1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinFixer 2000 Removal

Discussion in 'Virus & Other Malware Removal' started by markstro, Jan 14, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    I have tried all sorts of suggestions from threads on your site and others. Cannot get rid of this problem, second time I have had it, successful the first time. I am posting a HJT file hoping someone can see something to remove. Thanks.
    Logfile of HijackThis v1.99.1
    Scan saved at 8:53:26 AM, on 1/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Chameleon Clock\ChamClock.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\mlljg.dll
    O2 - BHO: (no name) - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - (no file)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N56M0311NetInstaller.exe" -nag
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
    O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  2. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    Typo on previous title, Winfixer 2005 Removal
    I am on a Compaq Presario with WinXP Home
    Thanks again
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
    · Double-click VundoFix.exe to run it.
    · Click the Scan for Vundo button.
    · Once it's done scanning, click the Remove Vundo button.
    · You will receive a prompt asking if you want to remove the files, click YES
    · Once you click yes, your desktop will go blank as it starts removing Vundo.
    · When completed, it will prompt that it will shutdown your computer, click OK.
    · Turn your computer back on.
    · Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    ================
    Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
     
  4. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    Thanks for the help, here are the two files, vundofix and HJT taken after running Vundofix.

    VundoFix V4.0

    Listing files found while scanning....

    C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.bak1
    C:\WINDOWS\system32\gjllm.bak2

    Attempting to delete C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\mlljg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.bak1
    C:\WINDOWS\system32\gjllm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.bak2
    C:\WINDOWS\system32\gjllm.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!
    VundoFix V4.0

    Listing files found while scanning....


    Logfile of HijackThis v1.99.1
    Scan saved at 9:27:54 PM, on 1/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N56M0311NetInstaller.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Chameleon Clock\ChamClock.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  6. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    Spysweeper Log for 1-15-06
    ********
    1:31 PM: | Start of Session, Sunday, January 15, 2006 |
    1:31 PM: Spy Sweeper started
    1:31 PM: Sweep initiated using definitions version 601
    1:31 PM: Starting Memory Sweep
    1:44 PM: Memory Sweep Complete, Elapsed Time: 00:13:02
    1:44 PM: Starting Registry Sweep
    1:45 PM: Found Adware: delfin
    1:45 PM: HKLM\software\mvu\ (2 subtraces) (ID = 124885)
    1:46 PM: Found Adware: elitemediagroup-mediamotor
    1:46 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\ (2 subtraces) (ID = 140170)
    1:46 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 140199)
    1:46 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
    1:47 PM: Found Adware: 180search assistant/zango
    1:47 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
    1:47 PM: Found Adware: winad
    1:47 PM: HKCR\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1023385)
    1:47 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592)
    1:47 PM: HKLM\software\classes\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1049593)
    1:47 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594)
    1:47 PM: Found Trojan Horse: trojan-downloader-pacisoft
    1:47 PM: HKU\S-1-5-21-2219473033-2116889429-1905404163-1009\software\ps1\ (2 subtraces) (ID = 136529)
    1:48 PM: Registry Sweep Complete, Elapsed Time:00:04:10
    1:48 PM: Starting Cookie Sweep
    1:48 PM: Found Spy Cookie: adknowledge cookie
    1:48 PM: [email protected][1].txt (ID = 2072)
    1:48 PM: Found Spy Cookie: burstnet cookie
    1:48 PM: [email protected][2].txt (ID = 2336)
    1:48 PM: Found Spy Cookie: statcounter cookie
    1:48 PM: [email protected][2].txt (ID = 3447)
    1:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    1:49 PM: Starting File Sweep
    1:50 PM: Found Adware: ist istbar
    1:50 PM: ppq1c.tmp (ID = 195)
    1:51 PM: Found Adware: ist yoursitebar
    1:51 PM: ysbactivex.dll (ID = 217709)
    2:02 PM: Found Adware: shopathomeselect
    2:02 PM: flffp85v.dat (ID = 75607)
    2:17 PM: luaskkd6.dat (ID = 75801)
    2:18 PM: hodudctc.dat (ID = 75949)
    2:22 PM: pcs_0002.exe (ID = 71761)
    2:27 PM: Found Adware: trojan-downloader-exfol
    2:27 PM: eins005.exe (ID = 215811)
    2:27 PM: mediagateway.exe (ID = 214272)
    2:27 PM: m67m.inf (ID = 133213)
    2:30 PM: m67m.ocx (ID = 133214)
    2:32 PM: Found Adware: popnav hijacker
    2:32 PM: stop popups.url (ID = 72592)
    2:32 PM: Found Trojan Horse: 2nd-thought
    2:32 PM: ebay.url (ID = 48213)
    2:32 PM: best buy.url (ID = 48168)
    2:32 PM: buy.com.url (ID = 48207)
    2:33 PM: ebay.url (ID = 48213)
    2:33 PM: walmart.url (ID = 48361)
    2:33 PM: search casinos.url (ID = 48330)
    2:33 PM: search dating.url (ID = 48331)
    2:33 PM: search now.url (ID = 48332)
    2:33 PM: search sports.url (ID = 48333)
    2:33 PM: internet privacy software.url (ID = 48302)
    2:33 PM: online virus scan.url (ID = 48317)
    2:33 PM: popup blocker.url (ID = 72592)
    2:33 PM: search the internet.url (ID = 72593)
    2:38 PM: Warning: Unhandled Archive Type
    2:38 PM: Warning: Invalid file - not a PKZip file
    2:38 PM: Warning: Invalid file - not a PKZip file
    2:40 PM: File Sweep Complete, Elapsed Time: 00:51:23
    2:40 PM: Full Sweep has completed. Elapsed time 01:08:47
    2:40 PM: Traces Found: 56
    6:32 PM: Removal process initiated
    6:32 PM: Quarantining All Traces: 180search assistant/zango
    6:32 PM: Quarantining All Traces: 2nd-thought
    6:32 PM: Quarantining All Traces: ist istbar
    6:32 PM: Quarantining All Traces: delfin
    6:32 PM: Quarantining All Traces: popnav hijacker
    6:32 PM: Quarantining All Traces: trojan-downloader-exfol
    6:32 PM: Quarantining All Traces: trojan-downloader-pacisoft
    6:32 PM: Quarantining All Traces: winad
    6:32 PM: Quarantining All Traces: elitemediagroup-mediamotor
    6:32 PM: Quarantining All Traces: ist yoursitebar
    6:32 PM: Quarantining All Traces: shopathomeselect
    6:32 PM: Quarantining All Traces: adknowledge cookie
    6:32 PM: Quarantining All Traces: burstnet cookie
    6:32 PM: Quarantining All Traces: statcounter cookie
    6:33 PM: Removal process completed. Elapsed time 00:00:32
    ********
    1:28 PM: | Start of Session, Sunday, January 15, 2006 |
    1:28 PM: Spy Sweeper started
    1:30 PM: Your spyware definitions have been updated.
    1:30 PM: Your definitions are up to date.
    1:31 PM: | End of Session, Sunday, January 15, 2006 |

    HJT 1-15-06 run after SpySweeper
    Logfile of HijackThis v1.99.1
    Scan saved at 6:36:05 PM, on 1/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N56M0311NetInstaller.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Chameleon Clock\ChamClock.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Thanks
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this with HIJack

    O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)

    =========

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  8. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    Here is the ewido log file
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 7:53:36 PM, 1/16/2006
    + Report-Checksum: 5F8F59D4

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq364.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq365.tmp -> Spyware.Cookie.Com : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq366.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq367.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq368.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq878.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87B.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87C.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87D.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87E.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87F.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq880.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq881.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq883.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq884.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq885.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq886.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq888.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq889.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88B.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88C.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88D.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88E.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88F.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq890.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq891.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq892.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq893.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq894.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A9.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9AB.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9AD.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9AE.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9AF.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B0.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
    C:\WINDOWS\system32\ssqrs.dll -> Adware.Virtumonde : Cleaned with backup


    ::Report End

    And the current HJT logfile
    Logfile of HijackThis v1.99.1
    Scan saved at 6:44:24 PM, on 1/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N56M0311NetInstaller.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Chameleon Clock\ChamClock.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    I take it that you meant that I would not receive any more email notifications and would have to check the forum itself for any replies?? Correct???
    Thanks for all your help, it looks like you cleared up the original problem and a few more with the scanners you suggested I use.
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Lets see the HiJack log now the one you posted was before Ewido was run

    Clean out the Yahoo Quarantine
     
  10. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    Here is the latest HJT from 1-17-06

    Logfile of HijackThis v1.99.1
    Scan saved at 7:18:37 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Chameleon Clock\ChamClock.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  12. markstro

    markstro Thread Starter

    Joined:
    Jan 14, 2006
    Messages:
    17
    It appeared to be solved a few steps ago, glad a few more bad things were removed as well. Maybe they contributed to the problem or not, anyway thanks for your time. On to the next issue in another forum. Thanks again:)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/434005

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice