hjt log file

Logfile of HijackThis v1.99.0
Scan saved at 5:17:06 PM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.com/svs/rdr?TYPE...2=Knob&parm3=disabled&p=Type+search+text+here
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [FX] C:\windows\winini.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B92410D-F993-4F5C-B80D-5B08CC7D1DA6}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

I'm assuming you are having problems with ZipZapPromos popups. If so, please download the List Installed Programs script from here, run it and post it's log.

 

zipzappromos

INSTALLED SOFTWARE (152) - HUNTER - 2/17/2005 11:58:33 AM

2600 Ver: 43.0.213.000 Installed: 12/31/2004
2600_Help Ver: 43.0.213.000 Installed: 12/31/2004
2600Trb Ver: 43.0.213.000 Installed: 12/31/2004
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 8/7/2004
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 8/7/2004
Agere Systems PCI Soft Modem
AiO_Scan Ver: 43.0.213.000 Installed: 8/7/2004
AiOSoftware Ver: 43.0.213.000 Installed: 8/7/2004
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Spyware Protection Ver: 1.0.66
AOL Toolbar
AOL You've Got Pictures Screensaver
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm Ver: 43.1.5.000 Installed: 8/7/2004
CameraDrivers Ver: 3.1.0 Installed: 8/7/2004
CC_ccProxyMSI Ver: 2.1.1.700 Installed: 8/8/2004
CC_ccStart Ver: 2.1.1.700 Installed: 8/8/2004
ccCommon Ver: 2.1.1.700 Installed: 8/8/2004
Copy Ver: 43.1.5.000 Installed: 8/7/2004
CreativeProjects Ver: 43.1.5.000 Installed: 8/7/2004
CreativeProjectsTemplates Ver: 43.1.5.000 Installed: 8/7/2004
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour Ver: 43.1.5.000 Installed: 8/7/2004
Destinations Ver: 43.1.5.000 Installed: 8/7/2004
Director Ver: 43.1.5.000 Installed: 8/7/2004
DocProc Ver: 4.0.0.0 Installed: 8/7/2004
DocumentViewer Ver: 43.0.213.000 Installed: 8/7/2004
Easy Internet Sign-up Ver: FE UI-3.0.0.1236 Installed: 8/7/2004
Easy Internet Sign-up Ver: FE UI-3.0.0.1236 Installed: 8/7/2004
Fax Ver: 43.0.213.000 Installed: 8/7/2004
Google Toolbar for Internet Explorer
Help and Support Additions
High Definition Audio Driver Package - KB835221 Ver: 20040219.000000
HijackThis 1.99.0 Ver: 1.99.0
HP Deskjet Preloaded Printer Drivers Ver: 8.3.3.0 Installed: 8/7/2004
HP Diagnostic Assistant Ver: 1.0.0.0 Installed: 8/7/2004
HP Image Zone 4.2 Ver: 4.2
HP Image Zone Plus 4.2 Ver: 4.2
HP Organize
HP Photo & Imaging 3.5 - HP Devices Ver: 3.0
HP PSC & OfficeJet 4.0
HP Software Update Ver: 2.0.39.20040212 Installed: 8/7/2004
hpg2436 Ver: 3.5.0.0 Installed: 8/7/2004
hpg3970 Ver: 3.5.0.0 Installed: 8/7/2004
hpg4600 Ver: 3.5.0.0 Installed: 8/7/2004
hpg5530 Ver: 3.5.0.0 Installed: 8/7/2004
hpg8200 Ver: 3.5.0.0 Installed: 8/7/2004
HPIZ402 Ver: 4.2.2.0 Installed: 8/7/2004
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 8/7/2004
HPSystemDiagnostics Ver: 1.5.0.0 Installed: 8/7/2004
Instant Access
InstantShare Ver: 4.0.0.40 Installed: 8/7/2004
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2 Ver: 2.0.14.348
InterVideo WinDVD Player Ver: 5.0-B11.422
iTunes Ver: 4.5.0.31 Installed: 8/7/2004
iTunes Ver: 4.5.0.31 Installed: 8/7/2004
