Yield Manager

Comments

• jmoney3457 Maine

  August 2006 edited August 2006

  hi why, yes you are QUITE infected but dont worry..lets take care of the new.net first please follow these instructions and post new hjt log after you do them-->Please download LSP-Fix from the following link and save it to a location you can find later if necessary.
  
  LSP-Fix Download Link
  
  To remove New.net. please go to Start | Settings | Control Panel | Add/Remove Programs, look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.
  
  If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.

  0
• Whydoucare

  August 2006 edited August 2006

  i think i removed it...its just going really slow...with all the pop ups coming up...
  
  EDIT: its removed..and i can still access internet..

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  did you follow the new.net removal instructions I posted? if so please post new hjt log so i can be sure

  0
• Whydoucare

  August 2006 edited August 2006

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\Program Files\Real\RealPlayer\RealPlay.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\WINDOWS\xload.exe
  C:\Program Files\Network Monitor\netmon.exe
  C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
  C:\Program Files\BigFix\BigFix.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\wanmpsvc.exe
  C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\WINDOWS\explorer.exe
  C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe
  
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
  F2 - REG:system.ini: UserInit=userinit.exe
  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
  O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
  O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\yusuf kharadi\Desktop\MsgPlus.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [first sect locks bows] C:\Documents and Settings\All Users\Application Data\Third great first sect\Trustmapi.exe
  O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
  O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
  O4 - HKLM\..\Run: [win3208056-1729987] C:\WINDOWS\win3208056-1729987.exe
  O4 - HKLM\..\Run: [kxnb1ee5] RUNDLL32.EXE w00bb07e.dll,n 003b1ee20000000a00bb07e
  O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
  O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
  O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
  O4 - HKCU\..\Run: [Math open] C:\DOCUME~1\YUSUFK~1\APPLIC~1\STARTGPL\Ford software close.exe
  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
  O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
  O4 - HKCU\..\Run: [frqf] C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
  O15 - Trusted Zone: *.adgate.info
  O15 - Trusted Zone: *.adsextend.net
  O15 - Trusted Zone: *.dollarrevenue.com
  O15 - Trusted Zone: *.elitemediagroup.net
  O15 - Trusted Zone: *.imagesrvr.com
  O15 - Trusted Zone: *.matcash.com
  O15 - Trusted Zone: *.media-motor.com
  O15 - Trusted Zone: *.mediatickets.net
  O15 - Trusted Zone: *.snipernet.biz
  O15 - Trusted Zone: *.sxload.com
  O15 - Trusted Zone: *.systemdoctor.com
  O15 - Trusted Zone: *.winantivirus.com
  O15 - Trusted Zone: *.adgate.info (HKLM)
  O15 - Trusted Zone: *.adsextend.net (HKLM)
  O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
  O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
  O15 - Trusted Zone: *.imagesrvr.com (HKLM)
  O15 - Trusted Zone: *.matcash.com (HKLM)
  O15 - Trusted Zone: *.media-motor.com (HKLM)
  O15 - Trusted Zone: *.mediatickets.net (HKLM)
  O15 - Trusted Zone: *.snipernet.biz (HKLM)
  O15 - Trusted Zone: *.systemdoctor.com (HKLM)
  O15 - Trusted Zone: *.winantivirus.com (HKLM)
  O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://www.bardownload.com/prompt/cabs/website.cab
  O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
  O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
  O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
  O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - AppInit_DLLs: repairs303169590.dll
  O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\en86l1ls1.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  if it didnt delete im gonna reboot my comp

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  yes you did remove it good job, now please do a system scan only in hijackthis! and fix (check) the following lines making sure NO windows especially browsers are open during the fix except of course for hjt itself then reboot and post new log-->O15 - Trusted Zone: *.adgate.info
  O15 - Trusted Zone: *.adsextend.net
  O15 - Trusted Zone: *.dollarrevenue.com
  O15 - Trusted Zone: *.elitemediagroup.net
  O15 - Trusted Zone: *.imagesrvr.com
  O15 - Trusted Zone: *.matcash.com
  O15 - Trusted Zone: *.media-motor.com
  O15 - Trusted Zone: *.mediatickets.net
  O15 - Trusted Zone: *.snipernet.biz
  O15 - Trusted Zone: *.sxload.com
  O15 - Trusted Zone: *.systemdoctor.com
  O15 - Trusted Zone: *.winantivirus.com
  O15 - Trusted Zone: *.adgate.info (HKLM)
  O15 - Trusted Zone: *.adsextend.net (HKLM)
  O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
  O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
  O15 - Trusted Zone: *.imagesrvr.com (HKLM)
  O15 - Trusted Zone: *.matcash.com (HKLM)
  O15 - Trusted Zone: *.media-motor.com (HKLM)
  O15 - Trusted Zone: *.mediatickets.net (HKLM)
  O15 - Trusted Zone: *.snipernet.biz (HKLM)
  O15 - Trusted Zone: *.systemdoctor.com (HKLM)
  O15 - Trusted Zone: *.winantivirus.com (HKLM)

  0
• Whydoucare

  August 2006 edited August 2006

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\zHotkey.exe
  C:\Program Files\Multimedia Card Reader\shwicon2k.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\Program Files\Real\RealPlayer\RealPlay.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\windows\system32\rlvknlg.exe
  C:\WINDOWS\xload.exe
  C:\kybrdff_14.exe
  C:\WINDOWS\System32\RUNDLL32.EXE
  C:\nwnmff_14.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
  C:\dfndrff_14.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
  C:\Program Files\aim\aim.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
  C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  C:\Program Files\BigFix\BigFix.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\WINDOWS\System32\nvsvc32.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\wanmpsvc.exe
  C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\v1201.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\System32\conime.exe
  c:\ucmoreiex.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe
  
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
  F2 - REG:system.ini: UserInit=userinit.exe
  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
  O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
  O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\yusuf kharadi\Desktop\MsgPlus.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [first sect locks bows] C:\Documents and Settings\All Users\Application Data\Third great first sect\Trustmapi.exe
  O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
  O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
  O4 - HKLM\..\Run: [win3208056-1729987] C:\WINDOWS\win3208056-1729987.exe
  O4 - HKLM\..\Run: [kxnb1ee5] RUNDLL32.EXE w00bb07e.dll,n 003b1ee20000000a00bb07e
  O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
  O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
  O4 - HKCU\..\Run: [Math open] C:\DOCUME~1\YUSUFK~1\APPLIC~1\STARTGPL\Ford software close.exe
  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
  O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
  O4 - HKCU\..\Run: [frqf] C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
  O15 - Trusted Zone: *.adsextend.net
  O15 - Trusted Zone: *.dollarrevenue.com
  O15 - Trusted Zone: *.elitemediagroup.net
  O15 - Trusted Zone: *.imagesrvr.com
  O15 - Trusted Zone: *.matcash.com
  O15 - Trusted Zone: *.sxload.com
  O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://www.bardownload.com/prompt/cabs/website.cab
  O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
  O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
  O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
  O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - AppInit_DLLs: repairs303169590.dll
  O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\enn2l15o1.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

  0
• Whydoucare

  August 2006 edited August 2006

  sorry i missed a few things..
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\zHotkey.exe
  C:\Program Files\Multimedia Card Reader\shwicon2k.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\Program Files\Real\RealPlayer\RealPlay.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\windows\system32\rlvknlg.exe
  C:\WINDOWS\xload.exe
  C:\kybrdff_14.exe
  C:\WINDOWS\System32\RUNDLL32.EXE
  C:\nwnmff_14.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
  C:\dfndrff_14.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
  C:\Program Files\aim\aim.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
  C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  C:\Program Files\BigFix\BigFix.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\WINDOWS\System32\nvsvc32.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\wanmpsvc.exe
  C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\v1201.exe
  C:\WINDOWS\System32\conime.exe
  c:\ucmoreiex.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\WinRAR\WinRAR.exe
  C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\Rar$EX00.579\HijackThis.exe
  
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
  F2 - REG:system.ini: UserInit=userinit.exe
  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
  O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
  O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\yusuf kharadi\Desktop\MsgPlus.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [first sect locks bows] C:\Documents and Settings\All Users\Application Data\Third great first sect\Trustmapi.exe
  O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
  O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
  O4 - HKLM\..\Run: [win3208056-1729987] C:\WINDOWS\win3208056-1729987.exe
  O4 - HKLM\..\Run: [kxnb1ee5] RUNDLL32.EXE w00bb07e.dll,n 003b1ee20000000a00bb07e
  O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
  O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
  O4 - HKCU\..\Run: [Math open] C:\DOCUME~1\YUSUFK~1\APPLIC~1\STARTGPL\Ford software close.exe
  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
  O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
  O4 - HKCU\..\Run: [frqf] C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
  O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://www.bardownload.com/prompt/cabs/website.cab
  O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
  O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
  O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
  O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - AppInit_DLLs: repairs303169590.dll
  O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\enn2l15o1.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

  0
• Whydoucare

  August 2006 edited August 2006

  can Someone Please Tell Me What To Do Next?

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  i need to see another list please do this--->Run Hijackthis.
  Click on Open the Misc Tools section.
  Next click on Open uninstall manager.
  Press the Save list button. It will open a Notepad file.
  Copy & Paste the entire contents of that file in your in your next post

  0
• Whydoucare

  August 2006 edited August 2006

  Ad-Aware SE Personal
  Adobe Acrobat 5.0
  Adobe Bridge 1.0
  Adobe Common File Installer
  Adobe Help Center 1.0
  Adobe Photoshop 7.0.1
  Adobe Photoshop CS2
  Adobe Stock Photos 1.0
  America Online (Choose which version to remove)
  AOL Coach Version 1.0(Build:20030807.3)
  AOL Instant Messenger (SM)
  Apache HTTP Server 1.3.33
  BigFix
  Cheat Engine 5.2
  Command
  CompuServe
  Conquer 2.0
  Creative MediaSource
  Creative Removable Disk Manager
  Creative System Information
  Creative Zen MicroPhoto
  DameK UltraBlue
  FlashGet(JetCar)
  Fraps
  Gunbound Revolution
  HijackThis 1.99.1
  HP Extended Capabilities 4.7
  HP Image Zone 4.7
  HP PSC & OfficeJet 4.7
  HP Software Update
  ICQ
  ijji
  illusionxs.exe
  InCD (Ahead Software)
  IOI Multimedia Card Reader
  J2SE Runtime Environment 5.0 Update 2
  Java 2 Runtime Environment Standard Edition v1.3.1
  Java 2 Runtime Environment Standard Edition v1.3.1_02
  Knight Rider PC Demo
  Learn2 Player (Uninstall Only)
  LimeWire 4.10.9
  Little Fighter 2 1.9c
  LiveReg (Symantec Corporation)
  LiveUpdate 1.90 (Symantec Corporation)
  Macromedia Flash Player 8
  Macromedia Shockwave Player
  MAIET entertainment - Gunz
  MapleStory
  MapleStory
  Microsoft .NET Framework 1.1
  Microsoft Office XP Professional with FrontPage
  Microsoft Windows Journal Viewer
  Mozilla Firefox (1.5.0.6)
  MSN Messenger 7.5
  MSXML 4.0 SP2 Parser and SDK
  Multimedia Keyboard Driver
  Network Monitor
  Norton WMI Update
  NVIDIA Display Driver
  NVIDIA Ethernet Driver
  NVIDIA nForce Drivers
  Outlook Express Update Q330994
  Photosmart 140,240,7200,7600,7700,7900 Series
  PowerDVD
  QuickTime
  RealPlayer Basic
  RelevantKnowledge
  SigmaTel MSCN Audio Player
  Softnyx Launcher
  SoftV92 Data Fax Modem with SmartCP
  StyleXP (remove only)
  Surf SideKick
  Themexp.org File
  UCmore - The Search Accelerator
  UOGateway
  Update for Windows XP (KB898461)
  VideoLAN VLC media player 0.8.5
  Viewpoint Media Player
  WhatPulse
  Winamp (remove only)
  Windows Backup Utility
  Windows Installer 3.1 (KB893803)
  Windows Media Format Runtime
  Windows Media Player 10
  Windows XP Hotfix - KB842773
  WinRAR archiver

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  uninstall the following programs via add/remove programs then reboot and post new hjt log-->

  1. Viewpoint Media Player
  2. UCmore - The Search Accelerator
  3. Surf SideKick
  4. Network Monitor
  5. Learn2 Player (Uninstall Only)

  0
• Whydoucare

  August 2006 edited August 2006

  Logfile of HijackThis v1.99.1
  Scan saved at 7:20:38 PM, on 8/29/2006
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  C:\WINDOWS\zHotkey.exe
  C:\Program Files\Multimedia Card Reader\shwicon2k.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  C:\Program Files\Real\RealPlayer\RealPlay.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\Apache Group\Apache\Apache.exe
  C:\WINDOWS\xload.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\kybrdff_14.exe
  C:\WINDOWS\System32\RUNDLL32.EXE
  C:\nwnmff_14.exe
  C:\dfndrff_14.exe
  C:\WINDOWS\v1201.exe
  C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
  C:\Program Files\aim\aim.exe
  C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  C:\Program Files\BigFix\BigFix.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wdfmgr.exe
  C:\PROGRA~1\COMMON~1\frqf\frqfa.exe
  C:\WINDOWS\wanmpsvc.exe
  C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Documents and Settings\yusuf kharadi\Desktop\hijackthis_199\HijackThis.exe
  
  R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
  F2 - REG:system.ini: UserInit=userinit.exe
  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
  O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
  O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\yusuf kharadi\Desktop\MsgPlus.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [first sect locks bows] C:\Documents and Settings\All Users\Application Data\Third great first sect\Trustmapi.exe
  O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
  O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
  O4 - HKLM\..\Run: [win3208056-1729987] C:\WINDOWS\win3208056-1729987.exe
  O4 - HKLM\..\Run: [kxnb1ee5] RUNDLL32.EXE w00bb07e.dll,n 003b1ee20000000a00bb07e
  O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
  O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
  O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
  O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
  O4 - HKCU\..\Run: [Math open] C:\DOCUME~1\YUSUFK~1\APPLIC~1\STARTGPL\Ford software close.exe
  O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
  O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
  O4 - HKCU\..\Run: [frqf] C:\PROGRA~1\COMMON~1\frqf\frqfm.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
  O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
  O15 - Trusted Zone: *.sxload.com
  O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://www.bardownload.com/prompt/cabs/website.cab
  O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
  O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\YUSUFK~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
  O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
  O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
  O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
  O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\eXVzdWYga2hhcmFkaQ\command.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  First download ewido anti-spyware from HERE and save that file to your desktop.

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need to run ewido and update the definition files.
  3. On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
     • Select "Automatically generate report after every scan"
     • Un-Select "Only if threats were found"

  Close ewido anti-spyware and reboot your computer into Safe Mode.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
     IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  3. Ewido will now begin the scanning process, be patient this may take a little time.
  4. Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  5. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  6. Close ewido & post that report in your next reply

  0
• Whydoucare

  August 2006 edited August 2006

  do i also have to post the log?

  0
• jmoney3457 Maine

  August 2006 edited August 2006

  Whydoucare wrote:

  do i also have to post the log?

  if you mean hijackthis log yes if you could but i also need the ewido report as well

  0
• Whydoucare

  September 2006 edited September 2006

  umm i have a problem..when ever i do the scan before it finished it freezes every single time

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  Whydoucare wrote:

  umm i have a problem..when ever i do the scan before it finished it freezes every single time

  which scan? ewido/HJT or both?

  0
• Whydoucare

  September 2006 edited September 2006

  ewido...hjt is really fast..ewido goes fast but then slows down and then freezes i keep trying everyday but i still cant get it to work without freezing..

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  Whydoucare wrote:

  ewido...hjt is really fast..ewido goes fast but then slows down and then freezes i keep trying everyday but i still cant get it to work without freezing..

  and your doing ewido scan in safe mode correct?

  0
• Whydoucare

  September 2006 edited September 2006

  yes

  0
• jmoney3457 Maine

  September 2006 edited September 2006

  Make sure that you can see hidden files.

  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading select Show hidden files and folders.
  6. Uncheck the Hide protected operating system files (recommended) option.
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.

  after doing the above then retry ewido

  0