I have been trying to rid myself of this spyware/adware/malware and nothing seems to work!! I have been running ad-aware, spybot, spydoctor, and nav. Here's my recent hjt log, if you could review it at your convenience it would be appreciated!!
Logfile of HijackThis v1.98.2
Scan saved at 6:44:36 AM, on 10/13/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\CBA\pds.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\sfmsvc.exe
C:\WINNT\System32\sfmprint.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\windows\services.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Documents and Settings\Administrator\Application Data\uiao.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINNT\System32\mdhdv.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows] C:\WINNT\System32\windows\services.exe
O4 - HKLM\..\Run: [ER] C:\documents and settings\administrator\local settings\temp\ER.exe
O4 - HKLM\..\Run: [46LRFPW3NTJQ6W] C:\WINNT\System32\FebU6s.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Hcwo] C:\Documents and Settings\Administrator\Application Data\uiao.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Zej] C:\WINNT\System32\??oolsv.exe
O4 - HKCU\..\Run: [H0wFRka4V] mdhdv.exe
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {01F9B963-034E-19AA-A9B8-70563B3A0923} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {028A33E2-1F92-7F8B-E43A-1F666F1DBCC2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {07F8A58C-6254-4B14-6D01-1F730026A481} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {084FF3D6-7006-6DAB-4EC6-66D60965C602} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0872401B-55B1-413F-DFEC-44A00896EA96} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {087BE8F3-1411-348C-F378-59C85CC71B25} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {09A0E262-9741-476A-41A7-6FB30C39145F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A5062E2-DDAF-0F19-3252-0A3272C75E36} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0B491097-98FC-5FC8-24E5-2B127D25B921} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0C636709-39DE-5CD1-135B-75311F16DDDE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0D19F062-AB85-0209-7F63-27BE0B471452} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0DB4003D-E69F-69E0-B8D3-48E85F39B66B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0E12B1C7-BB38-5B8D-F697-3E752872FDC2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0F597F1E-C4A0-7D3C-3DE9-2D0E56D267D7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1444F2D7-7762-7854-668F-7F174618EBAB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1456360F-2433-71A4-8C0E-0EAD7578CDF0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {14A42388-F336-5139-954F-7C9066D0374D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1663A7E7-F506-5263-7143-71533DDEF221} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16A6EB97-2251-232A-EF45-782A544FE571} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16BCFFC5-38B1-67EC-EC24-5A3918B77734} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {17F73573-C46A-1DA7-98C4-334179F381ED} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {18A2DD22-CCCF-32F3-48E9-59EB66BC6856} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {18E90232-9D14-026D-AFB6-0B5E7BF26FD3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {190DD67F-45BC-6A0A-211A-3AF063844560} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1CA27709-5C11-3C48-CC62-56F362C4952C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1CAA4E66-C8DD-2DDB-C1A2-409C721C4765} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E6513A2-4F2F-7790-CDB1-2879571C91BC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1F73BACF-AD81-516B-3BF0-3F5E72442A18} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1FC9F445-8950-6B6C-BF8A-10181D2A75BA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2173AB25-9126-3568-8CFB-5CB72498BF57} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {217B8180-7B96-573D-DA34-636922A66AF1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {21F70B8E-BB14-2CDE-0B01-09171FEF1779} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {221736DB-09CF-134E-1B81-06D277893B70} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {22C19275-E06B-00B2-E697-03BD176C416A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {22EC19E6-4DA8-405C-9285-21AF3BD7DFCF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {234442BB-52E7-3FB5-D55E-4E043D1D7729} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2364D039-3E90-52F7-B99C-4A637FF70582} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {23ED3948-385C-7532-09AE-034C095C9696} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {24092744-29C9-6978-8835-740E2D2C8193} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {24FF775F-5AF1-79A3-9C5C-43376DE92F0C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {254ECD50-DC2F-78A0-6738-72BD78F9637F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {25A88FE2-F15D-3C11-CF74-7271501ACCC5} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {264E7C0D-6EE4-2678-43E7-309B1FD2E987} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {265C2653-B4F9-33D1-0BB9-6ED67D079107} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {269C89EC-2666-010F-6259-4D4019E2EF01} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {26EBAAC9-7C6A-21F0-F029-20364886B2C5} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {270E2D70-8733-2384-F059-0D4E4CFD8154} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {277DF009-8E08-59BE-891A-31620FEE5B43} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {29A7AA77-610D-4799-8F33-10E505D67A3D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C74B1C1-DE3E-575E-2B61-160B127E65F9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2C932494-C152-4D40-2FB0-257A19CCBE79} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2D832876-CAC6-5E3C-32E5-753A3E585D95} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2FEFD662-4A0F-633E-9918-349C50276BF2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {30ED810A-5F6F-517E-0D21-65616F952472} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3157DFFE-64A8-518B-50F0-0E145A0EE353} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {33260A34-C9A6-46D9-EF04-5AA233CEADB7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {332B3186-B7DD-7BE9-7615-638D121D12CD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {34189532-1EF8-27CA-733A-575A0CB4D06F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {34427DE3-A71D-7626-C478-6CC852D28BDD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {36666F3E-8C1A-18A2-707D-1F0B01DAD567} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {36A1004B-27FD-6F7C-E2A3-627E74F26D3F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {38781C64-B01E-30B0-2A2A-294660D131C6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3983E346-04F9-688A-D176-46792788B3E9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3A9EDC2B-68D2-5DA2-8CB7-39345B9B7F90} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B0E6A97-C229-4C1C-FE1C-695D3F29A272} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B47C8AB-0BE2-76F2-3D2B-46166D92351D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B78303A-D6BF-467F-0C9E-09A466FCAEC3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {401AD404-885E-399A-75D4-63B6571D3310} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {416E387B-7F40-1DF2-3E46-6C9D55502D3D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {41AC0173-56F3-718B-EF0B-69E775A3A88C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {42C794BC-8CEC-539E-A4FB-48FF027F731D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4371FA8D-D2EF-77C7-B22F-5E1678DA324A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4552C592-7362-0B9D-CF05-66403D57159A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {47264FC3-EAD0-182E-908E-67175E53FE1E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {47AA50E2-BE4E-37FD-1D22-3B671D190ECE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4A11B10B-B482-560A-6595-69A149D556E3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4BD9C27A-1216-6B04-9037-6C252413C907} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4C4F9ADA-88F6-4A97-C5DA-2AC451A3D86E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4C8D87CE-9AE9-7924-A50B-44033FF57D2D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4E9E3DB6-1CE0-6988-041A-152E3F268DE6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {509F6312-84CD-6EFB-8B6C-265A51786017} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {51A6E0AB-B372-078E-B89A-738B424AE03A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {51DBB9E6-D940-351A-18D5-771B59937565} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {540430B7-4693-71D7-7221-03222E699C75} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {552D1591-7E25-76CF-C77D-3E00388A918F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {576E5DAD-0AB8-5BA8-BDE5-4D0C7A95666B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {57E56FE9-0227-60F8-8EC6-381F113649D7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {586FF829-0981-0982-A15D-1144643B3AD1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {58D89212-D0CD-2D6D-3C27-326622E9DC48} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5AE2C382-6E75-4FED-D1BB-036940612A89} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5AF21D84-3C62-085C-3BB9-3B72002EB170} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B2BF4E4-7CBB-2E9A-32AF-2F58299F6283} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B5CAA68-7589-7B88-5B7C-14A929AF5CAF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B90B316-B858-0A5A-7737-546E4A8627AC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5D6807FA-97BE-61E8-5414-77A523546F0F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5DED2823-A234-5EE9-3E4E-1F521F5ED262} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5EC85581-4389-12F1-C0AF-75C86633A041} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5F0BE843-6874-0AEC-7684-07A719679B69} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5F9002A6-B394-346F-4081-691A6B14A5AA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6038A83B-5647-39BD-6483-122409BD7B37} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {605B9912-9DA2-79A9-F516-4C9E6AE3F0A3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {60751739-B331-1079-3ADD-39300F0DAC6A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6169C83D-A9FF-27D6-A287-63C506C010D3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6361BFD2-95F7-2CC3-2062-6A904BA26D8C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {65664EE4-C158-7E61-1F6E-357326BEA6F8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {662FD6EC-8447-3A61-9602-7F0145D91D6F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {66BFD491-0581-06BD-A351-38310260781C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {67F4B894-73D1-010A-BDF6-0D950B98A0ED} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6AF787B5-EDCD-4EDA-1700-5F042031E58C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6B6FA654-E37D-1DD9-6283-7DEB36CD57F0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6CB1FD48-62AB-3CFA-D1C0-2D83132DEAC6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6CFAEE33-950F-1A73-E41A-388B4965B264} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6DEFC59A-A8CE-6A4B-6212-410046CCE490} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6F57A7EF-2BA9-6226-B31A-41FF0BEDC195} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {70C0F087-BE8D-093A-A7E6-1849725B2656} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {711CC12F-D914-143C-5C80-131540361BC8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {714D9784-838E-61AB-6B43-7B20117FC19A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {72BBC104-FE8C-6D18-4EDB-51742F1B078C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {734D774A-B419-4FAB-8397-6A2822A8A6EA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {735343B0-F4AA-5E15-8BE0-3549490E11EA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {767A622B-57E7-6ED6-B49A-5E9133086A5F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {77ACDB70-1E8F-33B8-6774-2201735EF1AC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {78D9DE8C-3C78-1247-58D1-68EC26DB8532} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7AD8D0D3-CFD1-1DB0-BFA4-31B415A1ED8A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7CE3B9DC-8061-3E8C-43FF-32CE5BF9DF1B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7F44C4F3-0C63-3F0F-0DD2-0BAE5B243C3D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7FE09BC4-8EFD-196E-20B0-731F785684AA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7FF925A7-BDE8-708A-9920-4E22118624D0} - http://69.50.188.54/1/gdnUS208.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FORCE.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{A78E6583-71AE-4D3A-BF87-6FBEFA8B8080}: NameServer = 204.246.1.20,204.70.128.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9F303F8-2C58-4D15-98A5-D243C8373984}: NameServer = 204.246.1.20,204.70.128.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FORCE.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FORCE.local
Thank you in advance for your help!!
Mike Koehler
Logfile of HijackThis v1.98.2
Scan saved at 6:44:36 AM, on 10/13/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\CBA\pds.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\sfmsvc.exe
C:\WINNT\System32\sfmprint.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\windows\services.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Documents and Settings\Administrator\Application Data\uiao.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINNT\System32\mdhdv.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows] C:\WINNT\System32\windows\services.exe
O4 - HKLM\..\Run: [ER] C:\documents and settings\administrator\local settings\temp\ER.exe
O4 - HKLM\..\Run: [46LRFPW3NTJQ6W] C:\WINNT\System32\FebU6s.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Hcwo] C:\Documents and Settings\Administrator\Application Data\uiao.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Zej] C:\WINNT\System32\??oolsv.exe
O4 - HKCU\..\Run: [H0wFRka4V] mdhdv.exe
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {01F9B963-034E-19AA-A9B8-70563B3A0923} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {028A33E2-1F92-7F8B-E43A-1F666F1DBCC2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {07F8A58C-6254-4B14-6D01-1F730026A481} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {084FF3D6-7006-6DAB-4EC6-66D60965C602} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0872401B-55B1-413F-DFEC-44A00896EA96} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {087BE8F3-1411-348C-F378-59C85CC71B25} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {09A0E262-9741-476A-41A7-6FB30C39145F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0A5062E2-DDAF-0F19-3252-0A3272C75E36} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0B491097-98FC-5FC8-24E5-2B127D25B921} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0C636709-39DE-5CD1-135B-75311F16DDDE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0D19F062-AB85-0209-7F63-27BE0B471452} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0DB4003D-E69F-69E0-B8D3-48E85F39B66B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0E12B1C7-BB38-5B8D-F697-3E752872FDC2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {0F597F1E-C4A0-7D3C-3DE9-2D0E56D267D7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1444F2D7-7762-7854-668F-7F174618EBAB} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1456360F-2433-71A4-8C0E-0EAD7578CDF0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {14A42388-F336-5139-954F-7C9066D0374D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1663A7E7-F506-5263-7143-71533DDEF221} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16A6EB97-2251-232A-EF45-782A544FE571} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {16BCFFC5-38B1-67EC-EC24-5A3918B77734} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {17F73573-C46A-1DA7-98C4-334179F381ED} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {18A2DD22-CCCF-32F3-48E9-59EB66BC6856} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {18E90232-9D14-026D-AFB6-0B5E7BF26FD3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {190DD67F-45BC-6A0A-211A-3AF063844560} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1CA27709-5C11-3C48-CC62-56F362C4952C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1CAA4E66-C8DD-2DDB-C1A2-409C721C4765} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E6513A2-4F2F-7790-CDB1-2879571C91BC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1F73BACF-AD81-516B-3BF0-3F5E72442A18} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1FC9F445-8950-6B6C-BF8A-10181D2A75BA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2173AB25-9126-3568-8CFB-5CB72498BF57} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {217B8180-7B96-573D-DA34-636922A66AF1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {21F70B8E-BB14-2CDE-0B01-09171FEF1779} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {221736DB-09CF-134E-1B81-06D277893B70} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {22C19275-E06B-00B2-E697-03BD176C416A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {22EC19E6-4DA8-405C-9285-21AF3BD7DFCF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {234442BB-52E7-3FB5-D55E-4E043D1D7729} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2364D039-3E90-52F7-B99C-4A637FF70582} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {23ED3948-385C-7532-09AE-034C095C9696} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {24092744-29C9-6978-8835-740E2D2C8193} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {24FF775F-5AF1-79A3-9C5C-43376DE92F0C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {254ECD50-DC2F-78A0-6738-72BD78F9637F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {25A88FE2-F15D-3C11-CF74-7271501ACCC5} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {264E7C0D-6EE4-2678-43E7-309B1FD2E987} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {265C2653-B4F9-33D1-0BB9-6ED67D079107} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {269C89EC-2666-010F-6259-4D4019E2EF01} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {26EBAAC9-7C6A-21F0-F029-20364886B2C5} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {270E2D70-8733-2384-F059-0D4E4CFD8154} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {277DF009-8E08-59BE-891A-31620FEE5B43} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {29A7AA77-610D-4799-8F33-10E505D67A3D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C74B1C1-DE3E-575E-2B61-160B127E65F9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2C932494-C152-4D40-2FB0-257A19CCBE79} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2D832876-CAC6-5E3C-32E5-753A3E585D95} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {2FEFD662-4A0F-633E-9918-349C50276BF2} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {30ED810A-5F6F-517E-0D21-65616F952472} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3157DFFE-64A8-518B-50F0-0E145A0EE353} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {33260A34-C9A6-46D9-EF04-5AA233CEADB7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {332B3186-B7DD-7BE9-7615-638D121D12CD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {34189532-1EF8-27CA-733A-575A0CB4D06F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {34427DE3-A71D-7626-C478-6CC852D28BDD} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {36666F3E-8C1A-18A2-707D-1F0B01DAD567} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {36A1004B-27FD-6F7C-E2A3-627E74F26D3F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {38781C64-B01E-30B0-2A2A-294660D131C6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3983E346-04F9-688A-D176-46792788B3E9} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3A9EDC2B-68D2-5DA2-8CB7-39345B9B7F90} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B0E6A97-C229-4C1C-FE1C-695D3F29A272} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B47C8AB-0BE2-76F2-3D2B-46166D92351D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {3B78303A-D6BF-467F-0C9E-09A466FCAEC3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {401AD404-885E-399A-75D4-63B6571D3310} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {416E387B-7F40-1DF2-3E46-6C9D55502D3D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {41AC0173-56F3-718B-EF0B-69E775A3A88C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {42C794BC-8CEC-539E-A4FB-48FF027F731D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4371FA8D-D2EF-77C7-B22F-5E1678DA324A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4552C592-7362-0B9D-CF05-66403D57159A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {47264FC3-EAD0-182E-908E-67175E53FE1E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {47AA50E2-BE4E-37FD-1D22-3B671D190ECE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4A11B10B-B482-560A-6595-69A149D556E3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4BD9C27A-1216-6B04-9037-6C252413C907} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4C4F9ADA-88F6-4A97-C5DA-2AC451A3D86E} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4C8D87CE-9AE9-7924-A50B-44033FF57D2D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {4E9E3DB6-1CE0-6988-041A-152E3F268DE6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {509F6312-84CD-6EFB-8B6C-265A51786017} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {51A6E0AB-B372-078E-B89A-738B424AE03A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {51DBB9E6-D940-351A-18D5-771B59937565} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {540430B7-4693-71D7-7221-03222E699C75} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {552D1591-7E25-76CF-C77D-3E00388A918F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {576E5DAD-0AB8-5BA8-BDE5-4D0C7A95666B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {57E56FE9-0227-60F8-8EC6-381F113649D7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {586FF829-0981-0982-A15D-1144643B3AD1} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {58D89212-D0CD-2D6D-3C27-326622E9DC48} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5AE2C382-6E75-4FED-D1BB-036940612A89} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5AF21D84-3C62-085C-3BB9-3B72002EB170} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B2BF4E4-7CBB-2E9A-32AF-2F58299F6283} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B5CAA68-7589-7B88-5B7C-14A929AF5CAF} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5B90B316-B858-0A5A-7737-546E4A8627AC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5D6807FA-97BE-61E8-5414-77A523546F0F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5DED2823-A234-5EE9-3E4E-1F521F5ED262} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5EC85581-4389-12F1-C0AF-75C86633A041} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5F0BE843-6874-0AEC-7684-07A719679B69} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {5F9002A6-B394-346F-4081-691A6B14A5AA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6038A83B-5647-39BD-6483-122409BD7B37} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {605B9912-9DA2-79A9-F516-4C9E6AE3F0A3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {60751739-B331-1079-3ADD-39300F0DAC6A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6169C83D-A9FF-27D6-A287-63C506C010D3} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6361BFD2-95F7-2CC3-2062-6A904BA26D8C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {65664EE4-C158-7E61-1F6E-357326BEA6F8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {662FD6EC-8447-3A61-9602-7F0145D91D6F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {66BFD491-0581-06BD-A351-38310260781C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {67F4B894-73D1-010A-BDF6-0D950B98A0ED} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6AF787B5-EDCD-4EDA-1700-5F042031E58C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6B6FA654-E37D-1DD9-6283-7DEB36CD57F0} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6CB1FD48-62AB-3CFA-D1C0-2D83132DEAC6} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6CFAEE33-950F-1A73-E41A-388B4965B264} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6DEFC59A-A8CE-6A4B-6212-410046CCE490} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {6F57A7EF-2BA9-6226-B31A-41FF0BEDC195} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {70C0F087-BE8D-093A-A7E6-1849725B2656} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {711CC12F-D914-143C-5C80-131540361BC8} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {714D9784-838E-61AB-6B43-7B20117FC19A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {72BBC104-FE8C-6D18-4EDB-51742F1B078C} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {734D774A-B419-4FAB-8397-6A2822A8A6EA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {735343B0-F4AA-5E15-8BE0-3549490E11EA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {767A622B-57E7-6ED6-B49A-5E9133086A5F} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {77ACDB70-1E8F-33B8-6774-2201735EF1AC} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {78D9DE8C-3C78-1247-58D1-68EC26DB8532} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7AD8D0D3-CFD1-1DB0-BFA4-31B415A1ED8A} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7CE3B9DC-8061-3E8C-43FF-32CE5BF9DF1B} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7F44C4F3-0C63-3F0F-0DD2-0BAE5B243C3D} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7FE09BC4-8EFD-196E-20B0-731F785684AA} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {7FF925A7-BDE8-708A-9920-4E22118624D0} - http://69.50.188.54/1/gdnUS208.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FORCE.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{A78E6583-71AE-4D3A-BF87-6FBEFA8B8080}: NameServer = 204.246.1.20,204.70.128.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9F303F8-2C58-4D15-98A5-D243C8373984}: NameServer = 204.246.1.20,204.70.128.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FORCE.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FORCE.local
Thank you in advance for your help!!
Mike Koehler