Java 2 Runtime Environment, SE v1.4.2_03 Ver: 1.4.2_03 Installed: 8/7/2004
KBD
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation) Ver: 2.4.2.2295
LiveUpdate 2.5 (Symantec Corporation) Ver: 2.5.55.0
lkxfiqorvh
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 8/7/2004
Microsoft Money 2004 Ver: 12.0.50 Installed: 1/3/2005
Microsoft Money 2004 System Pack Ver: 12.0.80 Installed: 1/3/2005
Microsoft Office Standard Edition 2003 Ver: 11.0.5614.0 Installed: 8/7/2004
Microsoft Plus! Dancer LE Ver: 1.1.0.3463 Installed: 8/7/2004
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3500 Installed: 8/7/2004
Microsoft Plus! Photo Story 2 LE Ver: 1.1.0.3463 Installed: 8/7/2004
Microsoft Works 7.0 Ver: 07.02.0808 Installed: 8/7/2004
MSN
MSRedist Ver: 1.0.0.0 Installed: 8/8/2004
Norton AntiVirus 2004 Ver: 10.00.25 Installed: 8/8/2004
Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.25
Norton AntiVirus Parent MSI Ver: 10.0.10 Installed: 8/8/2004
Norton Internet Security Ver: 5.2.1.207 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Personal Firewall Ver: 7.0.3.8 Installed: 8/8/2004
Norton Personal Firewall (Symantec Corporation) Ver: 7.0.3.8
Norton Security Center Ver: 2005.1.0.111 Installed: 8/8/2004
Norton WMI Update Ver: 2005.1.0.111 Installed: 8/8/2004
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
PhotoGallery Ver: 43.1.5.000 Installed: 8/7/2004
Photosmart 320,370,7400,8100,8400 Series Ver: 2.0
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen Ver: 43.1.5.000 Installed: 8/7/2004
ProductContext Ver: 43.0.213.000 Installed: 12/31/2004
PS2
PSPrinters06 Ver: 1.00.0000 Installed: 8/7/2004
Pure Networks Port Magic Ver: 1.2.1393.0
Python 2.2 combined Win32 extensions
Python 2.2.1 Ver: 2.2.1
QFolder Ver: 1.00.0000 Installed: 8/7/2004
QuickProjects Ver: 43.1.5.000 Installed: 8/7/2004
QuickTime
Readme Ver: 43.0.213.000 Installed: 8/7/2004
RealPlayer
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan Ver: 4.1.0.0 Installed: 8/7/2004
Shockwave Flash
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
SkinsHP1 Ver: 43.1.5.000 Installed: 8/7/2004
SkinsHP2 Ver: 5.35.0.043 Installed: 8/7/2004
Slyder from Hewlett-Packard Desktops (remove only)
Software Jukebox 2.0 NA-01D Ver: 2.0 Installed: 1/3/2005
Software Jukebox 2.0 NA-01D Ver: 2.0 Installed: 1/3/2005
Sonic RecordNow! Ver: 7.22 Installed: 8/7/2004
Symantec Network Drivers Update Ver: 5.4.3.11 Installed: 1/12/2005
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp Ver: 43.1.5.000 Installed: 8/7/2004
Unload Ver: 4.0.0 Installed: 8/7/2004
Updates from HP
VIA/S3G Display Driver
Viewpoint Media Player
WebFldrs XP Ver: 9.50.7523 Installed: 8/7/2004
WebReg Ver: 43.1.5.000 Installed: 8/7/2004
WildTangent Web Driver
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB891781 Ver: 20050110.165439

 

Download RegSearch.zip and extract the contents of the zip file to it's own folder.
Open and double-click the icon for RegSearch.exe to launch the program.
Enter Instant Access in the top window, lkxfiqorvh on the next line and click OK. After completion Notepad will be opened with all the found instances. Please post that log.

 

reg search resuls

thaREGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.0

; Results at 2/19/2005 10:12:15 AM for strings:
; 'instant access'
; 'lkxfiqurvh'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Instant Access]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]
"DisplayName "= "Instant Access "

 

Download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in lkxfiqorvh, wait, hit ok. Then when wordpad opens, copy that back here please. (The spelling was wrong in your other search. Please use copy and paste.)

 

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "lkxfiqorvh" 2/19/2005 5:47:31 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lkxfiqorvh "= "c:\\windows\\system32\\lkxfiqorvh.exe -start "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lkxfiqorvh]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lkxfiqorvh]
"UninstallString "= "c:\\windows\\system32\\lkxfiqorvh.exe -uninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lkxfiqorvh]
"DisplayName "= "lkxfiqorvh "

[HKEY_USERS\S-1-5-21-3261307229-2605413134-230044076-1009\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\windows\\system32\\lkxfiqorvh.exe "= "lkxfiqorvh "

 

Create a new folder in My Documents named HJT. Move HijackThis.exe to it.

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\lkxfiqorvh.exe

Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, close the Killbox.

C:\WINDOWS\Downlo~1\EGDACCESS.inf
C:\WINDOWS\system32\EGDACCESS_1057.dll



Download and install Reglite. Open and copy/paste the following string in the address window then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The forum format puts a space in the word current that you will need to edit out before clicking Go.

Right click the "lkxfiqorvh "= "c:\\windows\\system32\\lkxfiqorvh.exe -start" value in the right pane and delete. Then copy/paste the following.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lkxfiqorvh

Right click the lkxfiqorvh key in the left pane and delete.

Do the same for;

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access


Exit Reglite when done.



Scan again with HijackThis and place a check next to the following entries if present. Close ALL other windows and click fix.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [FX] C:\windows\winini.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab


Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to your user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

Open C:\WINDOWS and delete the file name here.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Click the Security tab, then highlight Trusted Sites and click the Sites button. Then, still in the control panel, open the Java Plug-in, click the cache tab and then clear.
Open Ad-aware and run in full scan mode. Delete all it finds.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.
Uncheck the /safeboot box in msconfig and ok to reboot.

Go to the Sun Java Website and update your JRE. Current is 1.4.2_07

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

 

Still Zipzaping

could not find, "lkxfiqorvh ". reglite no help. as for hijack scan, the following entries were present, O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab
fixed them.
in safe mode the file name here was not present in c:windows.
as for the rest of them I found and deleted as per your instruction.
In the control panel i deleted temp. int. files.i clicked the security tab,highlighted trusted sitesand clicked sites. what did i gain by doing this, was i supposed to enter a site..opened java plug in clicked cache tabthen clear,did not know what that was to be deleted so i canceled.
Anyway still more and new zipzappromos. Heres my new hijack this scan.



ogfile of HijackThis v1.99.0
Scan saved at 10:12:05 PM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.com/svs/rdr?TYPE...2=Knob&parm3=disabled&p=Type+search+text+here
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B92410D-F993-4F5C-B80D-5B08CC7D1DA6}: NameServer = 205.152.144.235 205.152.37.254
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Must have been tired when I made that last post. Sorry! That was a part I meant to edit out.

Again, sloppy on my part. The file to delete from C:\Windows is winini.exe

lkxfiqorvh is in the registry, and the value and key must be deleted. Run Pocket Killbox again, pasting the same filepaths in from my last post, then reboot to safe mode. Open Reglite and paste the registry paths from that post also, deleting the entries listed. Don't forget to edit the space in the word current before clicking go. You should save that post to text so you can access it in safe mode for copy/pasting.

Run HijackThis again and fix the following entry if present.
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...slv32_EN_XP.cab

Open C:\Windows\Prefetch, select all and delete.
Empty the recycle bin.

Reboot back into Windows and run the RAV scan, then post the results along with a new HJT log.

The Java cache is much like a temporary internet files folder, except used by the Sun Java Virtual machine for java applets, and can hold infected files just like the TIFs folder. The version you are using is outdated and has security vulnerabilities that have been patched in newer versions, which is why I recommended you update your Java.

 

No Luck

I am now receiving charges on my phone bill from ONE CALL COMM,
which is mentioned in the TERMS OF AGREEMENT that appears on the
zipzappromos window.I am also getting popups from waypointcash and
others.Internet explorer keeps shutting down and so does aol, usually
after I close a couple of these popup windows. My computer seems to be
slowing down and i have recently been receiving a lot of spam.the problems seem to be getting worse. Maybe these details will help.

thanks.

Logfile of HijackThis v1.99.0
Scan saved at 8:33:26 PM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.com/svs/rdr?TYPE...2=Knob&parm3=disabled&p=Type+search+text+here
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B92410D-F993-4F5C-B80D-5B08CC7D1DA6}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

for some reason I can't use RAV.

 

Download the attached RemInstAcc.zip file, saving to your desktop. If it saves as attachment.php, right click and rename it.
Extract the file to your desktop.

Reboot to safe mode and double click the extracted RemInstAcc.bat file. Scan again with HijackThis and fix the follwing entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.com/svs/rdr?TYPE...earch+text+here
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binari...ESS_1058_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...slv32_EN_XP.cab

Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.

Reboot back into Windows and post a new HJT log.

 

4 Zipzaps since reboot.
heres my logfile.

Logfile of HijackThis v1.99.0
Scan saved at 12:38:29 AM, on 3/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B92410D-F993-4F5C-B80D-5B08CC7D1DA6}: NameServer = 205.152.144.235 205.152.37.254
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

OK, let's see what we can find with this. Please download dllcompare.exe and save to your desktop. Double click to run. Click on Locate.com and allow the scan to complete. After the scan has finished click on Compare to scan for the files that Windows does not see. This step will take a few minutes to run. If the box at the bottom of the screen contains any filenames, click on Make a Log of what was Found. When prompted to "View Log File" click on "Yes ". Notepad will open with the log file contents. In Notepad, click on "Edit>Select All" then "Edit>Copy" and post the contents. Run another scan, this time changing the file type to *.exe, and post that log also.

 

downloaded dllcompare.exe, tried to run, but was unsuccessful.
kept getting message, Cocuments and Settings\HP_owner\Desktop\dllcompare.exe is not a valid win32 application.

 

That generally means the download was corrupted. Delete that one and re-download. Are you having problems with any other executables running?

 

Tried to re-download several times with no success. I am not having any
trouble with other .exe's.

 

Please post a new log from the List Installed Programs script.

Copy the text in bold below and click Start then run and paste it in the box, then hit enter.

regedit.exe /e C:\run.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "

Open C: and locate run.txt, then post it's contents.

 

INSTALLED SOFTWARE (155) - HUNTER - 3/27/2005 8:50:17 PM

2600 Ver: 43.0.213.000 Installed: 12/31/2004
2600_Help Ver: 43.0.213.000 Installed: 12/31/2004
2600Trb Ver: 43.0.213.000 Installed: 12/31/2004
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 8/7/2004
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 8/7/2004
Agere Systems PCI Soft Modem
AiO_Scan Ver: 43.0.213.000 Installed: 8/7/2004
AiOSoftware Ver: 43.0.213.000 Installed: 8/7/2004
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Spyware Protection Ver: 1.0.66
AOL Toolbar
AOL You've Got Pictures Screensaver
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm Ver: 43.1.5.000 Installed: 8/7/2004
CameraDrivers Ver: 3.1.0 Installed: 8/7/2004
CC_ccProxyMSI Ver: 2.1.1.700 Installed: 8/8/2004
CC_ccStart Ver: 2.1.1.700 Installed: 8/8/2004
ccCommon Ver: 2.1.1.700 Installed: 8/8/2004
Copy Ver: 43.1.5.000 Installed: 8/7/2004
CreativeProjects Ver: 43.1.5.000 Installed: 8/7/2004
CreativeProjectsTemplates Ver: 43.1.5.000 Installed: 8/7/2004
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour Ver: 43.1.5.000 Installed: 8/7/2004
Destinations Ver: 43.1.5.000 Installed: 8/7/2004
Director Ver: 43.1.5.000 Installed: 8/7/2004
DocProc Ver: 4.0.0.0 Installed: 8/7/2004
DocumentViewer Ver: 43.0.213.000 Installed: 8/7/2004
Easy Internet Sign-up Ver: FE UI-3.0.0.1236 Installed: 8/7/2004
Easy Internet Sign-up Ver: FE UI-3.0.0.1236 Installed: 8/7/2004
Fax Ver: 43.0.213.000 Installed: 8/7/2004
Google Toolbar for Internet Explorer
Help and Support Additions
High Definition Audio Driver Package - KB835221 Ver: 20040219.000000
HijackThis 1.99.0 Ver: 1.99.0
HP Deskjet Preloaded Printer Drivers Ver: 8.3.3.0 Installed: 8/7/2004
HP Diagnostic Assistant Ver: 1.0.0.0 Installed: 8/7/2004
HP Image Zone 4.2 Ver: 4.2
HP Image Zone Plus 4.2 Ver: 4.2
HP Organize
HP Photo & Imaging 3.5 - HP Devices Ver: 3.0
HP PSC & OfficeJet 4.0
HP Software Update Ver: 2.0.39.20040212 Installed: 8/7/2004
hpg2436 Ver: 3.5.0.0 Installed: 8/7/2004
hpg3970 Ver: 3.5.0.0 Installed: 8/7/2004
hpg4600 Ver: 3.5.0.0 Installed: 8/7/2004
hpg5530 Ver: 3.5.0.0 Installed: 8/7/2004
hpg8200 Ver: 3.5.0.0 Installed: 8/7/2004
HPIZ402 Ver: 4.2.2.0 Installed: 8/7/2004
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 8/7/2004
HPSystemDiagnostics Ver: 1.5.0.0 Installed: 8/7/2004
Instant Access
InstantShare Ver: 4.0.0.40 Installed: 8/7/2004
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2 Ver: 2.0.14.348
InterVideo WinDVD Player Ver: 5.0-B11.422
iTunes Ver: 4.5.0.31 Installed: 8/7/2004
iTunes Ver: 4.5.0.31 Installed: 8/7/2004
Java 2 Runtime Environment, SE v1.4.2_03 Ver: 1.4.2_03 Installed: 8/7/2004
KBD
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation) Ver: 2.4.2.2295
LiveUpdate 2.5 (Symantec Corporation) Ver: 2.5.55.0
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 8/7/2004
Microsoft Money 2004 Ver: 12.0.50 Installed: 1/3/2005
Microsoft Money 2004 System Pack Ver: 12.0.80 Installed: 1/3/2005
Microsoft Office Standard Edition 2003 Ver: 11.0.5614.0 Installed: 8/7/2004
Microsoft Plus! Dancer LE Ver: 1.1.0.3463 Installed: 8/7/2004
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3500 Installed: 8/7/2004
Microsoft Plus! Photo Story 2 LE Ver: 1.1.0.3463 Installed: 8/7/2004
Microsoft Works 7.0 Ver: 07.02.0808 Installed: 8/7/2004
MSN
MSRedist Ver: 1.0.0.0 Installed: 8/8/2004
Norton AntiVirus 2004 Ver: 10.00.25 Installed: 8/8/2004
Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.25
Norton AntiVirus Parent MSI Ver: 10.0.10 Installed: 8/8/2004
Norton Internet Security Ver: 5.2.1.207 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Internet Security Ver: 7.0.3.8 Installed: 8/8/2004
Norton Personal Firewall Ver: 7.0.3.8 Installed: 8/8/2004
Norton Personal Firewall (Symantec Corporation) Ver: 7.0.3.8
Norton Security Center Ver: 2005.1.0.111 Installed: 8/8/2004
Norton WMI Update Ver: 2005.1.0.111 Installed: 8/8/2004
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
PhotoGallery Ver: 43.1.5.000 Installed: 8/7/2004
Photosmart 320,370,7400,8100,8400 Series Ver: 2.0
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen Ver: 43.1.5.000 Installed: 8/7/2004
ProductContext Ver: 43.0.213.000 Installed: 12/31/2004
PS2
PSPrinters06 Ver: 1.00.0000 Installed: 8/7/2004
Pure Networks Port Magic Ver: 1.2.1393.0
Python 2.2 combined Win32 extensions
Python 2.2.1 Ver: 2.2.1
QFolder Ver: 1.00.0000 Installed: 8/7/2004
QuickProjects Ver: 43.1.5.000 Installed: 8/7/2004
QuickTime
Readme Ver: 43.0.213.000 Installed: 8/7/2004
RealPlayer
Registrar Lite 2.00
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan Ver: 4.1.0.0 Installed: 8/7/2004
Shockwave Flash
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
SkinsHP1 Ver: 43.1.5.000 Installed: 8/7/2004
SkinsHP2 Ver: 5.35.0.043 Installed: 8/7/2004
Slyder from Hewlett-Packard Desktops (remove only)
Software Jukebox 2.0 NA-01D Ver: 2.0 Installed: 1/3/2005
Software Jukebox 2.0 NA-01D Ver: 2.0 Installed: 1/3/2005
Sonic RecordNow! Ver: 7.22 Installed: 8/7/2004
Symantec Network Drivers Update Ver: 5.4.3.11 Installed: 1/12/2005
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp Ver: 43.1.5.000 Installed: 8/7/2004
Unload Ver: 4.0.0 Installed: 8/7/2004
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
WebFldrs XP Ver: 9.50.7523 Installed: 8/7/2004
WebReg Ver: 43.1.5.000 Installed: 8/7/2004
WildTangent Web Driver
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB891781 Ver: 20050110.165439
yjkvrt

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "
"VTTimer "= "VTTimer.exe "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe "
"SSC_UserPrompt "= "c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe "
"Reminder "= "\ "C:\\Windows\\Creator\\Remind_XP.exe\" "
"Recguard "= "C:\\WINDOWS\\SMINST\\RECGUARD.EXE "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"Pure Networks Port Magic "= "\ "C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run "
"PS2 "= "C:\\WINDOWS\\system32\\ps2.exe "
"KBD "= "C:\\HP\\KBD\\KBD.EXE "
"iTunesHelper "= "C:\\Program Files\\iTunes\\iTunesHelper.exe "
"hpsysdrv "= "c:\\windows\\system\\hpsysdrv.exe "
"HPHUPD06 "= "c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe "
"HPHmon06 "= "C:\\WINDOWS\\system32\\hphmon06.exe "
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"AOL Spyware Protection "= "\ "C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\" "
"AlcxMonitor "= "ALCXMNTR.EXE "
"AGRSMMSG "= "AGRSMMSG.exe "
"yjkvrt "= "c:\\windows\\system32\\yjkvrt.exe -start "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

 

Please delete the RemInstAcc.zip and the extracted .bat file previously downloaded. I have attached a new one to this post. Download and save it to your desktop. If it saves as attachment.php, right click and rename to RemInstAcc.zip You may need to enable viewing extensions for known file types to see the zip and bat extensions. To do that, open My Computer and click Tools on the menu, then folder options. Click the view tab of the window that opens and uncheck the box to Hide extensions...... and click OK. Now right click the zip and extract the RemInstAcc.bat file to your desktop. Note to others.....the attachment was written specifically for this machine. Please do not use if you have zipzap popups too. Start your own thread and someone will gladly assist you.

Reboot to safe mode. Logon to your user account. Double click the bat file to run it. A DOS window will open briefly. When it closes, reboot back into Windows and let us know if the popups have stopped.

Post another new HJT log.