Options
spyware help
ive had some big problems with spyware and whatnot on this computer. its pretty old, and kinda a beater, but i need some help just to make it functional again. after running spyware and ad-aware and that good stuff, hijackthis gave me the following log:
Logfile of HijackThis v1.99.0
Scan saved at 12:10:01 AM, on 1/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\SYSTEM32\USRmlnkA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINXP\SYSTEM32\USRshutA.exe
C:\WINXP\SYSTEM32\USRmlnkA.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\matt\local settings\temp\WW.exe
C:\documents and settings\matt\local settings\temp\YIr9ECAW0.exe
C:\WINXP\System32\CD_CLINT.exe
C:\documents and settings\karen\local settings\temp\9.exe
C:\documents and settings\karen\local settings\temp\Lm5lNKh.exe
C:\documents and settings\matt\local settings\temp\o.exe
C:\documents and settings\matt\local settings\temp\dRZBHvrSh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Documents and Settings\matt\Application Data\acoe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINXP\System32\wuauclt.exe
C:\WINXP\System32\wuauclt.exe
c:\winxp\system32\azhfdx.exe
c:\winxp\system32\packager.exe
C:\WINXP\System32\wuauclt.exe
C:\WINXP\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\??oolsv.exe
C:\Documents and Settings\matt\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bgsu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINXP\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINXP\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {50C67BC8-B65E-C5F9-7B62-ECDC4A3CBBCE} - C:\WINXP\System32\oljv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\matt\Local Settings\Temp\665.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINXP\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WW] C:\documents and settings\matt\local settings\temp\WW.exe
O4 - HKLM\..\Run: [YIr9ECAW0] C:\documents and settings\matt\local settings\temp\YIr9ECAW0.exe
O4 - HKLM\..\Run: [53c4537aa1a3] C:\WINXP\System32\CD_CLINT.exe
O4 - HKLM\..\Run: [3ZSNWNX52TQTZ6] C:\WINXP\System32\QgpXq.exe
O4 - HKLM\..\Run: [eaxisfxrl] C:\WINXP\System32\azhfdx.exe
O4 - HKLM\..\Run: [conscorr] C:\WINXP\conscorr.exe
O4 - HKLM\..\Run: [satmat] C:\WINXP\satmat.exe
O4 - HKLM\..\Run: [9] C:\documents and settings\karen\local settings\temp\9.exe
O4 - HKLM\..\Run: [Lm5lNKh] C:\documents and settings\karen\local settings\temp\Lm5lNKh.exe
O4 - HKLM\..\Run: [o] C:\documents and settings\matt\local settings\temp\o.exe
O4 - HKLM\..\Run: [dRZBHvrSh] C:\documents and settings\matt\local settings\temp\dRZBHvrSh.exe
O4 - HKLM\..\Run: [9pNn8EnV] C:\documents and settings\matt\local settings\temp\9pNn8EnV.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINXP\Temp\TBuninst.exe /remove
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Hcoo] C:\Documents and Settings\matt\Application Data\acoe.exe
O4 - HKCU\..\Run: [Ufc] C:\WINXP\System32\??oolsv.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINXP\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINXP\System32\maxspeed.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.com/bannerfarm/47041/WrapperOuter1154041105.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093101219147
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\System32\HPZipm12.exe
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Thanks to whoever can help me with this.
-Oz
Logfile of HijackThis v1.99.0
Scan saved at 12:10:01 AM, on 1/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\SYSTEM32\USRmlnkA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINXP\SYSTEM32\USRshutA.exe
C:\WINXP\SYSTEM32\USRmlnkA.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\matt\local settings\temp\WW.exe
C:\documents and settings\matt\local settings\temp\YIr9ECAW0.exe
C:\WINXP\System32\CD_CLINT.exe
C:\documents and settings\karen\local settings\temp\9.exe
C:\documents and settings\karen\local settings\temp\Lm5lNKh.exe
C:\documents and settings\matt\local settings\temp\o.exe
C:\documents and settings\matt\local settings\temp\dRZBHvrSh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Documents and Settings\matt\Application Data\acoe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINXP\System32\wuauclt.exe
C:\WINXP\System32\wuauclt.exe
c:\winxp\system32\azhfdx.exe
c:\winxp\system32\packager.exe
C:\WINXP\System32\wuauclt.exe
C:\WINXP\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\??oolsv.exe
C:\Documents and Settings\matt\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bgsu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINXP\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINXP\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {50C67BC8-B65E-C5F9-7B62-ECDC4A3CBBCE} - C:\WINXP\System32\oljv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\matt\Local Settings\Temp\665.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINXP\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WW] C:\documents and settings\matt\local settings\temp\WW.exe
O4 - HKLM\..\Run: [YIr9ECAW0] C:\documents and settings\matt\local settings\temp\YIr9ECAW0.exe
O4 - HKLM\..\Run: [53c4537aa1a3] C:\WINXP\System32\CD_CLINT.exe
O4 - HKLM\..\Run: [3ZSNWNX52TQTZ6] C:\WINXP\System32\QgpXq.exe
O4 - HKLM\..\Run: [eaxisfxrl] C:\WINXP\System32\azhfdx.exe
O4 - HKLM\..\Run: [conscorr] C:\WINXP\conscorr.exe
O4 - HKLM\..\Run: [satmat] C:\WINXP\satmat.exe
O4 - HKLM\..\Run: [9] C:\documents and settings\karen\local settings\temp\9.exe
O4 - HKLM\..\Run: [Lm5lNKh] C:\documents and settings\karen\local settings\temp\Lm5lNKh.exe
O4 - HKLM\..\Run: [o] C:\documents and settings\matt\local settings\temp\o.exe
O4 - HKLM\..\Run: [dRZBHvrSh] C:\documents and settings\matt\local settings\temp\dRZBHvrSh.exe
O4 - HKLM\..\Run: [9pNn8EnV] C:\documents and settings\matt\local settings\temp\9pNn8EnV.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINXP\Temp\TBuninst.exe /remove
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Hcoo] C:\Documents and Settings\matt\Application Data\acoe.exe
O4 - HKCU\..\Run: [Ufc] C:\WINXP\System32\??oolsv.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINXP\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINXP\System32\maxspeed.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.com/bannerfarm/47041/WrapperOuter1154041105.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093101219147
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\System32\HPZipm12.exe
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Thanks to whoever can help me with this.
-Oz
0
Comments
http://www.ccleaner.com/ccdownload.php
Please download and install Trojan Hunter
http://www.trojanhunter.com/products/TrojanHunter.exe
Show hidden files
http://www.short-media.com/forum/showpost.php?p=172588&postcount=3
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINXP\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINXP\systb.dll (file missing)
O2 - BHO: (no name) - {50C67BC8-B65E-C5F9-7B62-ECDC4A3CBBCE} - C:\WINXP\System32\oljv.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\matt\Local Settings\Temp\665.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [WW] C:\documents and settings\matt\local settings\temp\WW.exe
O4 - HKLM\..\Run: [YIr9ECAW0] C:\documents and settings\matt\local settings\temp\YIr9ECAW0.exe
O4 - HKLM\..\Run: [53c4537aa1a3] C:\WINXP\System32\CD_CLINT.exe
O4 - HKLM\..\Run: [3ZSNWNX52TQTZ6] C:\WINXP\System32\QgpXq.exe
O4 - HKLM\..\Run: [eaxisfxrl] C:\WINXP\System32\azhfdx.exe
O4 - HKLM\..\Run: [conscorr] C:\WINXP\conscorr.exe
O4 - HKLM\..\Run: [satmat] C:\WINXP\satmat.exe
O4 - HKLM\..\Run: [9] C:\documents and settings\karen\local settings\temp\9.exe
O4 - HKLM\..\Run: [Lm5lNKh] C:\documents and settings\karen\local settings\temp\Lm5lNKh.exe
O4 - HKLM\..\Run: [o] C:\documents and settings\matt\local settings\temp\o.exe
O4 - HKLM\..\Run: [dRZBHvrSh] C:\documents and settings\matt\local settings\temp\dRZBHvrSh.exe
O4 - HKLM\..\Run: [9pNn8EnV] C:\documents and settings\matt\local settings\temp\9pNn8EnV.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINXP\Temp\TBuninst.exe /remove
O4 - HKCU\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Hcoo] C:\Documents and Settings\matt\Application Data\acoe.exe
O4 - HKCU\..\Run: [Ufc] C:\WINXP\System32\??oolsv.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINXP\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINXP\System32\maxspeed.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.c...r1154041105.EXE
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Reboot your computer into Safe Mode
Run CCleaner.
Run Trojan Hunter.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
TV Media
Web Offers
Ebates
Virtual Bouncer
Then delete these files or directories (Do not be concerned if they do not exist):
C:\Program Files\TV Media
C:\WINXP\ZServ.dll
C:\WINXP\systb.dll
C:\WINXP\System32\oljv.dll
C:\WINXP\System32\CD_CLINT.exe
C:\WINXP\System32\QgpXq.exe
C:\WINXP\System32\azhfdx.exe
C:\WINXP\conscorr.exe
C:\WINXP\satmat.exe
C:\PROGRA~1\VBouncer
winprocessor.exe
Microsoftx.exe
C:\PROGRA~1\Web Offer
C:\Documents and Settings\matt\Application Data\acoe.exe
32RUNdll.exe
DLHelperEXE.exe
Reboot back to normal mode.
Launch Notepad, and copy/paste the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.
Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here along with a new hijackthis log.