Options

Up in arms!

Unknown
edited May 2005 in Spyware & Virus Removal
Thanx for the warm welcome, I seemed to have the same problem as an ealier converts posting (spybot finds the following:
CoolWWWSearch.Aff.Winshow
Startpage-EH
URLSearchHook.Atlpz (to which on the web only found mention of in spanish)
I'm not getting the same messages now, but my favorites are not my favorite
and every time I log on critical objects do too!
I have installed:
Ad-Aware SE Personal, Build 1.05
Spybot S&D 1.3
Norton system Works
Spyware Blaster
RegCleaner 4.3

Logfile of HijackThis v1.99.1
Scan saved at 11:26:20 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ntcr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Mart\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2C21BAA6-325A-A257-9DFA-7425A21F1A16} - C:\WINDOWS\system32\addik32.dll
O2 - BHO: Class - {ADCDEB91-0598-F6B4-C015-DD1DF78A7639} - C:\WINDOWS\appzm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F77B658D-3AD0-37B1-5B93-FAFF6F9DCE99} - C:\WINDOWS\apicn.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ntcr.exe] C:\WINDOWS\system32\ntcr.exe
O4 - HKLM\..\RunOnce: [syssk32.exe] C:\WINDOWS\system32\syssk32.exe
O4 - HKLM\..\RunOnce: [crey32.exe] C:\WINDOWS\crey32.exe
O4 - HKLM\..\RunOnce: [mfczn.exe] C:\WINDOWS\system32\mfczn.exe
O4 - HKLM\..\RunOnce: [crok32.exe] C:\WINDOWS\system32\crok32.exe
O4 - HKLM\..\RunOnce: [ipsm.exe] C:\WINDOWS\ipsm.exe
O4 - HKLM\..\RunOnce: [ipmf.exe] C:\WINDOWS\ipmf.exe
O4 - HKLM\..\RunOnce: [sysjg.exe] C:\WINDOWS\sysjg.exe
O4 - HKLM\..\RunOnce: [sysmx.exe] C:\WINDOWS\sysmx.exe
O4 - HKLM\..\RunOnce: [ipyj.exe] C:\WINDOWS\ipyj.exe
O4 - HKLM\..\RunOnce: [addld32.exe] C:\WINDOWS\system32\addld32.exe
O4 - HKLM\..\RunOnce: [syshn.exe] C:\WINDOWS\system32\syshn.exe
O4 - HKLM\..\RunOnce: [winmd.exe] C:\WINDOWS\winmd.exe
O4 - HKLM\..\RunOnce: [apifa.exe] C:\WINDOWS\apifa.exe
O4 - HKLM\..\RunOnce: [atlzf.exe] C:\WINDOWS\system32\atlzf.exe
O4 - HKLM\..\RunOnce: [iefi32.exe] C:\WINDOWS\system32\iefi32.exe
O4 - HKLM\..\RunOnce: [addjm.exe] C:\WINDOWS\addjm.exe
O4 - HKLM\..\RunOnce: [crpg.exe] C:\WINDOWS\system32\crpg.exe
O4 - HKLM\..\RunOnce: [syssm32.exe] C:\WINDOWS\system32\syssm32.exe
O4 - HKLM\..\RunOnce: [syszj32.exe] C:\WINDOWS\syszj32.exe
O4 - HKLM\..\RunOnce: [sdkef32.exe] C:\WINDOWS\system32\sdkef32.exe
O4 - HKLM\..\RunOnce: [syshr32.exe] C:\WINDOWS\syshr32.exe
O4 - HKLM\..\RunOnce: [applv.exe] C:\WINDOWS\applv.exe
O4 - HKLM\..\RunOnce: [atlgn32.exe] C:\WINDOWS\system32\atlgn32.exe
O4 - HKLM\..\RunOnce: [neteu.exe] C:\WINDOWS\system32\neteu.exe
O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\javaay32.exe
O4 - HKLM\..\RunOnce: [ntkz.exe] C:\WINDOWS\system32\ntkz.exe
O4 - HKLM\..\RunOnce: [ntxv32.exe] C:\WINDOWS\ntxv32.exe
O4 - HKLM\..\RunOnce: [ntes32.exe] C:\WINDOWS\system32\ntes32.exe
O4 - HKLM\..\RunOnce: [appjo32.exe] C:\WINDOWS\system32\appjo32.exe
O4 - HKLM\..\RunOnce: [sdkma32.exe] C:\WINDOWS\system32\sdkma32.exe
O4 - HKLM\..\RunOnce: [crre.exe] C:\WINDOWS\crre.exe
O4 - HKLM\..\RunOnce: [javazf32.exe] C:\WINDOWS\system32\javazf32.exe
O4 - HKLM\..\RunOnce: [javagc32.exe] C:\WINDOWS\javagc32.exe
O4 - HKLM\..\RunOnce: [mfcly.exe] C:\WINDOWS\mfcly.exe
O4 - HKLM\..\RunOnce: [addok.exe] C:\WINDOWS\addok.exe
O4 - HKLM\..\RunOnce: [netez32.exe] C:\WINDOWS\system32\netez32.exe
O4 - HKLM\..\RunOnce: [javacg32.exe] C:\WINDOWS\system32\javacg32.exe
O4 - HKLM\..\RunOnce: [ntxs.exe] C:\WINDOWS\system32\ntxs.exe
O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\system32\appwa32.exe
O4 - HKLM\..\RunOnce: [iemp32.exe] C:\WINDOWS\iemp32.exe
O4 - HKLM\..\RunOnce: [d3qz.exe] C:\WINDOWS\system32\d3qz.exe
O4 - HKLM\..\RunOnce: [winmd32.exe] C:\WINDOWS\system32\winmd32.exe
O4 - HKLM\..\RunOnce: [iedd.exe] C:\WINDOWS\system32\iedd.exe
O4 - HKLM\..\RunOnce: [sysja32.exe] C:\WINDOWS\system32\sysja32.exe
O4 - HKLM\..\RunOnce: [ieyp32.exe] C:\WINDOWS\ieyp32.exe
O4 - HKLM\..\RunOnce: [ntct32.exe] C:\WINDOWS\system32\ntct32.exe
O4 - HKLM\..\RunOnce: [sysyf32.exe] C:\WINDOWS\sysyf32.exe
O4 - HKLM\..\RunOnce: [winyd32.exe] C:\WINDOWS\system32\winyd32.exe
O4 - HKLM\..\RunOnce: [appcj.exe] C:\WINDOWS\system32\appcj.exe
O4 - HKLM\..\RunOnce: [winlk32.exe] C:\WINDOWS\winlk32.exe
O4 - HKLM\..\RunOnce: [javafb.exe] C:\WINDOWS\javafb.exe
O4 - HKLM\..\RunOnce: [appzm.exe] C:\WINDOWS\appzm.exe
O4 - HKLM\..\RunOnce: [sysob.exe] C:\WINDOWS\sysob.exe
O4 - HKLM\..\RunOnce: [javazu32.exe] C:\WINDOWS\system32\javazu32.exe
O4 - HKLM\..\RunOnce: [d3kf32.exe] C:\WINDOWS\d3kf32.exe
O4 - HKLM\..\RunOnce: [netpj32.exe] C:\WINDOWS\netpj32.exe
O4 - HKLM\..\RunOnce: [mssv.exe] C:\WINDOWS\mssv.exe
O4 - HKLM\..\RunOnce: [sdkwz.exe] C:\WINDOWS\system32\sdkwz.exe
O4 - HKLM\..\RunOnce: [syslo32.exe] C:\WINDOWS\syslo32.exe
O4 - HKLM\..\RunOnce: [appce.exe] C:\WINDOWS\appce.exe
O4 - HKLM\..\RunOnce: [ipga32.exe] C:\WINDOWS\system32\ipga32.exe
O4 - HKLM\..\RunOnce: [mfcpi.exe] C:\WINDOWS\mfcpi.exe
O4 - HKLM\..\RunOnce: [apivx32.exe] C:\WINDOWS\system32\apivx32.exe
O4 - HKLM\..\RunOnce: [mfcju32.exe] C:\WINDOWS\mfcju32.exe
O4 - HKLM\..\RunOnce: [netjh.exe] C:\WINDOWS\system32\netjh.exe
O4 - HKLM\..\RunOnce: [mfcyp.exe] C:\WINDOWS\system32\mfcyp.exe
O4 - HKLM\..\RunOnce: [sysjh32.exe] C:\WINDOWS\sysjh32.exe
O4 - HKLM\..\RunOnce: [criv32.exe] C:\WINDOWS\system32\criv32.exe
O4 - HKLM\..\RunOnce: [d3bo.exe] C:\WINDOWS\system32\d3bo.exe
O4 - HKLM\..\RunOnce: [crcm32.exe] C:\WINDOWS\crcm32.exe
O4 - HKLM\..\RunOnce: [d3ku.exe] C:\WINDOWS\d3ku.exe
O4 - HKLM\..\RunOnce: [crlc.exe] C:\WINDOWS\system32\crlc.exe
O4 - HKLM\..\RunOnce: [appui32.exe] C:\WINDOWS\appui32.exe
O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe
O4 - HKLM\..\RunOnce: [ntrg32.exe] C:\WINDOWS\system32\ntrg32.exe
O4 - HKLM\..\RunOnce: [mfchv32.exe] C:\WINDOWS\mfchv32.exe
O4 - HKLM\..\RunOnce: [apipd.exe] C:\WINDOWS\apipd.exe
O4 - HKLM\..\RunOnce: [mfcqd.exe] C:\WINDOWS\system32\mfcqd.exe
O4 - HKLM\..\RunOnce: [sdknb32.exe] C:\WINDOWS\sdknb32.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\ipoe.exe
O4 - HKLM\..\RunOnce: [ieyz32.exe] C:\WINDOWS\system32\ieyz32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntma.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Hope you can help THANX!!!

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited May 2005
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tnmvo.dll/sp.html#94115
    O2 - BHO: Class - {2C21BAA6-325A-A257-9DFA-7425A21F1A16} - C:\WINDOWS\system32\addik32.dll
    O2 - BHO: Class - {ADCDEB91-0598-F6B4-C015-DD1DF78A7639} - C:\WINDOWS\appzm.dll
    O2 - BHO: Class - {F77B658D-3AD0-37B1-5B93-FAFF6F9DCE99} - C:\WINDOWS\apicn.dll
    O4 - HKLM\..\Run: [ntcr.exe] C:\WINDOWS\system32\ntcr.exe
    O4 - HKLM\..\RunOnce: [syssk32.exe] C:\WINDOWS\system32\syssk32.exe
    O4 - HKLM\..\RunOnce: [crey32.exe] C:\WINDOWS\crey32.exe
    O4 - HKLM\..\RunOnce: [mfczn.exe] C:\WINDOWS\system32\mfczn.exe
    O4 - HKLM\..\RunOnce: [crok32.exe] C:\WINDOWS\system32\crok32.exe
    O4 - HKLM\..\RunOnce: [ipsm.exe] C:\WINDOWS\ipsm.exe
    O4 - HKLM\..\RunOnce: [ipmf.exe] C:\WINDOWS\ipmf.exe
    O4 - HKLM\..\RunOnce: [sysjg.exe] C:\WINDOWS\sysjg.exe
    O4 - HKLM\..\RunOnce: [sysmx.exe] C:\WINDOWS\sysmx.exe
    O4 - HKLM\..\RunOnce: [ipyj.exe] C:\WINDOWS\ipyj.exe
    O4 - HKLM\..\RunOnce: [addld32.exe] C:\WINDOWS\system32\addld32.exe
    O4 - HKLM\..\RunOnce: [syshn.exe] C:\WINDOWS\system32\syshn.exe
    O4 - HKLM\..\RunOnce: [winmd.exe] C:\WINDOWS\winmd.exe
    O4 - HKLM\..\RunOnce: [apifa.exe] C:\WINDOWS\apifa.exe
    O4 - HKLM\..\RunOnce: [atlzf.exe] C:\WINDOWS\system32\atlzf.exe
    O4 - HKLM\..\RunOnce: [iefi32.exe] C:\WINDOWS\system32\iefi32.exe
    O4 - HKLM\..\RunOnce: [addjm.exe] C:\WINDOWS\addjm.exe
    O4 - HKLM\..\RunOnce: [crpg.exe] C:\WINDOWS\system32\crpg.exe
    O4 - HKLM\..\RunOnce: [syssm32.exe] C:\WINDOWS\system32\syssm32.exe
    O4 - HKLM\..\RunOnce: [syszj32.exe] C:\WINDOWS\syszj32.exe
    O4 - HKLM\..\RunOnce: [sdkef32.exe] C:\WINDOWS\system32\sdkef32.exe
    O4 - HKLM\..\RunOnce: [syshr32.exe] C:\WINDOWS\syshr32.exe
    O4 - HKLM\..\RunOnce: [applv.exe] C:\WINDOWS\applv.exe
    O4 - HKLM\..\RunOnce: [atlgn32.exe] C:\WINDOWS\system32\atlgn32.exe
    O4 - HKLM\..\RunOnce: [neteu.exe] C:\WINDOWS\system32\neteu.exe
    O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\javaay32.exe
    O4 - HKLM\..\RunOnce: [ntkz.exe] C:\WINDOWS\system32\ntkz.exe
    O4 - HKLM\..\RunOnce: [ntxv32.exe] C:\WINDOWS\ntxv32.exe
    O4 - HKLM\..\RunOnce: [ntes32.exe] C:\WINDOWS\system32\ntes32.exe
    O4 - HKLM\..\RunOnce: [appjo32.exe] C:\WINDOWS\system32\appjo32.exe
    O4 - HKLM\..\RunOnce: [sdkma32.exe] C:\WINDOWS\system32\sdkma32.exe
    O4 - HKLM\..\RunOnce: [crre.exe] C:\WINDOWS\crre.exe
    O4 - HKLM\..\RunOnce: [javazf32.exe] C:\WINDOWS\system32\javazf32.exe
    O4 - HKLM\..\RunOnce: [javagc32.exe] C:\WINDOWS\javagc32.exe
    O4 - HKLM\..\RunOnce: [mfcly.exe] C:\WINDOWS\mfcly.exe
    O4 - HKLM\..\RunOnce: [addok.exe] C:\WINDOWS\addok.exe
    O4 - HKLM\..\RunOnce: [netez32.exe] C:\WINDOWS\system32\netez32.exe
    O4 - HKLM\..\RunOnce: [javacg32.exe] C:\WINDOWS\system32\javacg32.exe
    O4 - HKLM\..\RunOnce: [ntxs.exe] C:\WINDOWS\system32\ntxs.exe
    O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\system32\appwa32.exe
    O4 - HKLM\..\RunOnce: [iemp32.exe] C:\WINDOWS\iemp32.exe
    O4 - HKLM\..\RunOnce: [d3qz.exe] C:\WINDOWS\system32\d3qz.exe
    O4 - HKLM\..\RunOnce: [winmd32.exe] C:\WINDOWS\system32\winmd32.exe
    O4 - HKLM\..\RunOnce: [iedd.exe] C:\WINDOWS\system32\iedd.exe
    O4 - HKLM\..\RunOnce: [sysja32.exe] C:\WINDOWS\system32\sysja32.exe
    O4 - HKLM\..\RunOnce: [ieyp32.exe] C:\WINDOWS\ieyp32.exe
    O4 - HKLM\..\RunOnce: [ntct32.exe] C:\WINDOWS\system32\ntct32.exe
    O4 - HKLM\..\RunOnce: [sysyf32.exe] C:\WINDOWS\sysyf32.exe
    O4 - HKLM\..\RunOnce: [winyd32.exe] C:\WINDOWS\system32\winyd32.exe
    O4 - HKLM\..\RunOnce: [appcj.exe] C:\WINDOWS\system32\appcj.exe
    O4 - HKLM\..\RunOnce: [winlk32.exe] C:\WINDOWS\winlk32.exe
    O4 - HKLM\..\RunOnce: [javafb.exe] C:\WINDOWS\javafb.exe
    O4 - HKLM\..\RunOnce: [appzm.exe] C:\WINDOWS\appzm.exe
    O4 - HKLM\..\RunOnce: [sysob.exe] C:\WINDOWS\sysob.exe
    O4 - HKLM\..\RunOnce: [javazu32.exe] C:\WINDOWS\system32\javazu32.exe
    O4 - HKLM\..\RunOnce: [d3kf32.exe] C:\WINDOWS\d3kf32.exe
    O4 - HKLM\..\RunOnce: [netpj32.exe] C:\WINDOWS\netpj32.exe
    O4 - HKLM\..\RunOnce: [mssv.exe] C:\WINDOWS\mssv.exe
    O4 - HKLM\..\RunOnce: [sdkwz.exe] C:\WINDOWS\system32\sdkwz.exe
    O4 - HKLM\..\RunOnce: [syslo32.exe] C:\WINDOWS\syslo32.exe
    O4 - HKLM\..\RunOnce: [appce.exe] C:\WINDOWS\appce.exe
    O4 - HKLM\..\RunOnce: [ipga32.exe] C:\WINDOWS\system32\ipga32.exe
    O4 - HKLM\..\RunOnce: [mfcpi.exe] C:\WINDOWS\mfcpi.exe
    O4 - HKLM\..\RunOnce: [apivx32.exe] C:\WINDOWS\system32\apivx32.exe
    O4 - HKLM\..\RunOnce: [mfcju32.exe] C:\WINDOWS\mfcju32.exe
    O4 - HKLM\..\RunOnce: [netjh.exe] C:\WINDOWS\system32\netjh.exe
    O4 - HKLM\..\RunOnce: [mfcyp.exe] C:\WINDOWS\system32\mfcyp.exe
    O4 - HKLM\..\RunOnce: [sysjh32.exe] C:\WINDOWS\sysjh32.exe
    O4 - HKLM\..\RunOnce: [criv32.exe] C:\WINDOWS\system32\criv32.exe
    O4 - HKLM\..\RunOnce: [d3bo.exe] C:\WINDOWS\system32\d3bo.exe
    O4 - HKLM\..\RunOnce: [crcm32.exe] C:\WINDOWS\crcm32.exe
    O4 - HKLM\..\RunOnce: [d3ku.exe] C:\WINDOWS\d3ku.exe
    O4 - HKLM\..\RunOnce: [crlc.exe] C:\WINDOWS\system32\crlc.exe
    O4 - HKLM\..\RunOnce: [appui32.exe] C:\WINDOWS\appui32.exe
    O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe
    O4 - HKLM\..\RunOnce: [ntrg32.exe] C:\WINDOWS\system32\ntrg32.exe
    O4 - HKLM\..\RunOnce: [mfchv32.exe] C:\WINDOWS\mfchv32.exe
    O4 - HKLM\..\RunOnce: [apipd.exe] C:\WINDOWS\apipd.exe
    O4 - HKLM\..\RunOnce: [mfcqd.exe] C:\WINDOWS\system32\mfcqd.exe
    O4 - HKLM\..\RunOnce: [sdknb32.exe] C:\WINDOWS\sdknb32.exe
    O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\ipoe.exe
    O4 - HKLM\..\RunOnce: [ieyz32.exe] C:\WINDOWS\system32\ieyz32.exe
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntma.exe (file missing)

    Fix those entries then find and delete the following files:
    C:\WINDOWS\system32\tnmvo.dll
    C:\WINDOWS\system32\addik32.dll
    C:\WINDOWS\appzm.dll
    C:\WINDOWS\apicn.dll
    C:\WINDOWS\system32\ntcr.exe
    C:\WINDOWS\system32\syssk32.exe
    C:\WINDOWS\crey32.exe
    C:\WINDOWS\system32\mfczn.exe
    C:\WINDOWS\system32\crok32.exe
    C:\WINDOWS\ipsm.exe
    C:\WINDOWS\ipmf.exe
    C:\WINDOWS\sysjg.exe
    C:\WINDOWS\sysmx.exe
    C:\WINDOWS\ipyj.exe
    C:\WINDOWS\system32\addld32.exe
    C:\WINDOWS\system32\syshn.exe
    C:\WINDOWS\winmd.exe
    C:\WINDOWS\apifa.exe
    C:\WINDOWS\system32\atlzf.exe
    C:\WINDOWS\system32\iefi32.exe
    C:\WINDOWS\addjm.exe
    C:\WINDOWS\system32\crpg.exe
    C:\WINDOWS\system32\syssm32.exe
    C:\WINDOWS\syszj32.exe
    C:\WINDOWS\system32\sdkef32.exe
    C:\WINDOWS\syshr32.exe
    C:\WINDOWS\applv.exe
    C:\WINDOWS\system32\atlgn32.exe
    C:\WINDOWS\system32\neteu.exe
    C:\WINDOWS\javaay32.exe
    C:\WINDOWS\system32\ntkz.exe
    C:\WINDOWS\ntxv32.exe
    C:\WINDOWS\system32\ntes32.exe
    C:\WINDOWS\system32\appjo32.exe
    C:\WINDOWS\system32\sdkma32.exe
    C:\WINDOWS\crre.exe
    C:\WINDOWS\system32\javazf32.exe
    C:\WINDOWS\javagc32.exe
    C:\WINDOWS\mfcly.exe
    C:\WINDOWS\addok.exe
    C:\WINDOWS\system32\netez32.exe
    C:\WINDOWS\system32\javacg32.exe
    C:\WINDOWS\system32\ntxs.exe
    C:\WINDOWS\system32\appwa32.exe
    C:\WINDOWS\iemp32.exe
    C:\WINDOWS\system32\d3qz.exe
    C:\WINDOWS\system32\winmd32.exe
    C:\WINDOWS\system32\iedd.exe
    C:\WINDOWS\system32\sysja32.exe
    C:\WINDOWS\ieyp32.exe
    C:\WINDOWS\system32\ntct32.exe
    C:\WINDOWS\sysyf32.exe
    C:\WINDOWS\system32\winyd32.exe
    C:\WINDOWS\system32\appcj.exe
    C:\WINDOWS\winlk32.exe
    C:\WINDOWS\javafb.exe
    C:\WINDOWS\appzm.exe
    C:\WINDOWS\sysob.exe
    C:\WINDOWS\system32\javazu32.exe
    C:\WINDOWS\d3kf32.exe
    C:\WINDOWS\netpj32.exe
    C:\WINDOWS\mssv.exe
    C:\WINDOWS\system32\sdkwz.exe
    C:\WINDOWS\syslo32.exe
    C:\WINDOWS\appce.exe
    C:\WINDOWS\system32\ipga32.exe
    C:\WINDOWS\mfcpi.exe
    C:\WINDOWS\system32\apivx32.exe
    C:\WINDOWS\mfcju32.exe
    C:\WINDOWS\system32\netjh.exe
    C:\WINDOWS\system32\mfcyp.exe
    C:\WINDOWS\sysjh32.exe
    C:\WINDOWS\system32\criv32.exe
    C:\WINDOWS\system32\d3bo.exe
    C:\WINDOWS\crcm32.exe
    C:\WINDOWS\d3ku.exe
    C:\WINDOWS\system32\crlc.exe
    C:\WINDOWS\appui32.exe
    C:\WINDOWS\iesq.exe
    C:\WINDOWS\system32\ntrg32.exe
    C:\WINDOWS\mfchv32.exe
    C:\WINDOWS\apipd.exe
    C:\WINDOWS\system32\mfcqd.exe
    C:\WINDOWS\sdknb32.exe
    C:\WINDOWS\ipoe.exe
    C:\WINDOWS\system32\ieyz32.exe
  • Mart
    edited May 2005
    Thank you for responce, It sure made my HJT log a lot shorter but still not home free! Could not find C:\WINDOWS\appzm.exe HJT fixed what it could and I deleted all but the one windows file that i couldn't find then I ran spybot and it gave me a congrats. But after running Ad-Aware I recieved more coolwebsearch criticals! Ad-Ware fixed those (or I'd like to think)
    I've rebooted and run a fresh HJT and am posting it now.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:28:46 PM, on 5/20/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\2Wire\Gateway\2PortalMon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Mart\Desktop\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntma.exe (file missing)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    I appreciate the time you take!
  • SpywareShooterSpywareShooter 127.0.0.1
    edited May 2005
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntma.exe (file missing)

    Fix those entries then reboot your computer and post a new log.
  • Mart
    edited May 2005
    Well 023 is pretty stubborn tried to fix three times but wasn't budging upon reboot got hung up (frooze) had to reboot a few times, thanx again!!! Hope you can pry this thing outta here.


    Logfile of HijackThis v1.99.1
    Scan saved at 9:58:52 PM, on 5/20/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\2Wire\Gateway\2PortalMon.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Mart\Desktop\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntma.exe (file missing)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • SpywareShooterSpywareShooter 127.0.0.1
    edited May 2005
    Open the Registry Editor (go to Start»Run and type Regedit) and do a search for 11Fßä#·ºÄÖ`I. Use the File»Export feature to export a list of ONLY the places where this comes up. Attach that file to your post and I will tell you which ones to delete, as editing the registry without proper knowledge of it can render your system unusable.
Sign In or Register to comment.