system
17
i did it a couple times, and this is what comes up now
Logfile of HijackThis v1.98.0
Scan saved at 5:09:51 AM, on 1/13/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS3\System32\smss.exe
C:\WINDOWS3\system32\winlogon.exe
C:\WINDOWS3\system32\services.exe
C:\WINDOWS3\system32\lsass.exe
C:\WINDOWS3\system32\svchost.exe
C:\WINDOWS3\System32\svchost.exe
C:\WINDOWS3\system32\spoolsv.exe
C:\WINDOWS3\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS3\system32\AvidSDMService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS3\System32\nvsvc32.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\WINDOWS3\System32\ctfmon.exe
C:\WINDOWS3\System32\owncfh.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS3\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=2484
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=2484
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onestepfilms.net/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {1CFD3A75-E168-0DE9-8623-63550EA27B3E} - C:\WINDOWS3\System32\tqvu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS3\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS3\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS3\UpdReg.EXE
O4 - HKLM..\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS3\system32\NeroCheck.exe
O4 - HKLM..\Run: [WebRebates0] “C:\Program Files\Web_Rebates\WebRebates0.exe”
O4 - HKLM..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM..\RunServices: [MSN Update] dllcon.exe
O4 - HKLM..\RunOnce: [tlc] C:\WINDOWS3\update13.js
O4 - HKCU..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS3\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe