Much like everyone else, damn Spyware Problems
Please help me, I have the spyware....I have it bad!
Here is my Hijack this thingmabob.
Thanks for any help.
Just a last minute add on...I run XP Pro, have Spyhunter, symantec AV, and Firewall.
Logfile of HijackThis v1.98.2
Scan saved at 11:04:34, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
H:\antivirus\DefWatch.exe
C:\WINDOWS\system32\iosdt\iosdt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
H:\Firewall\NISUM.EXE
H:\antivirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Firewall\SymPxSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
H:\Firewall\NISSERV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\ANTIVI~1\vptray.exe
H:\Firewall\IAMAPP.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\sblive\AudioHQ\AHQTB.EXE
H:\sblive\Program\CTAvTray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\qfjhkqw.exe
H:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\offerDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
H:\sblive\AudioHQ\ahqrun.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
H:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [vptray] H:\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] H:\Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] h:\sblive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] h:\sblive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] H:\sblive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pqcpizutzvpi] C:\WINDOWS\system32\qfjhkqw.exe
O4 - HKLM\..\Run: [iTunesHelper] H:\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [offerDrv.exe] "C:\WINDOWS\offerDrv.exe" 1099907752 1099959710 1100127662 2 0
O4 - HKLM\..\Run: [imekrmig] H:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Enigma Firewall] C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Enigma Software Group\EnigmaFireWall\ESPfSdk.dll
O4 - HKLM\..\RunOnce: [CTAVTray] h:\sblive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoEA] H:\sblive\AudioHQ\ahqrun.exe "h:\sblive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - Global Startup: Microsoft Office.lnk = H:\oFFICE XP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.1.28/gin/gin-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098750449027
I ran AdAware as told to do so by the instructions (sorry I didn't read first) and this is what my Hijackthis file looks like now. Thanks
Logfile of HijackThis v1.98.2
Scan saved at 13:20:37, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
H:\antivirus\DefWatch.exe
C:\WINDOWS\system32\iosdt\iosdt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
H:\Firewall\NISUM.EXE
H:\antivirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Firewall\SymPxSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
H:\Firewall\NISSERV.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\ANTIVI~1\vptray.exe
H:\Firewall\IAMAPP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\sblive\AudioHQ\AHQTB.EXE
H:\sblive\Program\CTAvTray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
H:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\offerDrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
C:\WINDOWS\system32\ctfmon.exe
H:\sblive\AudioHQ\ahqrun.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [vptray] H:\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] H:\Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] h:\sblive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] h:\sblive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] H:\sblive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] H:\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [offerDrv.exe] "C:\WINDOWS\offerDrv.exe" 1099907752 1099959710 1100127662 2 0
O4 - HKLM\..\Run: [imekrmig] H:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Enigma Firewall] C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Enigma Software Group\EnigmaFireWall\ESPfSdk.dll
O4 - HKLM\..\RunOnce: [CTAVTray] h:\sblive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoEA] H:\sblive\AudioHQ\ahqrun.exe "h:\sblive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - Global Startup: Microsoft Office.lnk = H:\oFFICE XP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.1.28/gin/gin-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098750449027
Here is my Hijack this thingmabob.
Thanks for any help.
Just a last minute add on...I run XP Pro, have Spyhunter, symantec AV, and Firewall.
Logfile of HijackThis v1.98.2
Scan saved at 11:04:34, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
H:\antivirus\DefWatch.exe
C:\WINDOWS\system32\iosdt\iosdt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
H:\Firewall\NISUM.EXE
H:\antivirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Firewall\SymPxSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
H:\Firewall\NISSERV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\ANTIVI~1\vptray.exe
H:\Firewall\IAMAPP.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\sblive\AudioHQ\AHQTB.EXE
H:\sblive\Program\CTAvTray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\qfjhkqw.exe
H:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\offerDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
H:\sblive\AudioHQ\ahqrun.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
H:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [vptray] H:\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] H:\Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] h:\sblive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] h:\sblive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] H:\sblive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pqcpizutzvpi] C:\WINDOWS\system32\qfjhkqw.exe
O4 - HKLM\..\Run: [iTunesHelper] H:\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [offerDrv.exe] "C:\WINDOWS\offerDrv.exe" 1099907752 1099959710 1100127662 2 0
O4 - HKLM\..\Run: [imekrmig] H:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Enigma Firewall] C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Enigma Software Group\EnigmaFireWall\ESPfSdk.dll
O4 - HKLM\..\RunOnce: [CTAVTray] h:\sblive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoEA] H:\sblive\AudioHQ\ahqrun.exe "h:\sblive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - Global Startup: Microsoft Office.lnk = H:\oFFICE XP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.1.28/gin/gin-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098750449027
I ran AdAware as told to do so by the instructions (sorry I didn't read first) and this is what my Hijackthis file looks like now. Thanks
Logfile of HijackThis v1.98.2
Scan saved at 13:20:37, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
H:\antivirus\DefWatch.exe
C:\WINDOWS\system32\iosdt\iosdt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
H:\Firewall\NISUM.EXE
H:\antivirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Firewall\SymPxSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
H:\Firewall\NISSERV.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\ANTIVI~1\vptray.exe
H:\Firewall\IAMAPP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\sblive\AudioHQ\AHQTB.EXE
H:\sblive\Program\CTAvTray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
H:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\offerDrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
C:\WINDOWS\system32\ctfmon.exe
H:\sblive\AudioHQ\ahqrun.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [vptray] H:\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] H:\Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] h:\sblive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] h:\sblive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] H:\sblive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] H:\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [offerDrv.exe] "C:\WINDOWS\offerDrv.exe" 1099907752 1099959710 1100127662 2 0
O4 - HKLM\..\Run: [imekrmig] H:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Enigma Firewall] C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Enigma Software Group\EnigmaFireWall\ESPfSdk.dll
O4 - HKLM\..\RunOnce: [CTAVTray] h:\sblive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoEA] H:\sblive\AudioHQ\ahqrun.exe "h:\sblive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - Global Startup: Microsoft Office.lnk = H:\oFFICE XP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.1.28/gin/gin-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098750449027
0
Comments
Fix that entry then find and delete offerdrv.exe, reboot and post a new log.
Okay, I fixed the entry, then tried to delete offerdrv.exe, but stinkin' windows won't allow me to delete.
So far haven't seen anymore problems.
You guys here are the best!! I wish my brain was as big as yours.
Thanks a bunch. Oh, here's the new log let me know if anything else looks wrong please. So funny that I feel as though I'm asking you to translate a foriegn language, guess in some ways I am.
Logfile of HijackThis v1.98.2
Scan saved at 1:48:01, on 11/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
H:\antivirus\DefWatch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\hpzstatn.exe
H:\Firewall\NISUM.EXE
H:\antivirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Firewall\SymPxSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
H:\Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\ANTIVI~1\vptray.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
H:\Firewall\IAMAPP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
H:\sblive\Program\CTAvTray.EXE
H:\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\OFFICE~1\Office10\OUTLOOK.EXE
H:\oFFICE XP\Office10\WINWORD.EXE
H:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [vptray] H:\ANTIVI~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] H:\Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] h:\sblive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] h:\sblive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] H:\sblive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] H:\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [imekrmig] H:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\Enigma Popup Stop\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Enigma Firewall] C:\Program Files\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Enigma Software Group\EnigmaFireWall\ESPfSdk.dll
O4 - HKLM\..\RunOnce: [CTAVTray] h:\sblive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoEA] H:\sblive\AudioHQ\ahqrun.exe "h:\sblive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - Global Startup: Microsoft Office.lnk = H:\oFFICE XP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.1.28/gin/gin-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.2.21/poppit/poppit-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.2.21/worldclass/worldclass-ob-assets.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098750449027
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab