1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Computer worse than ever! Help needed. Log included.

Discussion in 'Virus & Other Malware Removal' started by jmt, May 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    Hi,
    It seems like my computer is at it's worst. Programs are running very sloly or not opening at all. Internet will barely connect even though everything says it's connected. It's all adding up and drving me crazy. If anyone knows any way to improve the performance of my computer, it will be greatly appreciated.

    I'm posting my HJT log below. I also run Spybot and Adaware regularly. For some reason my computer will not connect to safe mode, it freezes every time I try.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:00:17 PM, on 5/30/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\w?wexec.exe
    C:\PROGRA~1\FNTS~1\attrib.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\Audible\Bin\ADHelper.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Owner\Desktop\Hijack This\HijackThis.exe

    R3 - URLSearchHook: (no name) - {6C18462D-D7E6-A747-CE0F-AD98BE15A2C5} - C:\WINDOWS\System32\kreqkumg.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O2 - BHO: (no name) - {29BA09C9-C40F-B3AD-7962-EEDC483DBACC} - blank (file missing)
    O2 - BHO: (no name) - {498C312D-E948-08B2-D052-12550BA8281A} - blank (file missing)
    O2 - BHO: (no name) - {498C3D2D-E113-5CE9-8305-12550BA82243} - blank (file missing)
    O2 - BHO: (no name) - {498D3A7D-B647-5BB4-D005-12550BA82513} - blank (file missing)
    O2 - BHO: (no name) - {5AA85317-D2B9-9015-ACDE-C02742388BFD} - blank (file missing)
    O2 - BHO: (no name) - {5ED51EFA-8231-AA9D-1837-AE38773A97CB} - C:\WINDOWS\System32\dlkpkcfj.dll
    O2 - BHO: (no name) - {66AFAAE3-6576-1185-0231-4B3656ECFE92} - blank (file missing)
    O2 - BHO: (no name) - {6C18462D-D7E6-A747-CE0F-AD98BE15A2C5} - C:\WINDOWS\System32\kreqkumg.dll
    O2 - BHO: (no name) - {85196ABE-C38F-4F62-A153-DD0172711CFE} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {DF586760-A6AD-D205-D3EC-D30FA7944892} - blank (file missing)
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [download bone roam face] C:\Documents and Settings\All Users\Application Data\love fork download bone\mp3software.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Zjcopg] C:\WINDOWS\System32\w?wexec.exe
    O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\FNTS~1\attrib.exe" -vt ndrv
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. Sponsor

  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
     
  4. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    Hi Cybertech. Thanks for the response.

    After I scanned for Vundo it said "That my computer wasn't infected" So I could not remove it. Is there anything else I can try?

    Thanks.
     
  5. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Download Findlop by Metallica.
    http://metallica.geekstogo.com/findlop.zip

    Unzip it to your desktop.
    Double click findlop.bat.
    A Notepad file will open.
    Copy the content of that file and paste it into your reply to this thread.
     
  6. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    Here you go. Thanks again.

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job '8F5A56C99445F9D5.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\progra~1\aboutb~1\Isostoreaxis.exe'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'Owner'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 10/04/2004 16:00:00
    NextRun: 05/30/2006 17:00:00
    StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 02/22/1998
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'Symantec NetDetect.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
    Parameters: ''
    WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
    Comment: 'Symantec NetDetect'
    Creator: 'Owner'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 10/04/2004 16:30:00
    NextRun: 05/30/2006 16:25:00
    StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
    ExitCode: 0x65
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    2 Triggers

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 10/04/2004
    EndDate: 00/00/0000
    StartTime: 20:30
    MinutesDuration: 1440
    MinutesInterval: 5
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 1:
    Type: AtLogon
    StartDate: 02/09/2004
    EndDate: 00/00/0000
    StartTime: 13:39
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    * Click on the link below to get lsp-fix.
    Run that to fix your internet connection.

    http://www.cexx.org/lspfix.htm

    Check the box that says "I know what I'm doing".
    Remove lspak.dll and Cdlsp.dll only those two!



    * Run HJT again and put a check in the following:

    R3 - URLSearchHook: (no name) - {6C18462D-D7E6-A747-CE0F-AD98BE15A2C5} - C:\WINDOWS\System32\kreqkumg.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O2 - BHO: (no name) - {29BA09C9-C40F-B3AD-7962-EEDC483DBACC} - blank (file missing)
    O2 - BHO: (no name) - {498C312D-E948-08B2-D052-12550BA8281A} - blank (file missing)
    O2 - BHO: (no name) - {498C3D2D-E113-5CE9-8305-12550BA82243} - blank (file missing)
    O2 - BHO: (no name) - {498D3A7D-B647-5BB4-D005-12550BA82513} - blank (file missing)
    O2 - BHO: (no name) - {5AA85317-D2B9-9015-ACDE-C02742388BFD} - blank (file missing)
    O2 - BHO: (no name) - {5ED51EFA-8231-AA9D-1837-AE38773A97CB} - C:\WINDOWS\System32\dlkpkcfj.dll
    O2 - BHO: (no name) - {66AFAAE3-6576-1185-0231-4B3656ECFE92} - blank (file missing)
    O2 - BHO: (no name) - {6C18462D-D7E6-A747-CE0F-AD98BE15A2C5} - C:\WINDOWS\System32\kreqkumg.dll
    O2 - BHO: (no name) - {85196ABE-C38F-4F62-A153-DD0172711CFE} - (no file)
    O2 - BHO: (no name) - {DF586760-A6AD-D205-D3EC-D30FA7944892} - blank (file missing)
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O4 - HKLM\..\Run: [download bone roam face] C:\Documents and Settings\All Users\Application Data\love fork download bone\mp3software.exe
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
    O4 - HKCU\..\Run: [Zjcopg] C:\WINDOWS\System32\w?wexec.exe
    O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\FNTS~1\attrib.exe" -vt ndrv


    Close all applications and browser windows before you click "fix checked".


    * Delete these folders:
    C:\Documents and Settings\All Users\Application Data\love fork download bone
    c:\progra~1\aboutb~1 --> NOTE: Where you see ~ this only represents the first 6 letters of the folders.


    * Go to add/remove programs and remove Ad-aware 6, that is very old.
    Download AdAware SE Personal version 1.06 http://www.majorgeeks.com/Ad-Aware_SE_Personal_d506.html
    Install the program and launch it.
    On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
    In the main window: Click Start and under Select a scan Mode tick Perform full system scan.
    Deselect Search for negligible risk entries.
    To start the scan, click the Next button.
    When the scan is finished mark everything for removal and get rid of it.
    Right-click the window and choose select all from the drop down menu and then click Next.


    * Go to www.java.com & download the latest version of java 1.5.0.6
    Install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java.


    * Post another HJT log and let me know if you have any problems.
     
  8. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    Ok I did everything. Internet seems back to normal and my programs appear to be running fine. One of them still won't open but that may be another issue. It's AOL Communicator and I can't even find it online anymore to download.

    I can't thank you enough for getting me back on track!

    Here is my most recent HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:33:05 PM, on 5/30/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\w?wexec.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\Program Files\Audible\Bin\ADHelper.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AOL Communicator\ac_launch.exe
    C:\Program Files\AOL Communicator\ac_secdbm.exe
    C:\Documents and Settings\Owner\Desktop\Hijack This\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    We are not out of the woods yet! :)
    There is still something rogue running.

    Please download Webroot SpySweeper from here: http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  10. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    Ok. I did everything. I restarted my computer and a lot of Error messages popped up. Saying things like "Firefox.exe: Bad Image". "The application or DLL ___ is not a valid WIndows image..."

    Here is the Spy Sweeper Session followed by the HJT log.

    ********
    8:36 PM: | Start of Session, Tuesday, May 30, 2006 |
    8:36 PM: Spy Sweeper started
    8:36 PM: Sweep initiated using definitions version 688
    8:36 PM: Starting Memory Sweep
    8:55 PM: Memory Sweep Complete, Elapsed Time: 00:19:27
    8:55 PM: Starting Registry Sweep
    8:55 PM: Found Trojan Horse: 2nd-thought
    8:55 PM: HKCR\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (13 subtraces) (ID = 101977)
    8:55 PM: HKCR\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (7 subtraces) (ID = 101978)
    8:55 PM: HKCR\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (8 subtraces) (ID = 101979)
    8:55 PM: HKCR\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (7 subtraces) (ID = 101980)
    8:55 PM: HKCR\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (7 subtraces) (ID = 101981)
    8:55 PM: HKCR\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (7 subtraces) (ID = 101982)
    8:55 PM: HKCR\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (7 subtraces) (ID = 101983)
    8:55 PM: HKCR\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (7 subtraces) (ID = 101984)
    8:55 PM: HKCR\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (7 subtraces) (ID = 101985)
    8:56 PM: HKCR\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (7 subtraces) (ID = 101986)
    8:56 PM: HKLM\software\classes\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (7 subtraces) (ID = 101993)
    8:56 PM: HKLM\software\classes\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (8 subtraces) (ID = 101994)
    8:56 PM: HKLM\software\classes\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (7 subtraces) (ID = 101995)
    8:56 PM: HKLM\software\classes\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (7 subtraces) (ID = 101996)
    8:56 PM: HKLM\software\classes\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (7 subtraces) (ID = 101997)
    8:56 PM: HKLM\software\classes\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (7 subtraces) (ID = 101998)
    8:56 PM: HKLM\software\classes\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (7 subtraces) (ID = 101999)
    8:56 PM: HKLM\software\classes\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (7 subtraces) (ID = 102000)
    8:56 PM: HKLM\software\classes\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (7 subtraces) (ID = 102001)
    8:56 PM: HKLM\software\classes\swrt01.rt\ (3 subtraces) (ID = 102002)
    8:56 PM: HKCR\swrt01.rt\ (3 subtraces) (ID = 102024)
    8:58 PM: Found Adware: blazefind
    8:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
    8:58 PM: Found Adware: clearsearch
    8:58 PM: HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\ (8 subtraces) (ID = 105599)
    8:58 PM: HKLM\software\classes\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\ (8 subtraces) (ID = 105720)
    9:14 PM: Found Adware: delfin
    9:14 PM: HKLM\software\dsi\ (2 subtraces) (ID = 124852)
    9:15 PM: Found Adware: gain - common components
    9:15 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdplugin1019.dll\ (2 subtraces) (ID = 126765)
    9:16 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hdplugin1019.dll (ID = 126786)
    9:16 PM: Found Adware: golden palace casino
    9:16 PM: HKLM\software\microsoft\windows\currentversion\uninstall\casprog\ (2 subtraces) (ID = 126943)
    9:17 PM: Found Adware: ie driver
    9:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{8f9fbeb8-d216-4d6c-8d21-513157e09c0d}\ (4 subtraces) (ID = 128062)
    9:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (2 subtraces) (ID = 128065)
    9:22 PM: Found Adware: networkessentials
    9:22 PM: HKLM\software\microsoft\windows\currentversion\uninstall\recommended hotfix - 421701d\ (2 subtraces) (ID = 136174)
    9:23 PM: Found Adware: purityscan
    9:23 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
    9:23 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
    9:28 PM: Found Adware: virtualbouncer
    9:28 PM: HKLM\software\classes\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (13 subtraces) (ID = 145549)
    9:28 PM: HKLM\software\classes\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (9 subtraces) (ID = 145551)
    9:28 PM: HKCR\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (9 subtraces) (ID = 145565)
    9:29 PM: Found Adware: websearch toolbar
    9:29 PM: HKLM\software\microsoft\windows\currentversion\installer\userdata\aui\ (1 subtraces) (ID = 146479)
    9:30 PM: HKCR\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\ (11 subtraces) (ID = 392235)
    9:31 PM: HKLM\software\classes\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\ (11 subtraces) (ID = 476604)
    9:31 PM: Found Adware: interads
    9:31 PM: HKLM\software\interads\ (34821 subtraces) (ID = 645794)
    9:45 PM: Found Adware: browseraid
    9:45 PM: HKU\S-1-5-21-1935655697-823518204-682003330-1003\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
    9:46 PM: Found Adware: emesh
    9:46 PM: HKU\S-1-5-21-1935655697-823518204-682003330-1003\software\mm\adwaresys\ (2 subtraces) (ID = 125799)
    9:46 PM: HKU\S-1-5-21-1935655697-823518204-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
    9:46 PM: Found Adware: isearch toolbar
    9:46 PM: HKU\S-1-5-21-1935655697-823518204-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {1a00c40b-da85-4aa3-a67f-582d9347eecd} (ID = 129028)
    9:48 PM: Found Adware: mprocessor
    9:48 PM: HKU\S-1-5-21-1935655697-823518204-682003330-1003\software\mprocessor\ (1 subtraces) (ID = 135283)
    9:49 PM: Found Adware: searchtoolbar
    9:49 PM: HKU\S-1-5-21-1935655697-823518204-682003330-1003\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
    10:02 PM: Registry Sweep Complete, Elapsed Time:01:06:59
    10:02 PM: Starting Cookie Sweep
    10:02 PM: Found Spy Cookie: 888 cookie
    10:02 PM: [email protected][2].txt (ID = 2019)
    10:02 PM: [email protected][3].txt (ID = 2019)
    10:02 PM: Found Spy Cookie: websponsors cookie
    10:02 PM: [email protected][2].txt (ID = 3665)
    10:02 PM: Found Spy Cookie: yieldmanager cookie
    10:02 PM: [email protected][1].txt (ID = 3751)
    10:02 PM: Found Spy Cookie: adknowledge cookie
    10:02 PM: [email protected][1].txt (ID = 2072)
    10:02 PM: Found Spy Cookie: hbmediapro cookie
    10:02 PM: [email protected][1].txt (ID = 2768)
    10:02 PM: Found Spy Cookie: precisead cookie
    10:02 PM: [email protected][1].txt (ID = 3182)
    10:02 PM: Found Spy Cookie: specificclick.com cookie
    10:02 PM: [email protected][1].txt (ID = 3400)
    10:02 PM: Found Spy Cookie: cc214142 cookie
    10:02 PM: [email protected][1].txt (ID = 2367)
    10:02 PM: Found Spy Cookie: atwola cookie
    10:02 PM: [email protected][1].txt (ID = 2256)
    10:02 PM: Found Spy Cookie: ask cookie
    10:02 PM: [email protected][1].txt (ID = 2245)
    10:02 PM: [email protected][2].txt (ID = 2255)
    10:03 PM: Found Spy Cookie: azjmp cookie
    10:03 PM: [email protected][1].txt (ID = 2270)
    10:03 PM: Found Spy Cookie: banner cookie
    10:03 PM: [email protected][1].txt (ID = 2276)
    10:03 PM: [email protected][3].txt (ID = 2276)
    10:03 PM: Found Spy Cookie: belnk cookie
    10:03 PM: [email protected][1].txt (ID = 2292)
    10:03 PM: Found Spy Cookie: cassava cookie
    10:03 PM: [email protected][1].txt (ID = 2362)
    10:03 PM: Found Spy Cookie: tickle cookie
    10:03 PM: [email protected][1].txt (ID = 3530)
    10:03 PM: [email protected][2].txt (ID = 2293)
    10:03 PM: Found Spy Cookie: 2o7.net cookie
    10:03 PM: [email protected][1].txt (ID = 1958)
    10:03 PM: Found Spy Cookie: epilot cookie
    10:03 PM: [email protected][1].txt (ID = 2621)
    10:03 PM: Found Spy Cookie: exitexchange cookie
    10:03 PM: [email protected][1].txt (ID = 2633)
    10:03 PM: Found Spy Cookie: starware.com cookie
    10:03 PM: [email protected][1].txt (ID = 3442)
    10:03 PM: [email protected][1].txt (ID = 2767)
    10:03 PM: Found Spy Cookie: clickandtrack cookie
    10:03 PM: [email protected][1].txt (ID = 2397)
    10:03 PM: Found Spy Cookie: hypertracker.com cookie
    10:03 PM: [email protected][1].txt (ID = 2817)
    10:03 PM: Found Spy Cookie: screensavers.com cookie
    10:03 PM: [email protected][2].txt (ID = 3298)
    10:03 PM: Found Spy Cookie: inqwire cookie
    10:03 PM: [email protected][2].txt (ID = 2867)
    10:03 PM: Found Spy Cookie: metareward.com cookie
    10:03 PM: [email protected][2].txt (ID = 2990)
    10:03 PM: [email protected][1].txt (ID = 1958)
    10:03 PM: Found Spy Cookie: nextag cookie
    10:03 PM: [email protected][1].txt (ID = 5014)
    10:03 PM: [email protected][1].txt (ID = 1958)
    10:03 PM: Found Spy Cookie: touchclarity cookie
    10:03 PM: [email protected][1].txt (ID = 3567)
    10:03 PM: Found Spy Cookie: partypoker cookie
    10:03 PM: [email protected][2].txt (ID = 3111)
    10:03 PM: Found Spy Cookie: rednova cookie
    10:03 PM: [email protected][1].txt (ID = 3245)
    10:03 PM: Found Spy Cookie: rightmedia cookie
    10:03 PM: [email protected][1].txt (ID = 3259)
    10:03 PM: Found Spy Cookie: rn11 cookie
    10:03 PM: [email protected][2].txt (ID = 3261)
    10:03 PM: Found Spy Cookie: servlet cookie
    10:03 PM: [email protected][1].txt (ID = 3345)
    10:03 PM: Found Spy Cookie: sirsearch cookie
    10:03 PM: [email protected][1].txt (ID = 3379)
    10:03 PM: [email protected][2].txt (ID = 3441)
    10:03 PM: Found Spy Cookie: statstracking cookie
    10:03 PM: [email protected][2].txt (ID = 3453)
    10:03 PM: Found Spy Cookie: reliablestats cookie
    10:03 PM: [email protected][2].txt (ID = 3254)
    10:03 PM: Found Spy Cookie: tacoda cookie
    10:03 PM: [email protected][2].txt (ID = 6444)
    10:03 PM: Found Spy Cookie: videodome cookie
    10:03 PM: [email protected][1].txt (ID = 3638)
    10:03 PM: [email protected][1].txt (ID = 2020)
    10:03 PM: Found Spy Cookie: brazilwelcomesyou cookie
    10:03 PM: [email protected][1].txt (ID = 2325)
    10:03 PM: Found Spy Cookie: burstbeacon cookie
    10:03 PM: [email protected][1].txt (ID = 2335)
    10:03 PM: Found Spy Cookie: dbbsrv cookie
    10:03 PM: [email protected][2].txt (ID = 2500)
    10:03 PM: [email protected][1].txt (ID = 2991)
    10:03 PM: [email protected][1].txt (ID = 3298)
    10:03 PM: [email protected][1].txt (ID = 3442)
    10:03 PM: [email protected][2].txt (ID = 3749)
    10:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:26
    10:03 PM: Starting File Sweep
    11:58 PM: c:\documents and settings\all users\application data\pcsvc (20 subtraces) (ID = -2147481135)
    11:58 PM: c:\program files\common files\dpi (ID = -2147481129)
    11:58 PM: c:\program files\maxspeed (3 subtraces) (ID = -2147480852)
    11:58 PM: Found Adware: my daily horoscope
    11:58 PM: c:\program files\my daily horoscope (ID = -2147480579)
    11:59 PM: Found Adware: addestroyer
    11:59 PM: c:\documents and settings\owner\start menu\programs\addestroyer (1 subtraces) (ID = -2147481465)
    12:00 AM: Found Adware: sidesearch
    12:00 AM: c:\program files\lycos\sidesearch (ID = -2147480322)
    12:00 AM: c:\program files\addestroyer (ID = -2147476862)
    12:01 AM: Found Adware: bookedspace
    12:01 AM: c:\windows\bsx32 (29 subtraces) (ID = -2147481346)
    12:01 AM: c:\program files\mprocessor (4 subtraces) (ID = -2147480591)
    12:01 AM: Found Adware: keenvalue/perfectnav
    12:01 AM: c:\program files\powersearch (1 subtraces) (ID = -2147480781)
    12:02 AM: c:\program files\incredifind (1 subtraces) (ID = -2147480783)
    12:02 AM: c:\program files\recommended hotfix - 421701d (1 subtraces) (ID = -2147480533)
    12:05 AM: Found Adware: elitemediagroup-mediamotor
    12:05 AM: a0463288.exe (ID = 74174)
    12:06 AM: a0463271.exe (ID = 51528)
    12:08 AM: a0463276.exe (ID = 74032)
    12:08 AM: Found Adware: e2g
    12:08 AM: a0463277.exe (ID = 59400)
    12:25 AM: a0463269.dll (ID = 51451)
    12:27 AM: second.awp (ID = 70160)
    12:34 AM: Warning: Failed to open file "c:\windows\system32\dllcache\msdasql.dll". The system cannot find the file specified
    12:39 AM: delfinlo.ebd (ID = 57688)
    12:41 AM: Found Adware: cws-aboutblank
    12:41 AM: kbd.dll (ID = 54941)
    12:42 AM: Found Adware: look2me
    12:42 AM: a0463282.exe (ID = 65975)
    12:50 AM: a0463272.dll (ID = 59394)
    1:18 AM: a0463285.exe (ID = 94438)
    1:19 AM: Found Adware: 180search assistant/zango
    1:19 AM: a0463278.exe (ID = 91106)
    1:20 AM: Found Adware: shopathomeselect
    1:20 AM: a0463280.exe (ID = 75876)
    1:20 AM: a0463281.exe (ID = 75877)
    1:22 AM: Found Adware: ezula ilookup
    1:22 AM: 26529973.asw (ID = 111060)
    1:25 AM: Found Adware: apropos
    1:25 AM: utitl.exe (ID = 50135)
    1:26 AM: Found Adware: twain-tech
    1:26 AM: a0463279.exe (ID = 81863)
    1:27 AM: t2emdm.exe (ID = 50135)
    1:28 AM: Found Trojan Horse: bikinidesk
    1:28 AM: a0463267.exe (ID = 51173)
    1:30 AM: a0463266.exe (ID = 51172)
    1:32 AM: Found Adware: lopdotcom
    1:32 AM: software army.exe (ID = 91)
    1:48 AM: innervbinstall.log (ID = 82805)
    1:48 AM: inneradinstall.log (ID = 49035)
    2:08 AM: delfinst.ebd (ID = 57692)
    2:08 AM: delfintg.ebd (ID = 57693)
    2:30 AM: ??oolsv.exe (ID = 73219)
    2:30 AM: ?hkdsk.exe (ID = 73219)
    2:31 AM: a0463268.ico (ID = 65001)
    2:41 AM: febzt.dll (ID = 73217)
    2:48 AM: a0463283.dll (ID = 54862)
    2:49 AM: ?ttrib.exe (ID = 73219)
    3:04 AM: a0463273.exe (ID = 72907)
    3:04 AM: a0459939.exe (ID = 304)
    3:11 AM: sql.dll (ID = 54941)
    3:15 AM: Found Adware: powerstrip
    3:15 AM: preprocess.data (ID = 72703)
    3:20 AM: j?vaw.exe (ID = 73203)
    3:23 AM: zbuxjh.dll (ID = 72955)
    3:23 AM: Found Trojan Horse: trojan-downloader-avatar
    3:23 AM: a0463274.exe (ID = 51807)
    3:24 AM: a0463289.exe (ID = 51807)
    3:24 AM: woinstall.exe (ID = 60687)
    3:24 AM: Found Adware: webhancer
    3:24 AM: a0463290.exe (ID = 83833)
    3:32 AM: addestroyer.lnk (ID = 49032)
    3:38 AM: a0430011.exe (ID = 259385)
    3:38 AM: e6f1873b.dll (ID = 51919)
    3:38 AM: d0ce0c16b1.dll (ID = 51916)
    3:38 AM: a0422292.exe (ID = 259388)
    3:47 AM: Found Adware: spotresults desktop links
    3:47 AM: a0463275.exe (ID = 76322)
    3:54 AM: ezpopstub.exe (ID = 60508)
    3:55 AM: Found Adware: zestyfind desktop links
    3:55 AM: iconz2.exe (ID = 91157)
    3:55 AM: iconz3.exe (ID = 91154)
    3:55 AM: swrt01.dll (ID = 82814)
    4:08 AM: delfinco.edx (ID = 57683)
    4:08 AM: delfinld.edx (ID = 57683)
    4:08 AM: privacy info.url (ID = 63122)
    4:08 AM: terms and conditions.url (ID = 63152)
    4:08 AM: uninstall instructions.url (ID = 63157)
    4:08 AM: a0463292.inf (ID = 81888)
    4:08 AM: delfinbd.edx (ID = 57683)
    4:08 AM: delfined.edx (ID = 57683)
    4:08 AM: delfinid.edx (ID = 57691)
    4:08 AM: delfindl.edx (ID = 57683)
    4:08 AM: delfinaf.edx (ID = 57679)
    4:08 AM: delfinsi.edx (ID = 57691)
    4:08 AM: delfinky.edx (ID = 57685)
    4:34 AM: 26530115.asw (ID = 63132)
    4:34 AM: 26529987.asw (ID = 111056)
    4:34 AM: 26529982.asw (ID = 111058)
    4:34 AM: mxtini.inf (ID = 81846)
    4:34 AM: 26529978.asw (ID = 111059)
    4:34 AM: 26529789.asw (ID = 63132)
    4:34 AM: Found Adware: directrevenue-abetterinternet
    4:34 AM: 26529815.asw (ID = 83199)
    4:34 AM: Found System Monitor: potentially rootkit-masked files
    4:34 AM: 001126137600.mf (ID = 0)
    4:34 AM: 001118880000.mf (ID = 0)
    4:34 AM: 001166054400.mf (ID = 0)
    4:34 AM: 001132185600.mf (ID = 0)
    4:34 AM: 001138233600.mf (ID = 0)
    4:34 AM: 001117670400.mf (ID = 0)
    4:34 AM: 001133395200.mf (ID = 0)
    4:34 AM: 001128556800.mf (ID = 0)
    4:34 AM: 001112832000.mf (ID = 0)
    4:34 AM: 00-my_chemical_romance-three_cheers_for_sweet_revenge-(retail)-2004-rtb.m3u (ID = 0)
    4:34 AM: 00-my_chemical_romance-three_cheers_for_sweet_revenge-(retail)-2004-rtb.sfv (ID = 0)
    4:34 AM: 00-my_chemical_romance-three_cheers_for_sweet_revenge-(retail)-2004-rtb.nfo (ID = 0)
    4:34 AM: 001146700800.mf (ID = 0)
    4:34 AM: 001124928000.mf (ID = 0)
    4:34 AM: 001103155200.mf (ID = 0)
    4:34 AM: 00-the_sound_of_animals_fighting-tiger_and_the_duke-(advance)-2005-cd-kzt.jpg (ID = 0)
    4:34 AM: 00-the_sound_of_animals_fighting-tiger_and_the_duke-(advance)-2005-kzt.m3u (ID = 0)
    4:34 AM: 00-the_sound_of_animals_fighting-tiger_and_the_duke-(advance)-2005-kzt.sfv (ID = 0)
    4:34 AM: 06-the_sound_of_animals_fighting-act_iii_modulate_back_to_the_tonic-kzt.mp3 (ID = 0)
    4:34 AM: 00-the_sound_of_animals_fighting-tiger_and_the_duke-(advance)-2005-kzt.nfo (ID = 0)
    4:34 AM: __db.001 (ID = 0)
    4:34 AM: __db.004 (ID = 0)
    4:34 AM: secmods.db (ID = 0)
    4:34 AM: certs.db (ID = 0)
    4:34 AM: keys.db (ID = 0)
    4:34 AM: __db.003 (ID = 0)
    4:34 AM: log.0000000001 (ID = 0)
    4:34 AM: __db.002 (ID = 0)
    4:34 AM: 001110412800.mf (ID = 0)
    4:35 AM: Found Adware: java byteverify
    4:35 AM: classload.jar-414e4909-6b8b9ea3.zip (ID = 64823)
    4:35 AM: classload.jar-26b69f0a-5d00a527.zip (ID = 64823)
    4:37 AM: Warning: Unhandled Archive Type
    5:19 AM: Warning: Invalid Stream
    5:19 AM: Warning: Invalid Stream
    5:24 AM: File Sweep Complete, Elapsed Time: 07:20:27
    5:24 AM: Full Sweep has completed. Elapsed time 08:47:45
    5:24 AM: Traces Found: 35337
    6:07 AM: Removal process initiated
    6:07 AM: Quarantining All Traces: 180search assistant/zango
    6:07 AM: Quarantining All Traces: 2nd-thought
    6:07 AM: Quarantining All Traces: bikinidesk
    6:07 AM: Quarantining All Traces: clearsearch
    6:07 AM: Quarantining All Traces: cws-aboutblank
    6:07 AM: cws-aboutblank is in use. It will be removed on reboot.
    6:07 AM: kbd.dll is in use. It will be removed on reboot.
    6:07 AM: sql.dll is in use. It will be removed on reboot.
    6:07 AM: Quarantining All Traces: directrevenue-abetterinternet
    6:07 AM: Quarantining All Traces: ie driver
    6:08 AM: Quarantining All Traces: look2me
    6:08 AM: Quarantining All Traces: lopdotcom
    6:08 AM: Quarantining All Traces: purityscan
    6:08 AM: Quarantining All Traces: websearch toolbar
    6:08 AM: Quarantining All Traces: apropos
    6:08 AM: Quarantining All Traces: blazefind
    6:08 AM: Quarantining All Traces: delfin
    6:08 AM: Quarantining All Traces: e2g
    6:08 AM: Quarantining All Traces: elitemediagroup-mediamotor
    6:08 AM: Quarantining All Traces: isearch toolbar
    6:08 AM: Quarantining All Traces: shopathomeselect
    6:09 AM: Quarantining All Traces: sidesearch
    6:09 AM: Quarantining All Traces: trojan-downloader-avatar
    6:09 AM: Quarantining All Traces: addestroyer
    6:09 AM: Quarantining All Traces: bookedspace
    6:09 AM: Quarantining All Traces: browseraid
    6:09 AM: Quarantining All Traces: emesh
    6:09 AM: Quarantining All Traces: ezula ilookup
    6:09 AM: Quarantining All Traces: golden palace casino
    6:09 AM: Quarantining All Traces: interads
    6:10 AM: Quarantining All Traces: java byteverify
    6:10 AM: Quarantining All Traces: keenvalue/perfectnav
    6:10 AM: Quarantining All Traces: mprocessor
    6:10 AM: Quarantining All Traces: my daily horoscope
    6:10 AM: Quarantining All Traces: networkessentials
    6:10 AM: Quarantining All Traces: powerstrip
    6:10 AM: Quarantining All Traces: searchtoolbar
    6:10 AM: Quarantining All Traces: spotresults desktop links
    6:10 AM: Quarantining All Traces: twain-tech
    6:10 AM: Quarantining All Traces: virtualbouncer
    6:10 AM: Quarantining All Traces: webhancer
    6:10 AM: Quarantining All Traces: zestyfind desktop links
    6:10 AM: Quarantining All Traces: 2o7.net cookie
    6:10 AM: Quarantining All Traces: 888 cookie
    6:10 AM: Quarantining All Traces: adknowledge cookie
    6:10 AM: Quarantining All Traces: ask cookie
    6:10 AM: Quarantining All Traces: atwola cookie
    6:10 AM: Quarantining All Traces: azjmp cookie
    6:10 AM: Quarantining All Traces: banner cookie
    6:10 AM: Quarantining All Traces: belnk cookie
    6:10 AM: Quarantining All Traces: brazilwelcomesyou cookie
    6:10 AM: Quarantining All Traces: burstbeacon cookie
    6:10 AM: Quarantining All Traces: cassava cookie
    6:10 AM: Quarantining All Traces: cc214142 cookie
    6:10 AM: Quarantining All Traces: clickandtrack cookie
    6:10 AM: Quarantining All Traces: dbbsrv cookie
    6:10 AM: Quarantining All Traces: epilot cookie
    6:10 AM: Quarantining All Traces: exitexchange cookie
    6:11 AM: Quarantining All Traces: gain - common components
    6:11 AM: Quarantining All Traces: hbmediapro cookie
    6:11 AM: Quarantining All Traces: hypertracker.com cookie
    6:11 AM: Quarantining All Traces: inqwire cookie
    6:11 AM: Quarantining All Traces: metareward.com cookie
    6:11 AM: Quarantining All Traces: nextag cookie
    6:11 AM: Quarantining All Traces: partypoker cookie
    6:11 AM: Quarantining All Traces: precisead cookie
    6:11 AM: Quarantining All Traces: rednova cookie
    6:11 AM: Quarantining All Traces: reliablestats cookie
    6:11 AM: Quarantining All Traces: rightmedia cookie
    6:11 AM: Quarantining All Traces: rn11 cookie
    6:11 AM: Quarantining All Traces: screensavers.com cookie
    6:11 AM: Quarantining All Traces: servlet cookie
    6:11 AM: Quarantining All Traces: sirsearch cookie
    6:11 AM: Quarantining All Traces: specificclick.com cookie
    6:11 AM: Quarantining All Traces: starware.com cookie
    6:11 AM: Quarantining All Traces: statstracking cookie
    6:11 AM: Quarantining All Traces: tacoda cookie
    6:11 AM: Quarantining All Traces: tickle cookie
    6:11 AM: Quarantining All Traces: touchclarity cookie
    6:11 AM: Quarantining All Traces: videodome cookie
    6:11 AM: Quarantining All Traces: websponsors cookie
    6:11 AM: Quarantining All Traces: yieldmanager cookie
    6:19 AM: Removal process completed. Elapsed time 00:12:00
    ********
    8:33 PM: | Start of Session, Tuesday, May 30, 2006 |
    8:33 PM: Spy Sweeper started
    8:35 PM: Your spyware definitions have been updated.
    8:36 PM: | End of Session, Tuesday, May 30, 2006 |



