PLEASE HELP!! HJT log listed, need assistance bad.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ronnol

Thread Starter
Joined
Feb 7, 2005
Messages
3
I was hoping that someone could please please please please (if it sounds like I'm desperate, I am) take a look at my HJT log and give me advice. I've gone through forum after forum and cant seem to get rid of about:blank hijack for a couple weeks. I only can find a thread here and there to get rid of but others seem to pop up. Its driving me crazy!!! Thanks for any help, its super appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 5:22:58 PM, on 02/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\DOWNLO~1\WebEx\319\atnthost.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\qttask.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
E:\Documents and Settings\Ron Nol\Application Data\trrp.exe
E:\WINDOWS\System32\w?nspool.exe
E:\WINDOWS\DOWNLO~1\WebEx\319\raagtx.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
E:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\Iomega\AutoDisk\ADService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Ron Nol\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\RONNOL~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\RONNOL~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {716AC7E8-2673-77A8-26F7-53879C83E993} - E:\WINDOWS\System32\ptnikpr.dll
O2 - BHO: (no name) - {A5C1A489-7130-1F02-58A2-3D05ABB60FF6} - E:\WINDOWS\system32\d3cn.dll (file missing)
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - E:\WINDOWS\system32\011gu.dll
O2 - BHO: (no name) - {CE158CA8-E9CF-48B4-8917-BD8DA2ACB333} - E:\WINDOWS\System32\nodj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] E:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [H3Hhsm8] e:\documents and settings\ron nol\local settings\temp\H3Hhsm8.exe
O4 - HKLM\..\Run: [xhrmy] E:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [bS] E:\documents and settings\ron nol\local settings\temp\bS.exe
O4 - HKLM\..\Run: [lMfj] E:\documents and settings\ron nol\local settings\temp\lMfj.exe
O4 - HKLM\..\Run: [j3F] E:\documents and settings\ron nol\local settings\temp\j3F.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [ey8u4kw.exe] E:\WINDOWS\System32\ey8u4kw.exe /k
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [aCosRWipW] mousic.exe
O4 - HKCU\..\Run: [Seaa] E:\Documents and Settings\Ron Nol\Application Data\trrp.exe
O4 - HKCU\..\Run: [Eoivby] E:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\RunOnce: [ey8u4kw.exe] E:\WINDOWS\System32\ey8u4kw.exe /k
O4 - Global Startup: Access Anywhere Agent.LNK = ?
O4 - Global Startup: hp psc 2000 Series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = E:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - E:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - E:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://E:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: ServerPushBox - http://66.251.36.148:1104/servp14.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/18e01989561cd6518704/netzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Filter: text/html - {E54A0EAA-F08D-413C-82A5-ECF07A5B7C42} - E:\WINDOWS\System32\nodj.dll
O18 - Filter: text/plain - {E54A0EAA-F08D-413C-82A5-ECF07A5B7C42} - E:\WINDOWS\System32\nodj.dll
O23 - Service: Ati HotKey Poller - Unknown - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AT Host Service - WebEx - E:\WINDOWS\DOWNLO~1\WebEx\319\atnthost.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Iomega Active Disk - Iomega Corporation - E:\Program Files\Iomega\AutoDisk\ADService.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top