1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Bunch of errors including firewall and antiviruis down

Discussion in 'Windows XP' started by techogeek, Jan 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. techogeek

    techogeek Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    34
    Viruis is on my computer...it attacked within a matter of hours and shut down my antiviruis and then my firewall and in the windows firewall options it grayed out the buttons on off so theres no way of turning it on, windows update is fine for right now

    i need a way to get rid of it and fast, internet shut down for a while but its back again

    im just gonna post a hijackthis log right now because i know these forums basically run on that.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:54:07 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe
    C:\WINDOWS\R2F1cmF2IEtoYW5uYQ\command.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\msoevc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RpcSs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NuCam\CamCheck\CamCheck.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\windows\winsysban.exe
    C:\WINDOWS\system32\hpsw.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\system32\wgse.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\newfrn.exe
    C:\WINDOWS\system32\84.tmp
    C:\Documents and Settings\Gaurav\Desktop\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
    O4 - HKLM\..\Run: [0oqw0ct0.dll] RUNDLL32.EXE 0oqw0ct0.dll,b 556963031
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pkqpqo.exe reg_run
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
    O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\84.tmp
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Gaurav\Local Settings\Temp\{4417F0E7-B6CC-4F6E-AE6C-B36FD028BD9C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: oiwo.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129121345125
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2F1cmF2IEtoYW5uYQ\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

    please hurry because my computer is very vunerable
     
  2. flynstone

    flynstone

    Joined:
    Feb 21, 2002
    Messages:
    162
    You certainly have New.Net. Carefully follow the instructions in the link below and then post another HJT log. One of the forum experts will then be able to see if you have any further problems -

    http://articles.networktechs.com/400-p1.php

    You also have a problem here -

    O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll

    So perhaps best to wait for an HJT log expert to advise.
     
  3. techogeek

    techogeek Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    34
    i did everything the article said to my best ability but after i uninstalled it from the control panel i didnt find anything after that, the processes and even in the program files

    well im still getting a ton of popups and my internet from the browser isnt working period so im using my laptop. My firewall and antiviruis are still down so i dont know if i completly removed it

    im 3 pages down in the forums, i guess ill be lucky if someone responds to this

    heres my next log tho

    Logfile of HijackThis v1.99.1
    Scan saved at 1:06:12 PM, on 1/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NuCam\CamCheck\CamCheck.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\windows\winsysban.exe
    C:\WINDOWS\system32\hpsw.exe
    C:\WINDOWS\newfrn.exe
    C:\WINDOWS\system32\wgse.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\R2F1cmF2IEtoYW5uYQ\command.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\msoevc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\RpcSs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\E2.tmp
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Gaurav\Desktop\hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iedw.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
    O4 - HKLM\..\Run: [0oqw0ct0.dll] RUNDLL32.EXE 0oqw0ct0.dll,b 556963031
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pkqpqo.exe reg_run
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
    O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\E2.tmp
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129121345125
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2F1cmF2IEtoYW5uYQ\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    DownLoad http://www.cexx.org/lspfix.htm

    Add remove programs – remove newdotnet

    Launch the LSP application, and click the "I know what I'm doing" checkbox.

    Move nothing just click Finish.
    ================
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
    ==============

    I see no reference to a firewall or an AV in your log - what are you using?????
     
  5. techogeek

    techogeek Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    34
    i did everything that you said, the first time i ran the sweeper it stopped halfway through on an adware called webhancer, i had to restart the computer but here is the report on the error.

    date/time : 2006-01-22, 00:48:04, 250ms
    computer name : DESKTOP
    user name : SYSTEM
    operating system : Windows XP Service Pack 2 build 2600
    system language : English
    system up time : 1 minute 20 seconds
    program up time : 30 seconds
    processor : Intel(R) Pentium(R) 4 CPU 2.53GHz
    physical memory : 72/255 MB (free/total)
    free disk space : (C:) 27.63 GB
    display mode : 1152x864, 32 bit
    process id : $5d8
    allocated memory : 5.33 MB
    executable : WRSSSDK.exe
    exec. date/time : 2005-12-14 19:17
    version : 2.0.8.483
    madExcept version : 2.7g
    exception class : EAccessViolation
    exception message : Access violation at address 7C9026A2 in module 'ntdll.dll'. Write of address 004055F2.
    thread $988:
    7c9026a2 ntdll.dll
    00497cc9 WRSSSDK.exe WideRegistry 432 TWideRegistry.GetDataSize
    0054cda8 WRSSSDK.exe StartupEntryList 1439 TStartupEntry.Create
    0054af9c WRSSSDK.exe StartupEntryList 701 TStartupEntryList.GetCurrentStartupRegEntries
    0054ae46 WRSSSDK.exe StartupEntryList 664 TStartupEntryList.GetCurrentStartupList
    0054b4c4 WRSSSDK.exe StartupEntryList 844 TStartupEntryList.UpdateAndPersist
    0054a9c5 WRSSSDK.exe StartupEntryList 530 TStartupEntryList.InitializeList
    0054a350 WRSSSDK.exe StartupEntryList 320 TStartupEntryList.Create
    0054dc98 WRSSSDK.exe ShieldStartup 87 TShieldStartup.Create
    00558a75 WRSSSDK.exe ShieldsInterface 166 TShieldsInterface.Create
    005697c1 WRSSSDK.exe SSEngine 328 TSSEngine.Create
    0058664a WRSSSDK.exe Engine 375 SetupSpyEngine
    00586907 WRSSSDK.exe Engine 437 TEngine.InitializeSpyEngine
    7c90f0a5 ntdll.dll RtlAnsiStringToUnicodeString
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by thread $7cc at:
    77e8760d RPCRT4.dll
    main thread ($5dc):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    77d49416 user32.dll WaitMessage
    00487c98 WRSSSDK.exe Forms TApplication.Idle
    004872ef WRSSSDK.exe Forms TApplication.HandleMessage
    0048adab WRSSSDK.exe SvcMgr TServiceApplication.Run
    0058b320 WRSSSDK.exe WRSSSDK 282 initialization
    thread $720 (TCSIDLRefreshThread):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e9be ntdll.dll NtWaitForSingleObject
    7c8025d5 kernel32.dll WaitForSingleObjectEx
    7c80253d kernel32.dll WaitForSingleObject
    004cf332 WRSSSDK.exe CSIDLRefreshThread 90 TCSIDLRefreshThread.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by main thread ($5dc) at:
    004cf24c WRSSSDK.exe CSIDLRefreshThread 56 TCSIDLRefreshThread.Create
    thread $714 (TDirectoryWatcher):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e9a9 ntdll.dll NtWaitForMultipleObjects
    7c8094ec kernel32.dll WaitForMultipleObjectsEx
    7c809c81 kernel32.dll WaitForMultipleObjects
    0051437e WRSSSDK.exe Watcher 141 TCustomWatcher.WaitForEvent
    00514413 WRSSSDK.exe Watcher 164 TCustomWatcher.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by main thread ($5dc) at:
    00514188 WRSSSDK.exe Watcher 72 TCustomWatcher.Create
    thread $6f4 (TSpyDriverThread): <priority:2>
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90d85a ntdll.dll NtDelayExecution
    7c8023e7 kernel32.dll SleepEx
    7c80244c kernel32.dll Sleep
    005368a5 WRSSSDK.exe SpyDriver 536 TSpyDriverThread.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by main thread ($5dc) at:
    0053673b WRSSSDK.exe SpyDriver 488 TSpyDriverThread.Create
    thread $5a8 (TWinlogonMgr):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e9be ntdll.dll NtWaitForSingleObject
    7c8025d5 kernel32.dll WaitForSingleObjectEx
    7c80253d kernel32.dll WaitForSingleObject
    00538a71 WRSSSDK.exe WinlogonNotifierMgr 251 TWinlogonMgr.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by main thread ($5dc) at:
    0053879e WRSSSDK.exe WinlogonNotifierMgr 190 TWinlogonMgr.Create
    thread $5a4 (TServiceStartThread):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e286 ntdll.dll NtReadFile
    7c80186f kernel32.dll ReadFile
    77e37dc7 advapi32.dll StartServiceCtrlDispatcherA
    0048abe7 WRSSSDK.exe SvcMgr TServiceStartThread.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by main thread ($5dc) at:
    0048ab7f WRSSSDK.exe SvcMgr TServiceStartThread.Create
    thread $550:
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e9be ntdll.dll NtWaitForSingleObject
    7c8025d5 kernel32.dll WaitForSingleObjectEx
    7c80253d kernel32.dll WaitForSingleObject
    0044c560 WRSSSDK.exe Classes TThread.WaitFor
    0048a0b9 WRSSSDK.exe SvcMgr TService.DoStart
    00489fe8 WRSSSDK.exe SvcMgr TService.Main
    0048a4cb WRSSSDK.exe SvcMgr TServiceApplication.DispatchServiceMain
    0048a2ea WRSSSDK.exe SvcMgr ServiceMain
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by thread $5a4 (TServiceStartThread) at:
    77deb355 advapi32.dll
    thread $53c (TServiceThread):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    77d5107d user32.dll GetMessageA
    00489853 WRSSSDK.exe SvcMgr TServiceThread.ProcessRequests
    0049fecf WRSSSDK.exe WRSSSDKService 132 TsvcWRSSSDK.ServiceExecute
    004896c3 WRSSSDK.exe SvcMgr TServiceThread.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by thread $550 at:
    004895d3 WRSSSDK.exe SvcMgr TServiceThread.Create
    thread $7cc:
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e397 ntdll.dll NtReplyWaitReceivePortEx
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by thread $53c (TServiceThread) at:
    77e8760d RPCRT4.dll
    thread $7d0:
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90d85a ntdll.dll NtDelayExecution
    7c8023e7 kernel32.dll SleepEx
    7c80244c kernel32.dll Sleep
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by thread $53c (TServiceThread) at:
    7750cc4a ole32.dll
    thread $a00 (TDefFileRefreshThread):
    7c90eb94 ntdll.dll KiFastSystemCallRet
    7c90e9be ntdll.dll NtWaitForSingleObject
    7c8025d5 kernel32.dll WaitForSingleObjectEx
    7c80253d kernel32.dll WaitForSingleObject
    004c1d72 WRSSSDK.exe DefFileRefreshThread 79 TDefFileRefreshThread.Execute
    0042c5da WRSSSDK.exe madExcept HookedTThreadExecute
    0044c028 WRSSSDK.exe Classes ThreadProc
    00404b58 WRSSSDK.exe System ThreadWrapper
    0042c56f WRSSSDK.exe madExcept ThreadExceptFrame
    >> created by thread $988 at:
    004c1c90 WRSSSDK.exe DefFileRefreshThread 47 TDefFileRefreshThread.Create
    modules:
    00400000 WRSSSDK.exe 2.0.8.483 C:\Program Files\Webroot\Spy Sweeper
    20000000 xpsp2res.dll 5.1.2600.2180 C:\WINDOWS\system32
    5ad60000 vdmdbg.dll 5.1.2600.2180 C:\WINDOWS\system32
    5ad70000 uxtheme.dll 6.0.2900.2180 C:\WINDOWS\system32
    5d090000 comctl32.dll 5.82.2900.2180 C:\WINDOWS\system32
    5edd0000 olepro32.dll 5.1.2600.2180 C:\WINDOWS\system32
    71aa0000 WS2HELP.dll 5.1.2600.2180 C:\WINDOWS\system32
    71ab0000 WS2_32.dll 5.1.2600.2180 C:\WINDOWS\system32
    71ad0000 wsock32.dll 5.1.2600.2180 C:\WINDOWS\system32
    71b20000 mpr.dll 5.1.2600.2180 C:\WINDOWS\system32
    745e0000 msi.dll 3.1.4000.2435 C:\WINDOWS\system32
    75e90000 SXS.DLL 5.1.2600.2180 C:\WINDOWS\system32
    763b0000 comdlg32.dll 6.0.2900.2180 C:\WINDOWS\system32
    76c90000 IMAGEHLP.DLL 5.1.2600.2180 C:\WINDOWS\system32
    76d60000 iphlpapi.dll 5.1.2600.2180 C:\WINDOWS\system32
    76f20000 dnsapi.dll 5.1.2600.2180 C:\WINDOWS\system32
    76fd0000 CLBCATQ.DLL 2001.12.4414.308 C:\WINDOWS\system32
    77050000 COMRes.dll 2001.12.4414.258 C:\WINDOWS\system32
    77120000 oleaut32.dll 5.1.2600.2180 C:\WINDOWS\system32
    771b0000 wininet.dll 6.0.2900.2781 C:\WINDOWS\system32
    773d0000 comctl32.dll 6.0.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
    774e0000 ole32.dll 5.1.2600.2726 C:\WINDOWS\system32
    77920000 SETUPAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
    77a80000 CRYPT32.dll 5.131.2600.2180 C:\WINDOWS\system32
    77b20000 MSASN1.dll 5.1.2600.2180 C:\WINDOWS\system32
    77c00000 version.dll 5.1.2600.2180 C:\WINDOWS\system32
    77c10000 msvcrt.dll 7.0.2600.2180 C:\WINDOWS\system32
    77d40000 user32.dll 5.1.2600.2622 C:\WINDOWS\system32
    77dd0000 advapi32.dll 5.1.2600.2180 C:\WINDOWS\system32
    77e70000 RPCRT4.dll 5.1.2600.2180 C:\WINDOWS\system32
    77f10000 GDI32.dll 5.1.2600.2818 C:\WINDOWS\system32
    77f60000 SHLWAPI.dll 6.0.2900.2781 C:\WINDOWS\system32
    77fe0000 Secur32.dll 5.1.2600.2180 C:\WINDOWS\system32
    7c800000 kernel32.dll 5.1.2600.2180 C:\WINDOWS\system32
    7c900000 ntdll.dll 5.1.2600.2180 C:\WINDOWS\system32
    7c9c0000 shell32.dll 6.0.2900.2763 C:\WINDOWS\system32
    hardware:
    + Computer
    - ACPI Uniprocessor PC
    + Disk drives
    - HP PSC 1610xi USB Device
    - ST360015A
    - WDC WD1600JB-00GVA0
    + Display adapters
    - ATI Technologies, Inc. 3D RAGE PRO PCI
    - NVIDIA GeForce4 MX 420 (driver 5.2.1.6)
    + DVD/CD-ROM drives
    - Generic DVD-ROM SCSI CdRom Device
    - LITEON DVD-ROM LTD163
    - SONY DVD RW DRU-530A
    + Floppy disk controllers
    - Standard floppy disk controller
    + Floppy disk drives
    - Floppy disk drive
    + Human Interface Devices
    - HID-compliant consumer control device
    - USB Human Interface Device
    + IDE ATA/ATAPI controllers
    - Intel(r) 82801BA Bus Master IDE Controller
    - Primary IDE Channel
    - Secondary IDE Channel
    + IEEE 1284.4 compatible printers
    - PSC 1600 (DOT4PRINT) (driver 45.0.99.0)
    - PSC 1600 series (DOT4PRT) (driver 45.0.99.0)
    + IEEE 1284.4 devices
    - PSC 1600 series (DOT4) (driver 45.0.99.0)
    + Imaging devices
    - HP PSC 1600 series (driver 2.0.1.1)
    + Keyboards
    - Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    + Mice and other pointing devices
    - Microsoft USB Wireless Mouse (IntelliPoint)
    + Modems
    - Conexant SmartHSFi V92 56K Speakerphone PCI Modem (driver 5.3.29.0)
    + Monitors
    - Plug and Play Monitor
    + Network adapters
    - Intel(R) PRO/100 M Network Connection (driver 6.1.3.10)
    + Ports (COM
     
  6. techogeek

    techogeek Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    34
    Ane here is the hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 3:37:11 AM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\msoevc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NuCam\CamCheck\CamCheck.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hpsw.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wgse.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\E5.tmp
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Gaurav\Desktop\hijackthis\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam\CamCheck\CamCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [0oqw0ct0.dll] RUNDLL32.EXE 0oqw0ct0.dll,b 556963031
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [Rpc32] C:\WINDOWS\system32\E5.tmp
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129121345125
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

    After all this i also got this weird thing called project 1, it made everything invisible except the backround so i couldnt see desktop items or the toolbar, i ended it as an application and then a second popup came up saying something about project 1

    also i got a rundll error on start up sayin " error loading 0wowqw0wct0.dll failure to load the module"

    To answer your question i used norton as my antiviruis for a while but got rid of it 4 months ago and havent had a problem since, for firewall i just used windows

    the only reason i got this is because a friend imed me on aim about a myspace pic with a link which was the viruis

    i still wanted to ask if you had any thought on windows onecare live beta, i dont have a antiviruis and norton slowed down my computer alot, this seems pretty good but i dont know since its a beta...what do you use??


    the spy sweeper log was HUGE, i saved it as a file to upload but it was 500kb so 300kb over the limit, give me your email if you really want it
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435838

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice