Need some help to find whats causing my pop-ups

Status
Not open for further replies.
C

corwinofamber

Beta member
Messages
2
I use mozilla firefox, and some time ago ie will open and bring up pop-ups. I have tried several different programs like spybot, adaware, norton 2005. I have not been able to figure out what is causing it. I would also appreciate if anyone could look at it and see if there is anything else wrong.

Logfile of HijackThis v1.99.1
Scan saved at 5:32:53 PM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe
C:\Documents and Settings\Thomas Ford\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {4CB94791-8370-45D2-9924-F7CACB3AC839} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {52DC16DD-C32B-4BDB-8109-BF078D7EB9F6} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {9BD5F07B-21AC-495B-8F35-6625302F5B4C} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {B3E5BA79-6BDC-46F4-B616-319437CD0322} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {BC652C7B-170A-4C5F-BC90-0E412E72B4A8} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {C38B875E-FB61-49A8-AB2B-FAADDBB6615B} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {D88E0E74-7F60-408C-AAE4-21827970A8B1} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {E2DA9335-9411-4454-9739-623FD854888C} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {F54D5218-9FDB-4852-A670-7427A6DD47B3} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ohsf] C:\WINDOWS\system32\oupv\ohsf.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ldla] C:\WINDOWS\system32\kbowvt\ldla.exe
O4 - HKLM\..\Run: [wnmr] C:\WINDOWS\system32\dfgedx\wnmr.exe
O4 - HKLM\..\Run: [alsjwba] C:\WINDOWS\system32\bcadtgk\alsjwba.exe
O4 - HKLM\..\Run: [hiub] C:\WINDOWS\system32\sbhtws\hiub.exe
O4 - HKLM\..\Run: [rxti] C:\WINDOWS\system32\cnbqus\rxti.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [qjyhnwgm] C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlarmWiz] C:\Program Files\AlarmWiz\alarmwiz.exe startup
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: alsjwbabcadtgk - Unknown owner - C:\WINDOWS\system32\bcadtgk\alsjwba.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hiubsbhtws - Unknown owner - C:\WINDOWS\system32\sbhtws\hiub.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: qjyhnwgmsbdmb - Unknown owner - C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi corwinofamber

Welcome to Tech Forums


Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's
anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers
when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is
enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When
you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system
folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use
or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we
think is bad to keep).
===============

Right click on this link http://www.greyknight17.com/spy/DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.


Reboot Into "Safe Mode".

===============

Next, Open a command prompt by:

1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).

-

Now, locate and 'stop' the following services, if present:

qjyhnwgmsbdmb owner ... (C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe)

Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services.

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

O1 - Hosts: 216.39.69.102 view.atdmt.com

O2 - BHO: (no name) - {4CB94791-8370-45D2-9924-F7CACB3AC839} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {52DC16DD-C32B-4BDB-8109-BF078D7EB9F6} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {9BD5F07B-21AC-495B-8F35-6625302F5B4C} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {B3E5BA79-6BDC-46F4-B616-319437CD0322} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {BC652C7B-170A-4C5F-BC90-0E412E72B4A8} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {C38B875E-FB61-49A8-AB2B-FAADDBB6615B} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {D88E0E74-7F60-408C-AAE4-21827970A8B1} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {E2DA9335-9411-4454-9739-623FD854888C} - C:\Program Files\32hpco00\32hpco00.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {F54D5218-9FDB-4852-A670-7427A6DD47B3} - C:\Program Files\32hpco00\32hpco00.dll (file missing)

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [ohsf] C:\WINDOWS\system32\oupv\ohsf.exe
O4 - HKLM\..\Run: [ldla] C:\WINDOWS\system32\kbowvt\ldla.exe
O4 - HKLM\..\Run: [wnmr] C:\WINDOWS\system32\dfgedx\wnmr.exe
O4 - HKLM\..\Run: [alsjwba] C:\WINDOWS\system32\bcadtgk\alsjwba.exe
O4 - HKLM\..\Run: [hiub] C:\WINDOWS\system32\sbhtws\hiub.exe
O4 - HKLM\..\Run: [rxti] C:\WINDOWS\system32\cnbqus\rxti.exe
O4 - HKLM\..\Run: [qjyhnwgm] C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: alsjwbabcadtgk - Unknown owner - C:\WINDOWS\system32\bcadtgk\alsjwba.exe
O23 - Service: hiubsbhtws - Unknown owner - C:\WINDOWS\system32\sbhtws\hiub.exe
O23 - Service: qjyhnwgmsbdmb - Unknown owner - C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\WINDOWS\system32\sbdmb
C:\Program Files\CSBB
C:\WINDOWS\system32\oupv
C:\WINDOWS\system32\kbowvt
C:\WINDOWS\system32\dfgedx
C:\WINDOWS\system32\bcadtgk
C:\WINDOWS\system32\sbhtws
C:\WINDOWS\system32\cnbqus

-



===============

Post back a new log, and let me know how everything goes.

-

Lobos.
 
Thanks for the help.

Heres a new hjt, please tell me how it looks.


Logfile of HijackThis v1.99.1
Scan saved at 11:19:29 PM, on 5/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Thomas Ford\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Remove these files at your own risk

C:\WINDOWS\system32\sbdmb\qjyhnwgm.exe This is a unknown process.

O1 - Hosts: 216.39.69.102 view.atdmt.com This entry should be fixed immediately! Must be fixed!

O2 - BHO: (no name) - {4CB94791-8370-45D2-9924-F7CACB3AC839} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([4CB94791-8370-45D2-9924-F7CACB3AC839] - Result: ) has been checked.

O2 - BHO: (no name) - {52DC16DD-C32B-4BDB-8109-BF078D7EB9F6} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([52DC16DD-C32B-4BDB-8109-BF078D7EB9F6] - Result: ) has been checked.

O2 - BHO: (no name) - {9BD5F07B-21AC-495B-8F35-6625302F5B4C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([9BD5F07B-21AC-495B-8F35-6625302F5B4C] - Result: ) has been checked.

O2 - BHO: (no name) - {B3E5BA79-6BDC-46F4-B616-319437CD0322} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([B3E5BA79-6BDC-46F4-B616-319437CD0322] - Result: ) has been checked.

O2 - BHO: (no name) - {BC652C7B-170A-4C5F-BC90-0E412E72B4A8} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([BC652C7B-170A-4C5F-BC90-0E412E72B4A8] - Result: ) has been checked.

O2 - BHO: (no name) - {BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([BCF0A28A-2F5C-4EB9-8B79-A4F9B44000B5] - Result: ) has been checked

O2 - BHO: (no name) - {C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([C14F8B59-4F19-4F7F-A8F4-E437E3EFEC66] - Result: ) has been checked.

O2 - BHO: (no name) - {C38B875E-FB61-49A8-AB2B-FAADDBB6615B} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([C38B875E-FB61-49A8-AB2B-FAADDBB6615B] - Result: ) has been checked.

O2 - BHO: (no name) - {D88E0E74-7F60-408C-AAE4-21827970A8B1} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([D88E0E74-7F60-408C-AAE4-21827970A8B1] - Result: ) has been checked

O2 - BHO: (no name) - {E2DA9335-9411-4454-9739-623FD854888C} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([E2DA9335-9411-4454-9739-623FD854888C] - Result: ) has been checked.

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) Entries found in this registry zone are potentially nasty. This application ([ED103D9F-3070-4580-AB1E-E5C179C1AE41] - Result: ED103D9F-3070-4580-AB1E-E5C179C1AE41) has been checked. Must be fixed!

O2 - BHO: (no name) - {F54D5218-9FDB-4852-A670-7427A6DD47B3} - C:\Program Files\32hpco00\32hpco00.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([F54D5218-9FDB-4852-A670-7427A6DD47B3] - Result: ) has been checked.

O4 - HKLM\..\Run: [ohsf] C:\WINDOWS\system32\oupv\ohsf.exe Unknown application.

O4 - HKLM\..\Run: [rxti] C:\WINDOWS\system32\cnbqus\rxti.exe Unknown application.

O4 - HKLM\..\Run: [hiub] C:\WINDOWS\system32\sbhtws\hiub.exe Unknown application

O4 - HKLM\..\Run: [alsjwba] C:\WINDOWS\system32\bcadtgk\alsjwba.exe Unknown application
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom