Options
XP Professional hijacked with new.net
Your assistance is once again requested in helping to rid my computer of a hijack, and possibly other spyware. I have updated and ran adaware, spybot, and cws. Attached is my current HJT log. Thanks again!!!!
Logfile of HijackThis v1.99.1
Scan saved at 2:41:12 PM, on 8/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\wwtrvotq\a0hDCwBN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\barc\tnse.exe
C:\Program Files\Palm\hotsync.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\WinSvc32\MsSvc32.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Documents and Settings\Default\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {4BF2C1B6-A504-824A-27DA-B83B08942194} - C:\DOCUME~1\Default\APPLIC~1\SHIMDU~1\Jump Multi.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: WinSurferHelper Class - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:\WINDOWS\System32\41670d2d.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Lite Plan] C:\DOCUME~1\Default\APPLIC~1\PLATFO~1\TestLicense.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mbbuyf] C:\WINDOWS\System32\r?gedit.exe
O4 - HKCU\..\Run: [Eece] C:\Program Files\barc\tnse.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: MsSvc32.exe
O4 - Global User Startup: MsSvc32.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41xi9rman2.com/ff/inst.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:41:12 PM, on 8/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\wwtrvotq\a0hDCwBN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\barc\tnse.exe
C:\Program Files\Palm\hotsync.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\WinSvc32\MsSvc32.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Documents and Settings\Default\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {4BF2C1B6-A504-824A-27DA-B83B08942194} - C:\DOCUME~1\Default\APPLIC~1\SHIMDU~1\Jump Multi.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: WinSurferHelper Class - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:\WINDOWS\System32\41670d2d.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Lite Plan] C:\DOCUME~1\Default\APPLIC~1\PLATFO~1\TestLicense.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mbbuyf] C:\WINDOWS\System32\r?gedit.exe
O4 - HKCU\..\Run: [Eece] C:\Program Files\barc\tnse.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: MsSvc32.exe
O4 - Global User Startup: MsSvc32.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41xi9rman2.com/ff/inst.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Comments
Close all open windows and run Hijack This. Place a checkmark next to these entries and click "Fix Checked."
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...&LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...&LC=0409&c=1c00
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {4BF2C1B6-A504-824A-27DA-B83B08942194} - C:\DOCUME~1\Default\APPLIC~1\SHIMDU~1\Jump Multi.exe
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: WinSurferHelper Class - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:\WINDOWS\System32\41670d2d.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKCU\..\Run: [Mbbuyf] C:\WINDOWS\System32\r?gedit.exe
O4 - HKCU\..\Run: [Eece] C:\Program Files\barc\tnse.exe
Reboot into safe mode. To enter safe mode tap the f8 button at the start up screen and select safe mode from the menu.
Now go to your add/remove programs list. Remove viewpoint toolbar and newdotnet.
Delete these files or directories if they exist.
c:\windows\SYSTEM\blank.htm
C:\Program Files\NewDotNet
C:\Program Files\barc
C:\Program Files\Viewpoint
C:\WINDOWS\System32\r?gedit.exe
Reboot.
Make sure you can view all hidden files.
Open my computer>click tools>click folder options>
click view tab>check show hidden files>uncheck hide file extensions>click apply>click OK>exit
Post a new log.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:48 PM, on 8/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\ruklimc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\wwtrvotq\a0hDCwBN.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\System32\q9p0io5g.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\WINDOWS\System32\Jqvjlj.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Palm\hotsync.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\WinSvc32\MsSvc32.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Default\Local Settings\Temp\Temporary
Directory 1 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and
Settings\Default\Application
Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins
%5CSBWeb_01.src"); (C:\Documents and Settings\Default\Application
Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-4018-893F-4C3EBCD8B68E} -
C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class -
{4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A1226A6E-A4FF-1C6C-9AC3-E67EA0A8C478} -
C:\WINDOWS\System32\inscdm\flvoybhfew.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no
file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access
Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program
Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.
exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Lite Plan]
C:\DOCUME~1\Default\APPLIC~1\PLATFO~1\TestLicense.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P
Client\warez.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: MsSvc32.exe
O4 - Global User Startup: MsSvc32.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818}
-
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?
s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
{06FE5D02-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?
s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818}
-
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?
s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
{06FE5D03-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?
s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818}
-
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?
s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate -
{06FE5D05-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?
s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape
Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
- http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
http://www.upp2ono41xi9rman2.com/ff/inst.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
-
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
ms-its:mhtml:file://c:\snetextysa.mht!http://snipernet.us/ext1/ysa.chm
::/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
ms-its:mhtml:file://c:\snetexttca.mht!http://snipernet.us/ext1/tca.chm
::/site.ocx
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class)
- http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -
C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:26:30 PM, on 7/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\ruklimc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\wwtrvotq\a0hDCwBN.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\System32\q9p0io5g.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\WINDOWS\System32\Jqvjlj.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Palm\hotsync.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\WinSvc32\MsSvc32.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ProSiteFinder\prositefinderh.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Default\Local Settings\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\bojcgf61.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-4218-AFD7-88CDB49EAFAE} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A1226A6E-A4FF-1C6C-9AC3-E67EA0A8C478} - C:\WINDOWS\System32\inscdm\flvoybhfew.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Lite Plan] C:\DOCUME~1\Default\APPLIC~1\PLATFO~1\TestLicense.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: MsSvc32.exe
O4 - Global User Startup: MsSvc32.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41xi9rman2.com/ff/inst.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\snetextysa.mht!http://snipernet.us/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - ms-its:mhtml:file://c:\snetexttca.mht!http://snipernet.us/ext1/tca.chm::/site.ocx
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
Download Killbox and save the folder to a convenient place. Extract the files from the zipped Killbox folder and place the unzipped folder on your desktop. Exit killbox for now.
Open the start menu. Click run>type msconig>click ok>Click the services tab>look for the service titled SvcProc>untick the box and click apply. Click ok>exit. When asked if you want to restart click restart. Go into safe mode at this time as outlined in the next step.
Boot into safe mode. To enter safe mode reboot>tap f8 at the start up screen>select safe mode from the menu.
Run Hijack This and place a checkmark next to these entries then click Fix Checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {00000000-0000-4218-AFD7-88CDB49EAFAE} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {A1226A6E-A4FF-1C6C-9AC3-E67EA0A8C478} - C:\WINDOWS\System32\inscdm\flvoybhfew.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=1c00&lc=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=1c00&lc=0409 (file missing)
O15 - Trusted Zone: *.sxload.com
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
Delete these files or directories if they exist:
C:\Program Files\ProSiteFinder(if this is a legitimate program you are running then skip this but let me know if it is a program you are running)
C:\WINDOWS\systb.dll
C:\WINDOWS\AuroraHandler.dll
C:\WINDOWS\System32\inscdm
C:\WINDOWS\svcproc.exe
Now open Killbox which I had you download earlier. In the field for the path of file to be deleted copy and paste C:\WINDOWS\Nail.exe into this field. Click delete. When asked if you want to delete on reboot click yes. Follow the on screen instructions to reboot at this point. Let the computer reboot into normal mode again.
Make sure you can view all hidden files and folders.
Run these online scans:
Activescan
bitdefender
Save the scan log from activescan and post those results with a new Hijack This log when finished.