system
7
here’s the new log after doing all the things I described above
Logfile of HijackThis v1.98.2
Scan saved at 12:08:03 PM, on 10/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sysentry.exe
C:\WINDOWS\System32\svh0st.exe
C:\WINDOWS\System32\zpwxv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\winmplayer.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\wmplayer.exe
C:\WINDOWS\System32\dllmanger.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
c:\media.exe
C:\car.exe
C:\car.exe
c:\media.exe
C:\Documents and Settings\Jeff\Application Data\rrsa.exe
C:\Documents and Settings\Jeff\Desktop\hijackthis.exe
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
N3 - Netscape 7: user_pref(“browser.startup.homepage”, “http://www.google.ca/”); (C:\Documents and Settings\Jeff\Application Data\Mozilla\Profiles\default\qagvdv86.slt\prefs.js)
N3 - Netscape 7: user_pref(“browser.search.defaultengine”, “engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src”); (C:\Documents and Settings\Jeff\Application Data\Mozilla\Profiles\default\qagvdv86.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 52.dll
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM..\Run: [AdaptecDirectCD] “C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe”
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM..\Run: [IPInSightLAN 01] “C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe” -l
O4 - HKLM..\Run: [IPInSightMonitor 01] “C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM..\Run: [IntelliType] “C:\Program Files\Microsoft Hardware\Keyboard\type32.exe”
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM..\Run: [Samsung LBP SM] “C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe” /autorun
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM..\Run: [Microsoft Help] svh0st.exe
O4 - HKLM..\Run: [Win service] zpwxv.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM..\Run: [Windows media service] crsss.exe
O4 - HKLM..\Run: [Media Player] wmplayer.exe
O4 - HKLM..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM..\Run: [Microsoft Connection Manager] dllmanger.exe
O4 - HKLM..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKLM..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM..\RunServices: [Microsoft Help] svh0st.exe
O4 - HKLM..\RunServices: [Win service] zpwxv.exe
O4 - HKLM..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM..\RunServices: [Windows media service] crsss.exe
O4 - HKLM..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM..\RunServices: [Microsoft Connection Manager] dllmanger.exe
O4 - HKLM..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [Mozilla Quick Launch] “C:\Program Files\Netscape\Netscape\Netscp.exe” -turbo
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU..\Run: [Microsoft Connection Manager] dllmanger.exe
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [Pcam] C:\Documents and Settings\Jeff\Application Data\rrsa.exe
O4 - HKCU..\RunOnce: [Windows Messenger] msmsgs.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\Jeff\Desktop\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\Jeff\Desktop\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Jeff\Desktop\DSLite2\DSLite.exe
O9 - Extra ‘Tools’ menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Jeff\Desktop\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=154b113bf9603f46c731d769ed14a3bf2ae0a757064ee9bd5449e0fdd44e86d07944db10fe19f321ee033a2b9400d793bd2bfc09b6fd8079524c2d257aed07c9:008ad1ceed4ba741c45e80016782b89b
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1436a16ccc5adbd58d03/netzip/RdxIE601.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,11/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip..{FE02E67C-E7ED-49C3-A6B1-6EF733ADCB72}: NameServer = 198.235.216.110 209.226.175.224
O19 - User stylesheet: (file missing)