVG Scan Report 1-11-07 1 of 2

Here is AVD Scen Report 1-11-07 2 of 2

Here is Updated HiJack This Log after AVG 1-11-07

Thanks Again For Your Help!!!!

Posting Permissions