Options
HJT Log - JGK150 Startup Problems
Logfile of HijackThis v1.99.0
Scan saved at 2:42:32 PM, on 1/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\system32\gearsec.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\EPO\naimas32.exe
D:\WINNT\system32\NALNTSRV.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE
D:\WINNT\system32\wm.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\mqsvc.exe
D:\WINNT\Explorer.EXE
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
D:\WINNT\system32\devldr32.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\EPO\naimag32.exe
D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
D:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\WINNT\TPPALDR.EXE
D:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\WINNT\system32\oreshkpg.exe
D:\temp\salm.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Windows ControlAd\WinCtlAd.exe
D:\WINNT\system32\NWTRAY.EXE
D:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
D:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
D:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE
D:\Program Files\Microsoft Office\Office\OSA.EXE
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
D:\WINNT\system32\wuauclt.exe
G:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.bellatlantic.net/infospeed"); (D:\Program Files\Netscape\Users\kwakj\prefs.js)
O1 - Hosts: 162.69.3.170 mail1
O1 - Hosts: 162.69.3.97 mail3
O1 - Hosts: 198.140.63.103 siac
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - D:\WINNT\system32\ATPART~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Internet Explorer Tracker - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - D:\PROGRA~1\GOGOTO~1\Gogoware\HTMLEdit.dll
O2 - BHO: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - D:\WINNT\DOWNLO~1\megasear.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - D:\WINNT\DOWNLO~1\instafin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - D:\WINNT\DOWNLO~1\megasear.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NaimAgent_UI] C:\Program Files\EPO\naimag32.exe
O4 - HKLM\..\Run: [HP Lamp] D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [CreateCD50] "D:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] D:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] D:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [Spyware Stormer] D:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [WT GameChannel] D:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [xhisyro] D:\WINNT\system32\oreshkpg.exe
O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows ControlAd] D:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [RUNGogoTools] D:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
O4 - HKCU\..\Run: [Attune Download] D:\PROGRA~1\Aveo\Attune\Updater1\Attunel.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] D:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - Startup: MemTurbo.lnk = D:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Convert for CLIÉ - D:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .asx: D:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.premiumzone.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7613FB2-3EDE-405E-9332-610DE75F2958}: Domain = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7613FB2-3EDE-405E-9332-610DE75F2958}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = JNKCTI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = JNKCTI
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service - GEAR Software - D:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield - Unknown - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NAI ePolicy Orchestrator Agent - Network Associates, Inc. - C:\Program Files\EPO\naimas32.exe
O23 - Service: Novell Application Launcher - Novell, Inc. - D:\WINNT\system32\NALNTSRV.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Check Point SecuRemote Service - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - D:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE
O23 - Service: VNC Server - AT&T Research Labs Cambridge - D:\Program Files\ORL\VNC\WinVNC.exe
O23 - Service: Novell Workstation Manager - Novell, Inc. - D:\WINNT\system32\wm.exe
This is my HJT log. Please help me SM, my computer is acting funny and weird stuff has been happening lately. Like, Zone alarm has stopped working, the OS is asking for the system CD to replace certian "unknown versions" of system files. Recently my antivirus has caught a worm that is supposedly capable of shutting down security programs. And my internet explorer doesn't allow me to use the internet for more than 10 mins. I've run adaware and other spyware programs before posting this log. Thank you for your time.
By the way, this isn't just happening on one of my computers, it's affecting al my computers. Same symptoms and effects. Same problems. I'm guessing there are 100 other people out there experiencing the same thing I am.
Scan saved at 2:42:32 PM, on 1/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\system32\gearsec.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\EPO\naimas32.exe
D:\WINNT\system32\NALNTSRV.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE
D:\WINNT\system32\wm.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\mqsvc.exe
D:\WINNT\Explorer.EXE
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
D:\WINNT\system32\devldr32.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\EPO\naimag32.exe
D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
D:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\WINNT\TPPALDR.EXE
D:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\WINNT\system32\oreshkpg.exe
D:\temp\salm.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Windows ControlAd\WinCtlAd.exe
D:\WINNT\system32\NWTRAY.EXE
D:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
D:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
D:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE
D:\Program Files\Microsoft Office\Office\OSA.EXE
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
D:\WINNT\system32\wuauclt.exe
G:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.bellatlantic.net/infospeed"); (D:\Program Files\Netscape\Users\kwakj\prefs.js)
O1 - Hosts: 162.69.3.170 mail1
O1 - Hosts: 162.69.3.97 mail3
O1 - Hosts: 198.140.63.103 siac
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - D:\WINNT\system32\ATPART~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Internet Explorer Tracker - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - D:\PROGRA~1\GOGOTO~1\Gogoware\HTMLEdit.dll
O2 - BHO: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - D:\WINNT\DOWNLO~1\megasear.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - D:\WINNT\DOWNLO~1\instafin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - D:\WINNT\DOWNLO~1\megasear.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NaimAgent_UI] C:\Program Files\EPO\naimag32.exe
O4 - HKLM\..\Run: [HP Lamp] D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [CreateCD50] "D:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] D:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] D:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [Spyware Stormer] D:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [WT GameChannel] D:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [xhisyro] D:\WINNT\system32\oreshkpg.exe
O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows ControlAd] D:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [RUNGogoTools] D:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
O4 - HKCU\..\Run: [Attune Download] D:\PROGRA~1\Aveo\Attune\Updater1\Attunel.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] D:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - Startup: MemTurbo.lnk = D:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Convert for CLIÉ - D:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .asx: D:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.premiumzone.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7613FB2-3EDE-405E-9332-610DE75F2958}: Domain = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7613FB2-3EDE-405E-9332-610DE75F2958}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = JNKCTI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = JNKCTI
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service - GEAR Software - D:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield - Unknown - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NAI ePolicy Orchestrator Agent - Network Associates, Inc. - C:\Program Files\EPO\naimas32.exe
O23 - Service: Novell Application Launcher - Novell, Inc. - D:\WINNT\system32\NALNTSRV.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Check Point SecuRemote Service - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - D:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE
O23 - Service: VNC Server - AT&T Research Labs Cambridge - D:\Program Files\ORL\VNC\WinVNC.exe
O23 - Service: Novell Workstation Manager - Novell, Inc. - D:\WINNT\system32\wm.exe
This is my HJT log. Please help me SM, my computer is acting funny and weird stuff has been happening lately. Like, Zone alarm has stopped working, the OS is asking for the system CD to replace certian "unknown versions" of system files. Recently my antivirus has caught a worm that is supposedly capable of shutting down security programs. And my internet explorer doesn't allow me to use the internet for more than 10 mins. I've run adaware and other spyware programs before posting this log. Thank you for your time.
By the way, this isn't just happening on one of my computers, it's affecting al my computers. Same symptoms and effects. Same problems. I'm guessing there are 100 other people out there experiencing the same thing I am.
0