1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[zipzappromos and waypointcast.com problems - HijackThis log included]

Discussion in 'Malware and Virus Removal Archive' started by momof2, 2005/02/24.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. 2005/02/24
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    :( I am not very good with the computer but I know that I have a problem.
    I keep on getting pop ups from: zipzappromos and waypointcast.com
    I feel like I have done everything possible. I did the AOL spycheck, Adware SE, and Spybot. Spybot found a lot of stuff and it said that it "fixed" the problems...but when I run it again it finds the same 5 problems again!?!?!
    It says something like HKEY-USERS\S.....? there are 5 of these.

    I notice that in all of these threads they have something called a hijack???
    how do I post that so someone can help me?

    Thanks,
    momof2
     
    Last edited: 2005/02/24
    momof2,
    #1
  2. 2005/02/24
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    here is the hijack list

    I hope I did this right :confused:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:04:53 PM, on 2/24/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Admilli Service\AdmilliServ.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Admilli Service\AdmilliKeep.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\AOLMed~1.exe
    C:\Antispyware.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...0000&C=1102752000000&D=0&I=7.NH4&N=PLHSEM&O=I
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/248cfa0c4f509d558822/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownloader.com/installer.dll
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.84.83.87/activex/AxisCamControl.ocx
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://lopes.armstrong.com/ib/databases/actimage40803.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{401A95BB-6BB0-42CD-BE77-9C3453C4AC2F}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    momof2,
    #2


  3. to hide this advert.

  4. 2005/02/24
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    Please follow Posting Rules (#3 - Meaningful Subject) when posting.

    I have adjusted your subject.
     
    Admin.,
    #3
  5. 2005/02/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS momof2 :)

    Please download the List Installed Programs script from here, run it and post it's log.
     
    noahdfear,
    #4
  6. 2005/02/25
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    INSTALLED SOFTWARE (124) - COMPDONVITO - 2/25/2005 2:06:56 PM

    1310 Ver: 40.0.115.000 Installed: 2/1/2005
    1310_Help Ver: 40.0.115.000 Installed: 2/1/2005
    1310Tour Ver: 40.0.115.000 Installed: 2/1/2005
    1310Trb Ver: 40.0.115.000 Installed: 2/1/2005
    Ad-Aware SE Personal
    Adobe Reader 6.0 Ver: 6.0 Installed: 8/26/2004
    AiO_Scan Ver: 40.0.115.000 Installed: 2/1/2005
    AIOMinimal Ver: 40.0.115.000 Installed: 2/1/2005
    AiOSoftware Ver: 40.0.115.000 Installed: 2/1/2005
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Computer Check-Up
    AOL Connectivity Services
    AOL Spyware Protection Ver: 1.0.76
    AOL Toolbar
    Atari: The 80 Classic Games
    BigFix
    CC_ccStart Ver: 2.0.0.635 Installed: 10/13/2004
    ccCommon Ver: 2.0.0.635 Installed: 10/13/2004
    Copy Ver: 5.35.0.065 Installed: 2/1/2005
    Crayola Magic 3D Coloring Book
    CreativeProjects Ver: 5.35.0.059 Installed: 2/1/2005
    Digital Media Reader Ver: 1.08 Installed: 10/14/2004
    Digital Media Reader Ver: 1.08 Installed: 10/14/2004
    Director Ver: 5.35.0.051 Installed: 2/1/2005
    DocProc Ver: 3.5.0.0 Installed: 2/1/2005
    Easy Language 61 Ver: 1.00.0000 Installed: 1/29/2005
    Edmark - Thinkin' Science
    Edmark Mighty Math Carnival Countdown
    Encyclopaedia Britannica 2005 Ready Reference CD Ver: 2005.0.0.0 Installed: Wed Feb 02 11:27:15 EST 2005
    Fax Ver: 40.0.115.000 Installed: 2/1/2005
    FinePixViewer Ver.4.2
    FUJIFILM USB Driver
    Greeting Card Factory Express Ver: 3.0.0.5 Installed: 2/1/2005
    High Definition Audio Driver Package - KB835221 Ver: 20040219.000000
    HijackThis 1.99.1 Ver: 1.99.1
    HP Image Zone 3.5 Ver: 3.5
    HP PSC & OfficeJet 3.5 Ver: 3.5
    HP Software Update Ver: 1.0.22.20030804 Installed: 2/1/2005
    HPSystemDiagnostics Ver: 1.5.0.0 Installed: 2/1/2005
    ImageMixer VCD2 for FinePix
    InstantShare Ver: 3.5.0.21 Installed: 2/1/2005
    Intel(R) Graphics Media Accelerator Driver
    Java 2 Runtime Environment, SE v1.4.2 Ver: 1.4.2 Installed: 10/13/2004
    Learn2 Player (Uninstall Only)
    LiveReg (Symantec Corporation) Ver: 2.4.2.2295
    LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
    Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 10/13/2004
    Microsoft AntiSpyware Ver: 1.0 Installed: 2/24/2005
    Microsoft Money 2004 Ver: 12.0.50 Installed: 10/13/2004
    Microsoft Money 2004 System Pack Ver: 12.0.80 Installed: 10/13/2004
    Microsoft Picture It! Photo Premium 9 Ver: 9.0.0.0000
    Microsoft Picture It! Photo Premium 9 Ver: 9.0.0.0000 Installed: 10/13/2004
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works Ver: 08.04.0623 Installed: 8/11/2004
    Monopoly
    MSN
    MSRedist Ver: 1.0.0.0 Installed: 10/13/2004
    Musicmatch® Jukebox Ver: 9.00.0156
    Nero BurnRights
    Nero OEM
    Norton AntiVirus 2004 Ver: 10.00.00 Installed: 10/13/2004
    Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.00
    Norton AntiVirus Parent MSI Ver: 10.0.0 Installed: 10/13/2004
    Norton WMI Update Ver: 2005.1.0.111 Installed: 10/13/2004
    oobeFlagNetscape0 Ver: 5.0.0 Installed: 10/13/2004
    Overland Ver: 2.1.4 Installed: 2/1/2005
    Photo Explosion SE Ver: 1.00.0001 Installed: 12/13/2004
    PhotoGallery Ver: 40.0.111.000 Installed: 2/1/2005
    Pinnacle Hollywood FX 5
    PowerDVD
    PrintScreen Ver: 5.35.0.035 Installed: 2/1/2005
    QFolder Ver: 1.00.0000 Installed: 2/1/2005
    qjpcbtsnx
    QuickProjects Ver: 5.35.0.047 Installed: 2/1/2005
    QuickTime
    QuickTime for Windows (32-bit)
    RAW FILE CONVERTER LE
    Reader Rabbit's 1st Grade
    Reader Rabbit's Kindergarten
    Reader Rabbit's Toddler
    Reading Galaxy
    Readme Ver: 40.0.115.000 Installed: 2/1/2005
    Really Wild Animals Swinging Safari
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Scan Ver: 3.5.0.0 Installed: 2/1/2005
    Scrabble Complete
    Scrapbook Factory Ver: 2.00.0004 Installed: 12/13/2004
    Screensavers Installer
    Shockwave
    Shockwave Flash
    SkinsHP1 Ver: 5.35.0.043 Installed: 2/1/2005
    SkinsHP2 Ver: 5.35.0.043 Installed: 2/1/2005
    SoftV92 Data Fax Modem with SmartCP
    Spybot - Search & Destroy 1.3 Ver: 1.3
    Studio 9 Ver: 9.0
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 2/20/2005
    Symantec Script Blocking Installer Ver: 1.0.0 Installed: 10/13/2004
    SymNet Ver: 4.7.1 Installed: 10/13/2004
    The Print Shop 20 Ver: 20.00.0000 Installed: 12/13/2004
    TrayApp Ver: 5.35.0.035 Installed: 2/1/2005
    Typing Instructor Deluxe Ver: 16.1
    Unload Ver: 3.5.0 Installed: 2/1/2005
    Viewpoint Media Player
    WebFldrs XP Ver: 9.50.7523 Installed: 8/26/2004
    WebReg Ver: 5.31.0.147 Installed: 2/1/2005
    Windows Backup Utility Ver: 5.1 Installed: 8/26/2004
    Windows XP Hotfix - KB834707 Ver: 20040929.110854
    Windows XP Hotfix - KB867282 Ver: 20050127.090417
    Windows XP Hotfix - KB873333 Ver: 20050114.005213
    Windows XP Hotfix - KB873339 Ver: 20041117.092459
    Windows XP Hotfix - KB885250 Ver: 20050118.202711
    Windows XP Hotfix - KB885835 Ver: 20041027.181713
    Windows XP Hotfix - KB885836 Ver: 20041028.173203
    Windows XP Hotfix - KB886185 Ver: 20041021.090540
    Windows XP Hotfix - KB887472 Ver: 20041014.162858
    Windows XP Hotfix - KB887742 Ver: 20041103.095002
    Windows XP Hotfix - KB888113 Ver: 20041116.131036
    Windows XP Hotfix - KB888302 Ver: 20041207.111426
    Windows XP Hotfix - KB890047 Ver: 20041221.124506
    Windows XP Hotfix - KB890175 Ver: 20041201.233338
    Windows XP Hotfix - KB891781 Ver: 20050110.165439
     
    momof2,
    #5
  7. 2005/02/25
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    Noahdfear,

    I am sorry, I didn't say thank you for helping me with this :eek:

    THANK YOU :D
    Do those HKEY_CURRENTUSER things mean anything?
    THe microsoft antispy bet said that they are high threats.
    I keep choosing fix and it just comes back as ignored the problem.

    Thanks again for your help...
     
    momof2,
    #6
  8. 2005/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download "Registry Search Tool" (RegSrch.vbs) from here
    http://www.billsway.com/vbspage/
    start it and paste in qjpcbtsnx, wait, hit ok. Then when wordpad opens, copy that back here please.

    We'll get to the HKCU entries. ;)
     
    noahdfear,
    #7
  9. 2005/02/25
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    cant find qjpcbtsrx

    ?
    now there is a zipped file under RRXJ78W

    what the heck did I do!! :confused:
     
    momof2,
    #8
  10. 2005/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You spelled it wrong. Copy it from the above post and paste it in the search tool.
     
    noahdfear,
    #9
  11. 2005/02/25
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    LOL...I am an idiot,

    but I did what you said like 5 times, search came up with nothing I swear. should I do the installed programs log again?
     
    momof2,
    #10
  12. 2005/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Try this one. Download RegSearch.zip and extract the contents of the zip file to it's own folder.
    Open and double-click the icon for RegSearch.exe to launch the program.
    Enter qjpcbtsnx in the top window and click OK. After completion Notepad will be opened with all the found instances. Please post that log. If you still get no results showing registry locations, run it in safe mode.
     
    noahdfear,
    #11
  13. 2005/02/25
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "qjpcbtsnx" 2/25/2005 11:10:56 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "qjpcbtsnx "= "c:\\windows\\system32\\qjpcbtsnx.exe -start "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qjpcbtsnx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qjpcbtsnx]
    "UninstallString "= "c:\\windows\\system32\\qjpcbtsnx.exe -uninstall "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qjpcbtsnx]
    "DisplayName "= "qjpcbtsnx "

    [HKEY_USERS\S-1-5-21-3743782101-3964985693-3798994114-1003\Software\Microsoft\Search Assistant\ACMru\5603]
    "002 "= "qjpcbtsnx "

    [HKEY_USERS\S-1-5-21-3743782101-3964985693-3798994114-1003\Software\Microsoft\Search Assistant\ACMru\5604]
    "000 "= "qjpcbtsnx "

    [HKEY_USERS\S-1-5-21-3743782101-3964985693-3798994114-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\windows\\system32\\qjpcbtsnx.exe "= "qjpcbtsnx "
     
    momof2,
    #12
  14. 2005/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Save this to text where you can access it in safe mode.

    Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

    Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\System32\qjpcbtsnx.exe

    Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, close the Killbox.

    C:\WINDOWS\Downlo~1\EGDACCESS.inf
    C:\WINDOWS\system32\EGDACCESS_1057.dll



    Download and install Reglite.


    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab
    O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab


    Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

    Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to your user account.

    Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.


    Open RegLite and copy/paste the following string in the address window then click go.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    The forum format puts a space in the word current that you will need to edit out before clicking Go.

    Right click the "qjpcbtsnx "= "c:\\windows\\system32\\qjpcbtsnx.exe -start" value in the right pane and delete. Then copy/paste the following.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qjpcbtsnx

    Right click the qjpcbtsnx key in the left pane and delete.

    Then paste,

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access

    click go and delete the Instant Access key in the left pane.

    Exit Reglite.


    Open C:\Temp if present, select all and delete.
    Open C:\Windows\Temp, select all and delete.
    Open C:\Windows\Prefetch, select all and delete.
    Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
    Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.
    Uncheck the /safeboot box in msconfig and ok to reboot.


    Run another HijackThis scan and post the log. Let us know if the popups stop.
     
    noahdfear,
    #13
  15. 2005/03/29
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 1:23:59 PM, on 3/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K38TYLI5\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...0000&C=1102752000000&D=0&I=7.NH4&N=PLHSEM&O=I
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ldbjaufq] c:\windows\system32\ldbjaufq.exe -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/248cfa0c4f509d558822/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://lopes.armstrong.com/ib/databases/actimage40803.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{401A95BB-6BB0-42CD-BE77-9C3453C4AC2F}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    momof2,
    #14
  16. 2005/03/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Fix these two with HJT and reboot.

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ldbjaufq] c:\windows\system32\ldbjaufq.exe -start

    Open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it (always recheck this setting after downloading updates). Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly and watch for any protection being disabled. Then, still in Spybot, click tools button, then IE tweaks and at least lock the HOSTS file.
    Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

    Surf a bit and post a new log.

    Have the popups stopped?
     
    noahdfear,
    #15
  17. 2005/03/30
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    Ok...I downloaded IESpyad.exe and I opened folder C:\IESpuad then three other folders under that appeared called ADLUT,CHOICE and OLD.

    and there are three txt docs. Now what do I do?
     
    momof2,
    #16
  18. 2005/03/30
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    The pop ups are out of control :(
     
    momof2,
    #17
  19. 2005/03/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please download the GetLogXP.zip file attached to this post. Save it to your desktop. If it saves as attachment.php, right click and rename to GetLogXP.zip You may need to enable viewing extensions for known file types to see the zip and php extensions. To do that, open My Computer and click Tools on the menu, then folder options. Click the view tab of the window that opens and uncheck the box to Hide extensions...... and click OK. Now right click the zip and extract the GetLogXP.bat file to your desktop. Double click the file to run it. It will open GetLogXP.txt and place a copy on your desktop. Please post the contents of that log, along with a new HJT log.
     
    noahdfear,
    #18
  20. 2005/03/30
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 2:56:40 PM, on 3/30/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\AOLMed~1.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PD34KNKC\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...0000&C=1102752000000&D=0&I=7.NH4&N=PLHSEM&O=I
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/248cfa0c4f509d558822/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://lopes.armstrong.com/ib/databases/actimage40803.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{401A95BB-6BB0-42CD-BE77-9C3453C4AC2F}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    momof2,
    #19
  21. 2005/03/30
    momof2

    momof2 Inactive Thread Starter

    Joined:
    2005/02/24
    Messages:
    22
    Likes Received:
    0
    still having pop ups :(
     
    momof2,
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...