    Logfile of HijackThis v1.99.1
    Scan saved at 6:27:10 AM, on 5/31/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\Audible\Bin\ADHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Owner\Desktop\Hijack This\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sql.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Thanks again.
     
  11. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
  12. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    Ok I tried it. Here is what happened:

    "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
     
  13. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    How is the machine running now?
     
  14. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    It's running a lot better since I posted here. The only problems I know of are these:

    The sql.dll error pops up before opening any program. Sometimes twice. When I restart it, it pops up at least 10-20 times immediately. It's an annoyance, but it's not preventing me from doing anything.

    And right now and for the past few hours my internet connection has been much slower than usual. (but better than before I posted here) Pictures are slow and sometimes aren't even appearing. I don't know whether it's a related problem or something with my internet service.
     
  15. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Run HJT again and put a check in the following:

    O20 - AppInit_DLLs: C:\WINDOWS\System32\sql.dll

    Close all applications and browser windows before you click "fix checked".


    Click Here and download Killbox and save it to your desktop.


    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    In the "Full Path of File to Delete" box, copy and paste the following line.

    C:\WINDOWS\System32\sql.dll


    Click on the button that has the red circle with the X in the middle after you enter the file name.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.

    Note: It is possible that Killbox will tell you that the file does not exist.

    Post a new HJT log after the machine reboots.
     
  16. jmt

    jmt Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    36
    The sql.dll error message is gone now. Thanks! My internet is still on and off. Really slow and sometimes not connecting at all. Here's the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:18:38 AM, on 6/1/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\Audible\Bin\ADHelper.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Owner\Desktop\Hijack This\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/471349

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice