|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry Need some help to find whats causing my pop-upsGo to the Tech-Forums Discussion Home PagePosted by: corwinofamber I use mozilla firefox, and some time ago ie will open and bring up pop-ups. I have tried several different programs like spybot, adaware, norton 2005. I have not been able to figure out what is causing it. I would also appreciate if anyone could look at it and see if there is anything else wrong. Logfile of HijackThis v1.99.1 Scan saved at 5:32:53 PM, on 5/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe C:\Documents and Settings\Thomas Ford\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[/url] O1 - Hosts: 216.39.69.102 view.atdmt.com O2 - BHO: (no name) - {4CB94791-8370-45D2-9924-F7CACB3AC839} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {52DC16DD-C32B-4BDB-8109-BF078D7EB9F6} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {9BD5F07B-21AC-495B-8F35-6625302F5B4C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {B3E5BA79-6BDC-46F4-B616-319437CD0322} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {BC652C7B-170A-4C5F-BC90-0E412E72B4A8} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {C38B875E-FB61-49A8-AB2B-FAADDBB6615B} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {D88E0E74-7F60-408C-AAE4-21827970A8B1} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {E2DA9335-9411-4454-9739-623FD854888C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) O2 - BHO: (no name) - {F54D5218-9FDB-4852-A670-7427A6DD47B3} - C:\Program Files\32hpco00\32hpco00.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ohsf] C:\WINDOWS\system32\oupv\ohsf.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ldla] C:\WINDOWS\system32\kbowvt\ldla.exe O4 - HKLM\..\Run: [wnmr] C:\WINDOWS\system32\dfgedx\wnmr.exe O4 - HKLM\..\Run: [alsjwba] C:\WINDOWS\system32\bcadtgk\alsjwba.exe O4 - HKLM\..\Run: [hiub] C:\WINDOWS\system32\sbhtws\hiub.exe O4 - HKLM\..\Run: [rxti] C:\WINDOWS\system32\cnbqus\rxti.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [qjyhnwgm] C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlarmWiz] C:\Program Files\AlarmWiz\alarmwiz.exe startup O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: Yahoo! Canasta - [url]http://download.games.yahoo.com/games/clients/y/yt1_x.cab[/url] O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/url] O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file) O23 - Service: alsjwbabcadtgk - Unknown owner - C:\WINDOWS\system32\bcadtgk\alsjwba.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hiubsbhtws - Unknown owner - C:\WINDOWS\system32\sbhtws\hiub.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: qjyhnwgmsbdmb - Unknown owner - C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Posted by: Lobos Hi corwinofamber Welcome to Tech Forums Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should [b]not[/b] have any open browsers when you are following the procedures below. Go to [b]My Computer->Tools/View->Folder Options->View[/b] tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that [b]Search system folders[/b], [b]Search hidden files and folders[/b], and [b]Search subfolders[/b] are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). =============== Right click on this link [url]http://www.greyknight17.com/spy/DelO15Domains.inf[/url] and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. Reboot Into "[url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam]Safe Mode[/url]". =============== Next, Open a [b]command prompt[/b] by: 1. Clicking "[b]Start[/b]", then "[b]Run...[/b]". 2. Enter "[b]cmd[/b]" ([i]without the quotes[/i]). 3. Enter "[b]services.msc[/b]" ([i]without the quotes[/i]). - Now, locate and '[b][i]stop[/i][/b]' the following services, if present: [b][color=#ff0000]qjyhnwgmsbdmb owner[/color][/b] ... ([b][i]C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe[/i][/b]) Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services. =============== Run [b]HiJackThis[/b] then: 1. Click "[b][i]Config...[/i][/b]" 2. Click "[b][i]Misc Tools[/i][/b]" 3. Click "[b][i]Open Process manager[/i][/b]" - Next, while holding down the [b]CTRL[/b] key, locate ([i]if present[/i]) and click on ([i]highlight[/i]) each of the following: [b][color=#000000]C:\WINDOWS\system32\sbdmb\[/color][color=#ff0000]qjyhnwgm.exe[/color][/b] Now double-check and make sure that only those item(s) above are highlighted, then click "[b][i]Kill process[/i][/b]". Now, click "[b][i]Refresh[/i][/b]", check again, and repeat this step if any remain. =============== Run [b]HiJackThis[/b] and click "[b][i]Scan[/i][/b]", then check(tick) the following, if present: [color=#9933cc][b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] [/b][/color] [color=#9933cc][b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] [/b][/color] [color=#9933cc][b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] [/b][/color] [color=#9933cc][b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] [/b][/color] [color=#9933cc][b] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] [/b][/color] [color=#9933cc][b] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] [/b][/color] [color=#9933cc][b] O1 - Hosts: 216.39.69.102 view.atdmt.com [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {4CB94791-8370-45D2-9924-F7CACB3AC839} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {52DC16DD-C32B-4BDB-8109-BF078D7EB9F6} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {9BD5F07B-21AC-495B-8F35-6625302F5B4C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {B3E5BA79-6BDC-46F4-B616-319437CD0322} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {BC652C7B-170A-4C5F-BC90-0E412E72B4A8} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {C38B875E-FB61-49A8-AB2B-FAADDBB6615B} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {D88E0E74-7F60-408C-AAE4-21827970A8B1} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {E2DA9335-9411-4454-9739-623FD854888C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {F54D5218-9FDB-4852-A670-7427A6DD47B3} - C:\Program Files\32hpco00\32hpco00.dll (file missing) [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [ohsf] C:\WINDOWS\system32\oupv\ohsf.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [ldla] C:\WINDOWS\system32\kbowvt\ldla.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [wnmr] C:\WINDOWS\system32\dfgedx\wnmr.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [alsjwba] C:\WINDOWS\system32\bcadtgk\alsjwba.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [hiub] C:\WINDOWS\system32\sbhtws\hiub.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [rxti] C:\WINDOWS\system32\cnbqus\rxti.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [qjyhnwgm] C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe [/b][/color] [color=#9933cc][b] O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file) [/b][/color] [color=#9933cc][b] O23 - Service: alsjwbabcadtgk - Unknown owner - C:\WINDOWS\system32\bcadtgk\alsjwba.exe [/b][/color] [color=#9933cc][b] O23 - Service: hiubsbhtws - Unknown owner - C:\WINDOWS\system32\sbhtws\hiub.exe [/b][/color] [color=#9933cc][b] O23 - Service: qjyhnwgmsbdmb - Unknown owner - C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe [/b][/color] Now, with all windows closed except [b]HiJackThis[/b], click "[b][i]Fix checked[/i][/b]". =============== Locate and [color=#ff0000][i]delete the following item(s)[/i][/color], if present. Make sure your able to view system and hidden files/ folders: [i]folders...[/i] [b]C:\WINDOWS\system32\[color=#ff0000]sbdmb[/color][/b] [b]C:\Program Files\[color=#ff0000]CSBB[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]oupv[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]kbowvt[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]dfgedx[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]bcadtgk[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]sbhtws[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]cnbqus[/color][/b] - =============== Post back a new log, and let me know how everything goes. - Lobos. Posted by: corwinofamber Thanks for the help. Heres a new hjt, please tell me how it looks. Logfile of HijackThis v1.99.1 Scan saved at 11:19:29 PM, on 5/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Thomas Ford\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[/url] O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Canasta - [url]http://download.games.yahoo.com/games/clients/y/yt1_x.cab[/url] O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/url] O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Posted by: Warez Monster Remove these files at your own risk C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe This is a unknown process. O1 - Hosts: 216.39.69.102 view.atdmt.com This entry should be fixed immediately! Must be fixed! O2 - BHO: (no name) - {4CB94791-8370-45D2-9924-F7CACB3AC839} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([4CB94791-8370-45D2-9924-F7CACB3AC839] - Result: ) has been checked. O2 - BHO: (no name) - {52DC16DD-C32B-4BDB-8109-BF078D7EB9F6} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([52DC16DD-C32B-4BDB-8109-BF078D7EB9F6] - Result: ) has been checked. O2 - BHO: (no name) - {9BD5F07B-21AC-495B-8F35-6625302F5B4C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([9BD5F07B-21AC-495B-8F35-6625302F5B4C] - Result: ) has been checked. O2 - BHO: (no name) - {B3E5BA79-6BDC-46F4-B616-319437CD0322} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([B3E5BA79-6BDC-46F4-B616-319437CD0322] - Result: ) has been checked. O2 - BHO: (no name) - {BC652C7B-170A-4C5F-BC90-0E412E72B4A8} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([BC652C7B-170A-4C5F-BC90-0E412E72B4A8] - Result: ) has been checked. O2 - BHO: (no name) - {BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5] - Result: ) has been checked O2 - BHO: (no name) - {C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66] - Result: ) has been checked. O2 - BHO: (no name) - {C38B875E-FB61-49A8-AB2B-FAADDBB6615B} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([C38B875E-FB61-49A8-AB2B-FAADDBB6615B] - Result: ) has been checked. O2 - BHO: (no name) - {D88E0E74-7F60-408C-AAE4-21827970A8B1} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([D88E0E74-7F60-408C-AAE4-21827970A8B1] - Result: ) has been checked O2 - BHO: (no name) - {E2DA9335-9411-4454-9739-623FD854888C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([E2DA9335-9411-4454-9739-623FD854888C] - Result: ) has been checked. O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) Entries found in this registry zone are potentially nasty. This application ([ED103D9F-3070-4580-AB1E-E5C179C1AE41] - Result: ED103D9F-3070-4580-AB1E-E5C179C1AE41) has been checked. Must be fixed! O2 - BHO: (no name) - {F54D5218-9FDB-4852-A670-7427A6DD47B3} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([F54D5218-9FDB-4852-A670-7427A6DD47B3] - Result: ) has been checked. O4 - HKLM\..\Run: [ohsf] C:\WINDOWS\system32\oupv\ohsf.exe Unknown application. O4 - HKLM\..\Run: [rxti] C:\WINDOWS\system32\cnbqus\rxti.exe Unknown application. O4 - HKLM\..\Run: [hiub] C:\WINDOWS\system32\sbhtws\hiub.exe Unknown application O4 - HKLM\..\Run: [alsjwba] C:\WINDOWS\system32\bcadtgk\alsjwba.exe Unknown application Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |